Your privacy matters to us
FairFee is designed with privacy-first principles. We use cookie-free analytics, store data in the EU, and only collect what’s strictly necessary to help you understand your real freelancer income.
Last updated: March 28, 2026
1. Controller
The controller responsible for processing personal data is: Marlon Arndt H.-H.-Meier-Allee 51 28213 Bremen Germany Email: hello@fairfee.app See /imprint for full legal provider details.
2. Personal Data We Process
We process the following categories of personal data, depending on how you use FairFee: a) Account data • Email address • Hashed password (bcrypt — we cannot read your password) • Authentication and session data b) Calculator and portfolio data • Calculation inputs such as rates, project values, platform selections, payout methods, fee assumptions, tax reserve settings, and saved client/project labels c) Billing data • Subscription status • Payment confirmation data • Limited billing metadata received from our payment processor d) Technical and usage data • Basic device/browser metadata • Security logs • Aggregated analytics data • Language, currency, and theme preferences stored locally in your browser We do not intentionally collect bank account numbers, full card numbers, tax identification numbers, or similar sensitive financial identifiers.
3. Purposes and Legal Bases
We process your personal data for the following purposes and legal bases under Article 6 GDPR: a) To provide the Service and your account Legal basis: Art. 6(1)(b) GDPR — performance of contract This includes account creation, authentication, saving calculations, portfolio functionality, and displaying your dashboard data. b) To process payments and manage subscriptions Legal basis: Art. 6(1)(b) GDPR — performance of contract This includes communicating with our payment provider, verifying payment status, and enabling premium access. c) To maintain security, prevent abuse, and investigate misuse Legal basis: Art. 6(1)(f) GDPR — legitimate interest Our legitimate interest is protecting the integrity, security, and reliability of FairFee. d) To operate privacy-friendly analytics and improve the Service Legal basis: Art. 6(1)(f) GDPR — legitimate interest Our legitimate interest is understanding aggregate usage, product performance, and technical issues in a privacy-preserving way. e) To comply with legal obligations Legal basis: Art. 6(1)(c) GDPR This includes tax, accounting, fraud-prevention, and regulatory obligations where applicable. FairFee does not use automated decision-making or profiling within the meaning of Article 22 GDPR that produces legal effects or similarly significantly affects you.
4. Recipients and Service Providers
We use carefully selected processors and service providers to operate FairFee. Data processing agreements (DPA) pursuant to Art. 28 GDPR are in place with all processors. These include: • Supabase (EU, AWS eu-central-1, Frankfurt, Germany) — authentication, database, storage. SOC 2 Type II certified infrastructure. • Vercel, Inc. (US) — application hosting and edge delivery. Privacy policy: https://vercel.com/legal/privacy-policy • Plausible Analytics (EU) — privacy-friendly, cookie-free analytics. Does not collect personal data or track users across websites. • Vercel Web Analytics (US) — privacy-friendly, cookie-free page-view analytics. Aggregated and anonymous. • Stripe, Inc. (US/EU, PCI DSS Level 1) — payment processing and subscription management. • Resend, Inc. (US) — transactional email delivery for support ticket notifications. Processes the sender's email address and message content submitted via the support form solely for delivering admin notification emails. • Sentry, Inc. (US) — error monitoring and crash reporting. Receives anonymized error data and stack traces. No PII is intentionally sent. Privacy policy: https://sentry.io/privacy/ These providers process data only to the extent necessary for the services they perform for us. No data is sold to or shared with advertisers. No data is used for profiling or automated decision-making.
5. Cookies and Local Storage
FairFee does not use advertising cookies, tracking cookies, or third-party cookies. We use browser-side storage (localStorage) for two purposes: • Preferences: language, currency, and theme settings to improve usability. • Calculator and portfolio data: if you are not signed in, calculation inputs and portfolio data (such as client names and project labels you enter) are stored locally in your browser and never transmitted to our servers. Once you sign in, this data is synced to and stored on our servers instead. LocalStorage data is never shared with third parties and is not cookies.
6. Analytics
We use two privacy-friendly, cookie-free analytics tools: • Plausible Analytics — hosted in the EU, does not use cookies, does not collect personal data, and does not track users across websites. All data is aggregated and anonymous. • Vercel Web Analytics — built-in, cookie-free page-view analytics provided by our hosting infrastructure. Data is aggregated and anonymous. We do not use Google Analytics, Facebook Pixel, or any other advertising trackers or behavioral profiling tools.
7. Payments
If you purchase a paid subscription, payment details are processed directly by our payment provider, Stripe, Inc. (PCI DSS Level 1 certified). We never see, store, or have access to your full credit card number. We receive only the information necessary to confirm payment status, manage subscriptions, and handle billing-related support. Stripe’s privacy policy: https://stripe.com/privacy
8. Data Security
We implement industry-standard security measures including: • TLS encryption (TLS 1.2+) for all data in transit • AES-256 encryption for data at rest • Row Level Security (RLS) on all database tables • Hashed passwords (bcrypt) — we cannot read your password • Secure session management via Supabase Auth • Regular dependency audits and security updates
9. Data Retention
We retain personal data only for as long as necessary for the purposes described above. • Account and saved calculation data: retained while your account is active or until deletion is requested • Security and operational logs: retained only as long as necessary for security and system integrity • Billing and accounting data: retained as long as required by applicable tax and accounting law (up to 10 years pursuant to § 147 AO / § 257 HGB) • Aggregated analytics data: may be retained in anonymized form Inactive accounts that have not been used for 24 months may be flagged for deletion with prior email notice.
10. International Transfers
Your primary data is stored in the EU (AWS eu-central-1, Frankfurt, Germany). Some processing may occur outside the European Economic Area through our hosting provider (Vercel/US) and payment processor (Stripe). Where personal data is transferred to a third country without an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs), together with any supplementary measures required by law.
11. Your Rights (GDPR Art. 15–21)
If the GDPR applies to you, you have the right to: • Access your personal data (Art. 15) • Rectify inaccurate data (Art. 16) • Erase your data, subject to legal retention obligations (Art. 17) • Restrict processing (Art. 18) • Receive your data in a portable, machine-readable format (Art. 20) • Object to processing based on Art. 6(1)(f) GDPR (Art. 21) • Lodge a complaint with a competent supervisory authority To exercise your rights, contact: hello@fairfee.app — we will respond within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your competent data protection authority. The competent authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Bremen (https://www.datenschutz.bremen.de).
12. Mandatory or Optional Data
Some data is necessary for us to provide the Service, such as your email address for account access and certain calculation inputs if you want accurate results. If you do not provide required data, parts of the Service may not function.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on the website and, where appropriate, communicated by email or in-app notice at least 30 days before they take effect.
14. Contact
For privacy-related requests, data access inquiries, or concerns: Email: hello@fairfee.app Responsible party: See our Legal Notice (/imprint) for full contact details.