Privacy Notice

Last updated: May 26, 2026

This Privacy Notice explains how Fair Ai ("Fair Ai", "we", "us") collects, uses, shares and protects personal data when you use our website at alfaer.ai and the related services (the "Service").

1. Controller

Fair Ai is the data controller responsible for the personal data processed in connection with the Service. You can contact us via the support channels in the application.

2. Personal Data We Collect

• Account data — name, email address, password hash, authentication identifiers (e.g. Google sign-in identifiers).
• Profile and preferences — language, plan, and subscription status.
• Content you submit — files you upload for conversion and any prompts or instructions you provide, and the resulting outputs.
• Usage data — conversion counts, feature usage, quotas, and analytics events.
• Device and technical data — IP address, browser type, device identifiers, log timestamps, error reports.
• Communications — support messages, newsletter subscription status.

Payment card details are collected and processed directly by our Merchant of Record, Paddle, and are not stored by Fair Ai.

3. Purposes and Legal Bases

• Provide the Service — create your account, process your files, deliver conversion results, enforce quotas. Legal basis: performance of a contract.
• Billing and order fulfilment — manage subscriptions and entitlements based on Paddle webhook events. Legal basis: performance of a contract and legal obligation.
• Security and fraud prevention — detect abuse, unauthorized access and malicious activity. Legal basis: legitimate interests.
• Product improvement and analytics — understand how the Service is used and improve it. Legal basis: legitimate interests.
• Customer support — respond to your requests. Legal basis: legitimate interests / performance of a contract.
• Marketing emails / newsletter — only if you opt in. Legal basis: consent, which you may withdraw at any time using the unsubscribe link in any email.
• Legal compliance — comply with applicable laws and respond to lawful requests. Legal basis: legal obligation.

4. How We Share Personal Data

We share personal data with the following categories of recipients:

• Merchant of Record (Paddle) — for the sale of our products, subscription management, payments, tax compliance and invoicing. Paddle acts as an independent controller for that processing.
• Service providers / subprocessors — hosting, database, email delivery, analytics, and AI model providers that process content on our behalf to deliver the Service.
• Professional advisers — legal, accounting and compliance advisers where necessary.
• Authorities — where required by law or to protect rights, safety, or property.

We do not sell your personal data.

5. International Transfers

Personal data may be processed in countries outside your own, including outside the UK / EEA. Where required, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses to protect the data.

6. Retention

We keep account data while your account is active and for a reasonable period afterwards to handle disputes, comply with legal obligations and enforce our agreements. Uploaded files and AI outputs are kept only as long as needed to provide the Service and may be deleted automatically after processing. Billing records are retained for the period required by applicable tax and accounting laws.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. EEA / UK users may also lodge a complaint with their local supervisory authority. We will respond to verifiable requests within the timelines required by law (generally within one month under GDPR).

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, principle of least privilege, and routine reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Cookies

We use cookies and similar technologies that are strictly necessary to operate the Service (for example, to keep you signed in and to remember your language). We may also use limited analytics cookies to understand usage. You can control cookies through your browser settings.

10. Children

The Service is not directed to children under the age required for consent in their jurisdiction. We do not knowingly collect personal data from such children. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Changes

We may update this Privacy Notice from time to time. Material changes will be highlighted in the Service. The "last updated" date reflects the latest revision.

12. Contact

For any privacy-related question or to exercise your rights, contact us through the support channels available in the application.