Privacy Policy

Last updated: February 2026

1. Data Controller

Facet Cloud is operated by Jed Esposito. For any questions regarding data processing or to exercise your rights under applicable data protection law, contact us at [email protected].

2. What Data We Collect

We collect the following information when you use Facet Cloud:

  • Account information: Email address, password (stored as a bcrypt hash)
  • Payment information: Billing details processed securely through Stripe. We do not store your credit card numbers.
  • Site content: The content you create and publish on your Facet site, including text, images, and files
  • Usage analytics: Page views, referrer data, country-level location, and browser information for your analytics dashboard
  • Technical data: Server logs, IP addresses, and request data necessary for operating the Service

3. How We Use Your Data

We use the data we collect for the following purposes:

  • Service delivery: Provisioning, hosting, and maintaining your Facet site
  • Billing: Processing payments and managing your subscription
  • Abuse prevention: Detecting and preventing violations of our Terms of Service
  • Service improvement: Understanding usage patterns to improve Facet Cloud
  • Communication: Sending essential service notifications (account, billing, security)

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b)): Processing necessary to deliver the Service, including site hosting, account management, and billing.
  • Legitimate interests (Art. 6(1)(f)): Processing necessary for security, abuse prevention, and service improvement, where those interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): Where we rely on consent (e.g., optional marketing communications), you can withdraw it at any time by contacting us or using the unsubscribe link provided.

5. Third Parties

We share data with the following third-party services, solely for the purpose of operating Facet Cloud:

  • Stripe — Payment processing. Stripe handles all credit card data under their own privacy policy.
  • Hetzner — Server hosting. Your site data is stored on Hetzner infrastructure in Helsinki, Finland (EU).
  • Resend — Transactional email delivery for account notifications.
  • Cloudflare — DNS management and CDN. Cloudflare processes request data for DNS resolution and performance.

All fonts are self-hosted. No third-party font loading services (such as Google Fonts) are used.

We do not sell, rent, or share your personal data with any other third parties for marketing or advertising purposes.

6. International Data Transfers

Your data is primarily stored and processed within the European Union. Where transfers to countries outside the EU/EEA occur, we ensure appropriate safeguards are in place:

  • Hetzner — Helsinki, Finland (EU). No international transfer.
  • Cloudflare — May process data in the US for CDN and DNS services. Covered by the EU-US Data Privacy Framework.
  • Stripe — Payment processing in the US. Covered by the EU-US Data Privacy Framework.
  • Resend — Email delivery in the US. Covered by standard contractual clauses (SCCs).

7. Data Retention

  • Active accounts: Your data is retained for as long as your account is active.
  • Deleted accounts: When you delete your account or your account is terminated, all associated data (site content, configuration, analytics) will be permanently purged within 30 days.
  • Billing records: Payment records may be retained as required by applicable tax and accounting laws.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Erasure (Art. 17): Request deletion of your account and all associated data.
  • Restrict processing (Art. 18): Request that we limit how we process your data in certain circumstances (e.g., while we verify its accuracy).
  • Data portability (Art. 20): Request your data in a structured, commonly used, machine-readable format. Facet Cloud stores your data in PocketBase, and we can provide a full export on request.
  • Object (Art. 21): Object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds.
  • Lodge a complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority (supervisory authority). A list of EU DPAs is available on the European Data Protection Board website.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Contact

For questions about this Privacy Policy, please contact us at [email protected].