Back to home

Privacy Policy

How Faltan collects, uses and protects your data — and the rights you have over it.

1. Who is responsible

Faltan is an independent project that decides how your data is processed (the "data controller"). For any privacy question or to exercise your rights, contact legal@faltan.app.

2. What we collect

Account: your email (for sign-in) and, if you choose, a display name, username and avatar. Collection: the items you track, duplicates and wishlists. Community: chat messages, trade and Marketplace listings, photos you upload, ratings. Location: an approximate area you choose for trading (see section 7). Technical: device/browser data, push-notification tokens if you enable them, and basic usage analytics. We do not ask for your real name, address, phone or payment details, and OCR scanning happens on your device — scanned images are never uploaded.

3. How we use your data

To run the service: sync your collection across devices, match you with nearby trades, power chat and the Marketplace, send the emails and notifications you ask for, keep the service safe (moderation, anti-abuse, anti-fraud), and understand aggregate usage to improve the app. To suggest trades we rank potential matches by how much your tracked items overlap with others' and by approximate distance — this is a recommendation, not a decision with legal effects, and paid plans can boost visibility. We do not sell your data and do not use it for third-party advertising.

4. Legal bases (GDPR)

We process data to perform our contract with you (providing the app), on legitimate interests (security, abuse prevention, improving the service), with your consent (optional analytics cookies, push notifications, optional location), and to comply with legal obligations. You can withdraw consent at any time.

5. Cookies and analytics

We use strictly-necessary cookies to keep you signed in and remember your preferences (no consent needed), and optional analytics that only run after you accept in the cookie banner. See our Cookie Policy for the full list and how to change your choice. Any privacy-friendly analytics we use are configured to avoid identifying you personally.

6. Who processes data for us

We rely on trusted providers that act on our instructions: Supabase (database, authentication, file storage), Vercel (hosting/CDN, and the edge layer that derives an approximate region from your IP), an email provider for sign-in and notifications, OpenFreeMap for the trade-map tiles, your browser's push service (Apple, Google or Mozilla) if you enable notifications, and Google Analytics for usage analytics — which only runs with your consent (we may also use the cookieless Plausible). Each receives only the data needed for its function. We do not share your data with anyone else except where required by law or to protect users.

7. Location privacy

Trading uses an approximate location by default: your point is snapped to a coarse grid so others see a rough area, never your exact spot, and repeated posts cannot be averaged to pinpoint you. Sharing an exact location is opt-in and limited. Photos you upload have their EXIF/GPS metadata stripped on your device before upload. You can change or remove your location at any time.

8. International transfers

Our providers may process data on servers outside your country. Where that happens, transfers rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses or the EU–US Data Privacy Framework) so your data keeps an equivalent level of protection.

9. How long we keep it

We keep your data while your account is active. When you delete your account, we purge your profile, collection, listings, photos, messages and feedback across our systems; some records may be retained briefly where the law requires or to prevent abuse, and certain safety records — and minimal proof that you accepted these terms — are anonymised or kept under our legitimate interest rather than deleted.

10. Your rights

You can access, correct, delete, export (portability), restrict or object to the processing of your data, and withdraw consent at any time. Several of these are built in: edit your profile, manage your notification and cookie choices, and delete your account from the app whenever you want. For access or a copy/export of your data — or any request we don't yet self-serve — write to legal@faltan.app and we'll respond within the time the law allows (normally one month). You also have the right to complain to your local data-protection authority.

11. How to exercise your rights

Use the in-app controls (edit profile, manage emails/notifications, delete account) or write to legal@faltan.app. We will respond within the timeframe required by law.

12. Children

Faltan is not directed to children under 16 and we do not knowingly collect their data. If we learn that an under-age account exists, we will remove it. If you believe a child has given us data, contact legal@faltan.app.

13. Security

We protect your data with encryption in transit, row-level access controls and access limited to what's necessary. No system is perfectly secure, so we cannot guarantee absolute security — but we work to keep your data safe and will act on any incident.

14. Changes to this policy

We may update this policy as the app evolves. When changes are material we will give reasonable notice in the app. The "last updated" date below always reflects the current version.

15. Contact

Privacy questions or requests: legal@faltan.app.

Last updated: June 2026