FEBOLog in

Privacy Policy

Last updated: March 27, 2026

FEBOAPP OÜ ("FEBO," "we," "us") operates febo.app. This policy explains what data we collect, why, and how we protect it.

FEBOAPP OÜ is registered in Tallinn, Estonia. We comply with the EU General Data Protection Regulation (GDPR).

What we collect

Account data. When you sign in with Google, we receive your name and email address from Google. We do not receive or store your Google password.

Business data you enter. Project names, task names, budgets, hourly rates, worked hours, cash on hand, monthly costs, and other financial figures you enter into FEBO. This data is yours.

Client data you enter. Client names, business addresses, and IBAN numbers you enter for invoicing purposes.

Your business information. Your business name, address, and other details you provide in settings.

Usage data. We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies and does not track individual users. We see aggregate page views and referral sources. We cannot identify you from this data.

Session data. Authentication tokens to keep you signed in securely.

Payment data. Payments are processed by Paddle.com (our Merchant of Record). When you subscribe, Paddle collects your payment information (card details, billing address). We never see or store your full card number. Paddle shares with us: your email, country, subscription status, and transaction history. Paddle's privacy policy governs how they handle your payment data: paddle.com/legal/privacy.

What we do not collect

We do not collect data from your bank accounts. We do not connect to banking APIs. All financial figures in FEBO (cash, budgets, rates) are entered by you manually.

We do not see or store your credit card number — Paddle handles all payment processing. We do not use cookies for tracking. We do not run Google Analytics. We do not serve ads. We do not sell data to anyone.

Why we collect it

We collect account data to authenticate you and provide the service. We collect business and client data because that is what FEBO does — it helps you track your work and finances. We collect usage data to understand how the product is used in aggregate, not individually.

Legal basis (GDPR Article 6): Contract performance (providing the service you signed up for) and legitimate interest (improving the service based on aggregate usage patterns).

Where your data is stored

All data is stored in the European Union. Our database is hosted on Supabase in the EU (Frankfurt). Our application server runs on Render.

We do not transfer your data outside the EU except through Google OAuth (governed by Google's data processing terms and EU Standard Contractual Clauses).

Who can access your data

Only you. We do not share, sell, or provide your data to third parties. Our team may access data only for technical support purposes, and only if you request help.

Third-party services we use:

  • Google OAuth — authentication only
  • Paddle.com — payment processing (Merchant of Record). Receives: your email, billing country, payment method. See paddle.com/legal/privacy
  • Supabase (EU) — database hosting
  • Render — application hosting
  • Plausible Analytics — anonymous, aggregate usage statistics

None of these services receive your project data, client data, or financial figures you enter into FEBO, except Paddle which receives only what is needed to process your subscription payment.

How long we keep it

We keep your data for as long as your account is active. If you delete your account, we delete all your data within 30 days. Backups are purged within 90 days.

Your rights under GDPR

You have the right to:

  • Access your data — export everything from your account at any time
  • Correct your data — edit any information in your account
  • Delete your data — delete your account and all associated data
  • Port your data — export in a standard format
  • Object to processing — contact us to discuss
  • Withdraw consent — delete your account at any time

To exercise these rights, email info@febo.app or delete your account directly in the app.

Data security

All connections use HTTPS/TLS encryption. Data at rest is encrypted. Authentication tokens are stored securely. We do not store passwords — Google handles authentication.

Client IBAN numbers are stored encrypted and are only used to populate your invoices.

No system is 100% secure. We take reasonable measures to protect your data and will notify you and the relevant authorities within 72 hours if a breach occurs, as required by GDPR.

Children

FEBO is a business tool. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, contact us and we will delete it.

Changes

If we change this policy, we will update the date above and notify you by email. Material changes take effect 30 days after notification.

Data controller

FEBOAPP OÜ
Tallinn, Estonia
info@febo.app

You may also contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) if you have concerns about how we handle your data.

Terms

·

Privacy

FEBOAPP OÜ · Tallinn, Estonia · © 2026