Privacy Policy

Fatto ("Fatto", "we", "us") is operated by FopyLabs (Luca Capone), based in Luxembourg. Fatto is an iOS app and website (getfatto.com) that turns DIY and home improvement videos into structured project cards. This policy explains what data we collect, why we collect it, who processes it, and what rights you have. We've kept it in plain language on purpose.

The short version: we collect the minimum we need to run the app. We don't show ads, we don't sell your data, and we don't track you across other apps or websites.

Account data

• Email address - used to create your account, sign you in, and send essential service emails (like password resets).
• Password - if you sign up with email and password, your password is hashed by Supabase Auth. We never see or store it in plain text.
• Sign in with Apple identifier - if you use Sign in with Apple, we receive a unique identifier from Apple (and your email, or Apple's private relay email if you choose to hide it). We don't receive your Apple password.

Your content

Everything you create or save in Fatto is stored so we can show it back to you and sync it across your devices:

• Projects you save, including titles and thumbnails
• Materials, tools, steps, and cut lists in those projects
• Collections you create
• Your shopping list items
• The URLs you submit for import (for example, a TikTok or YouTube link)

Product analytics

After you sign in, we collect basic product analytics (for example, which features get used and where people get stuck). These events are linked to your account ID so we can understand real usage and improve the app. See section 3 for details and how to opt out.

• We don't show ads, and there are no ad networks in the app.
• We don't sell your data. Not to anyone, not ever.
• We don't track you across other companies' apps or websites, and we don't use cross-app advertising identifiers.
• We don't collect your contacts, location, photos, or anything else that isn't listed in this policy.

We use a small number of service providers (processors) to run Fatto. Each one only receives what it needs to do its job:

• Supabase - hosts our database, authentication, and storage. Your account data and content live on Supabase infrastructure in the EU (Frankfurt, Germany region).
• Anthropic - powers the AI extraction. When you submit a link, we fetch the publicly available page text and captions for that link and send that text to Anthropic's API, which returns the structured project card. This content is sent for processing only. Under Anthropic's API terms, it isn't used to train their models.
• Apple - handles all subscription billing through your Apple ID. We never see your payment card details. Apple's own privacy policy applies to the payment process.
• PostHog - our product analytics tool. After you sign in, usage events are sent to PostHog linked to your account ID. We use this to understand which features matter and to fix what's broken.

Analytics opt-out: if you'd rather not be included in product analytics, email us at support@getfatto.com and we'll exclude your account.

We keep your account data and content for as long as you have an account. That's it. There's no separate archive and no shadow copy kept after you leave.

Account deletion: you can delete your account directly inside the app (Settings, Delete account). Deletion is immediate and wipes everything: your account, projects, collections, shopping lists, saved URLs, and associated analytics identifiers. This can't be undone.

If you're in the EU/EEA (and honestly, wherever you are), you have the right to:

• Access - get a copy of the personal data we hold about you.
• Rectification - correct data that's wrong or incomplete.
• Erasure - have your data deleted (or just use in-app account deletion, which is faster).
• Portability - receive your data in a structured, machine-readable format.

To exercise any of these, email support@getfatto.com from the address on your account. We'll respond within 30 days. You also have the right to lodge a complaint with your local data protection authority. In Luxembourg, that's the CNPD.

Fatto isn't directed at children under 13, and we don't knowingly collect data from them. If you believe a child under 13 has created an account, contact us and we'll delete it.

Your data is transmitted over encrypted connections (TLS) and stored on Supabase infrastructure in the EU. Passwords are hashed, never stored in plain text. No system is perfectly secure, but we keep our surface area small on purpose: fewer services, fewer places for things to go wrong.

If we change this policy, we'll update the date at the top and post the new version here. If a change is significant (for example, a new processor or a new category of data), we'll notify you by email or in the app before it takes effect. Continued use after that means you accept the updated policy.

FopyLabs (Luca Capone), Luxembourg
Email: support@getfatto.com

Questions about privacy, data requests, or anything in this policy are welcome. A real person reads every email.