Privacy Policy – FirstACL

Last updated: 19 November 2025

1. Intro

This Privacy Policy explains how FirstACL (“FirstACL”, “we”, “our”, or “us”) collects, uses, discloses, and protects personal data when you use any of our mobile applications and related online services (together, the “Services”).

For the purposes of applicable data protection laws (including the EU General Data Protection Regulation – “GDPR”), FirstACL acts as the data controller for personal data processed in connection with the Services.

2. Scope and Applicability

This Privacy Policy applies to all mobile apps published by FirstACL, as well as any associated websites, cloud services, or APIs that link to or reference this Policy.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Because we operate multiple apps (for example, but not limited to, apps for productivity, content creation, AI-powered assistants, or cooking/recipe generation), some data practices may apply only to certain apps or features. Where relevant, we will provide additional in-app notices or settings to explain those specific practices.

3. Information We Collect

Depending on which Services and features you use, we may collect the following categories of information:

3.1 Information You Provide Directly

• Account and Contact Information

◦ Name, username or display name

◦ Email address or other contact details

◦ Password or authentication credentials (where applicable)

• Content You Submit

◦ Text, images, photos, videos, audio, documents, or other files you upload or create within the Services

◦ For example, some apps may allow you to upload photos, record voice input, or enter free-form text to generate content, recommendations, or other outputs.

• Communications and Support

◦ Messages you send to us (e.g. support requests, bug reports, feedback)

◦ Information you provide when you participate in surveys, beta programs, or user research

3.2 Device and Usage Data

We may automatically collect certain technical information when you use the Services, such as:

• Device identifiers (e.g. device model, operating system, language, time zone)

• IP address and approximate region (not precise GPS location unless explicitly enabled)

• App version, settings, and configuration

• Crash logs, performance data, and diagnostic information

• In-app events and interactions (for example, which screens are viewed, which features are used)

This information helps us keep the Services secure, stable, and easy to use.

3.3 Location Information

Some Services may request access to your location data (for example, to localize content or comply with regional legal requirements).

• We will only access location data where this is necessary for a feature and where you have granted permission through your device settings.

• You can disable location permissions at any time in your device’s operating system settings.

3.4 Financial and Transaction Data

When you make in-app purchases or subscriptions, payment data is primarily processed by the relevant app store (e.g. Apple App Store, Google Play) or by our third-party payment providers.

• We may receive limited information about your transactions from these providers, such as:

◦ the fact that a purchase or subscription was made

◦ the product or plan purchased

◦ the date and time of the transaction

• We do not receive or store your full payment card number or bank account details from the app stores.

4. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate the Services

◦ Creating and managing user accounts

◦ Enabling app features and functionality

◦ Processing in-app purchases and subscriptions

• To improve and personalize the Services

◦ Understanding how our apps are used

◦ Fixing bugs, preventing crashes, and optimizing performance

◦ Developing new features and user experiences

• To provide support and communicate with you

◦ Responding to support requests, feedback, and questions

◦ Sending important service or security-related notices

• To ensure safety, security, and legal compliance

◦ Detecting and preventing fraud, abuse, or misuse

◦ Complying with legal obligations and responding to lawful requests from public authorities

We do not sell your personal data, including your voice data or user-generated content.

5. Legal Bases for Processing (EEA/UK Users)

Where GDPR or similar laws apply, we rely on one or more of the following legal bases to process your personal data:

• Performance of a contract

When processing is necessary to provide the Services, create and manage your account, or fulfill our agreement with you.

• Legitimate interests

To develop and improve our products, maintain security, prevent fraud, and understand how users interact with the Services, provided these interests are not overridden by your rights and interests.

• Legal obligations

When processing is required to comply with applicable laws, regulations, or court orders (for example, keeping certain records for tax or accounting purposes).

• Consent

For certain optional processing, such as some analytics or AI features, or access to device permissions (camera, microphone, location), we may rely on your consent. You can withdraw your consent at any time via in-app settings or your device settings, where applicable.

6. When We Share Your Information

We do not sell your personal data to third parties. We may share your information only in these limited circumstances:

• Service Providers and Partners

We work with trusted third-party providers who help us operate, support, or analyze the Services (for example, cloud hosting, analytics, crash reporting, customer support tools, or payment processors).

These providers are contractually obligated to process personal data only on our behalf and in accordance with this Policy and applicable law.

• Third-Party AI Providers

Some Services may send your content (for example, text, images, or other inputs) to third-party AI platforms in order to generate responses, suggestions, or other outputs.

Where this occurs, we will clearly disclose it within the relevant Service and, where required by law, we will obtain your explicit consent before sharing personal data with such third-party AI providers.

We take steps to ensure these providers implement appropriate safeguards and are not permitted to use your data for their own unrelated purposes.

• App Stores and Platform Operators

When you download our apps or make purchases, certain data is shared with the platform provider (for example, Apple or Google) in accordance with their own terms and privacy policies.

• Business Transfers

In connection with a merger, acquisition, restructuring, or sale of all or part of our business, your information may be transferred to the relevant third parties as part of that transaction. We will take appropriate steps to ensure the confidentiality of your data and to notify you where required by law.

• Legal and Safety Requirements

We may disclose information if we believe in good faith that it is necessary to:

◦ Comply with a legal obligation or lawful request

◦ Protect the rights, property, or safety of FirstACL, our users, or others

◦ Detect, prevent, or address fraud, security, or technical issues

• With Your Consent

We may share your information with other parties when you specifically direct us to do so, or when you have given your consent.

We do not share your personal data with third parties for their own marketing purposes.

7. International Data Transfers

Because we may use service providers and infrastructure located outside of your country (including outside the European Economic Area), your personal data may be transferred to and processed in other jurisdictions.

Where such transfers involve countries that do not provide an equivalent level of data protection, we implement appropriate safeguards (such as standard contractual clauses) to protect your data, as required by applicable law.

8. Data Retention

We retain personal data only for as long as it is reasonably necessary to:

• Provide and maintain the Services you use

• Comply with legal, tax, or accounting obligations

• Resolve disputes and enforce our agreements

Retention periods may vary depending on the type of data and the context of processing. For example:

• Account data is generally kept for as long as your account remains active.

• Usage and analytics data may be stored for a shorter, aggregated period where possible.

• Certain transaction records may need to be retained for a number of years under legal or tax rules.

When data is no longer needed, we will delete it or irreversibly anonymize it.

9. Your Rights and Choices

Subject to applicable law, you may have some or all of the following rights with respect to your personal data:

• Access – Request confirmation of whether we process your personal data and receive a copy of that data.

• Rectification – Request the correction of inaccurate or incomplete personal data.

• Erasure (“Right to be Forgotten”) – Request deletion of your personal data, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent.

• Restriction – Request that we limit the processing of your data in certain circumstances.

• Data Portability – Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller where technically feasible.

• Objection – Object to certain processing based on our legitimate interests, on grounds relating to your particular situation.

• Withdraw Consent – Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise your rights, please contact us at [email]. We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with your local data protection authority. In France, this is the Commission Nationale de l’Informatique et des Libertés (CNIL).

10. Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

11. Security of Your Information

We implement technical and organizational measures designed to protect your personal data from unauthorized access, use, alteration, or destruction.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we work to protect your information, we cannot guarantee absolute security.

12. Third-Party Services and Links

Our Services may include links to third-party websites, content, services, or integrations (for example, external login providers, AI platforms, analytics services, or content platforms).

This Privacy Policy does not apply to third-party services. Their own privacy policies and terms govern how they handle your data. We encourage you to review the privacy policies of any third-party services you use.

13. Cookies, SDKs, and Similar Technologies

Some of our apps and websites may use cookies, software development kits (SDKs), or similar technologies to:

• Remember your preferences and settings

• Measure usage and performance

• Diagnose crashes and technical issues

• Improve our features and user experience

Where required by law, we will obtain your consent before using non-essential cookies or similar technologies, and you can change your preferences at any time through in-app or browser settings, where available.

14. In-App Purchases, Subscriptions, and Payments

If you make purchases or subscribe to paid features within our apps:

• Payments are processed by the app store platform (such as Apple App Store or Google Play) and/or by our payment partners.

• We do not collect or store your complete payment card details.

• You can manage or cancel your subscriptions through your app store account settings, in accordance with that platform’s policies.

15. AI Features and Automated Decision-Making

Some Services may use artificial intelligence or machine learning to provide features such as content generation, recommendations, summarization, or analysis of user inputs.

• When you use such features, your inputs (e.g. text, images, or other content) may be processed by FirstACL systems and/or by third-party AI providers, as described in Section 6.

• We design these features to assist and augment users, not to make legally binding or similarly significant decisions about you without human involvement.

• Where required by law, we will provide additional information and obtain your consent before using AI features that significantly affect your rights or interests.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our Services or legal requirements.

When we make material changes, we will update the “Last updated” date at the top of this Policy and, where appropriate, notify you in-app or by other reasonable means.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:

FirstACL

31–35 rue de la Fédération

75015 Paris

France

Email: [email]