# Privacy Policy — Fn First Holdings

**Last Updated:** June 26, 2025

**Introduction:** Fn First Holdings LLC ("Fn First," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what data we collect through our mobile applications, websites, and related services (collectively, the "Services"), how we use and share that data, and your choices. It is intended to comply with applicable privacy laws including the California Consumer Privacy Act (CCPA/CPRA), Canada's PIPEDA, the EU/UK GDPR, and other relevant laws.

## 1. Scope of this Policy

Applies to personal information collected when you use our Apps or related websites (including fnfirst.com), when you communicate with us (email support, feedback, social media), and when you participate in promotions, betas, surveys, or events. It does not apply to data processing by third-party platforms (Apple App Store, Google Play) except to the extent those platforms pass your data to us.

## 2. Information We Collect and Why

We only collect personal information necessary to provide and improve our Services, or as required by law:

- **Account & Subscription Data** — user ID, email (if provided), display name, subscription tier/receipts. Purpose: account creation, login, purchase management. Basis: contract; legitimate interest in fraud prevention.
- **Authentication Data** — credentials via our auth provider (Firebase) or Sign in with Apple tokens. Purpose: secure login and cross-device sync. Basis: contract; account security.
- **Anonymous Session ID** — random UUID created on first launch, not linked to name or email. Purpose: authenticate requests, enforce usage limits, prevent fraud. Basis: legitimate interest.
- **Usage Data (Analytics)** — device model, OS version, app version, feature usage, crash reports. Opt-in where required. Purpose: improve stability and features. Basis: legitimate interest or consent.
- **Support & Feedback Data** — contact info and communication content. Purpose: resolve inquiries. Basis: contract; service quality.
- **Marketing (Opt-In)** — name, email, region, preferences. Purpose: newsletters/offers only with consent; withdraw anytime. Basis: consent.
- **Payment Data** — **none collected by Fn First.** All payment processing is handled by Apple or Google; we only receive purchase confirmations.

We do not knowingly collect sensitive personal data (precise location, health, biometrics) or data on children under 16.

## 3. How We Use Your Information

To provide and improve the Services, process transactions, enforce terms and prevent misuse, send administrative communications, provide customer support, send marketing (only if consented), and comply with legal obligations. **We do not sell or rent your personal data to third-party advertisers or marketers.**

## 4. Sharing and Disclosure

We share personal data only with: service providers/processors (e.g., Google Firebase, Microsoft Azure, AI services) bound by data processing agreements; platform operators (Apple/Google) per their own policies; legal authorities when required by law; successors in a business transfer (with notice); and third parties you consent to. We do not share personal information with advertisers or social media companies for their independent marketing. Servers are primarily in the United States; transfers from the EU rely on Standard Contractual Clauses or other approved mechanisms.

## 5. Data Retention

- Account data: kept while your account is active; in-app **Delete My Account** removes auth records and cloud content immediately, backups purged within 30 days.
- Purchase/subscription records: at least 7 years (tax law).
- Support communications: ~12 months after last correspondence.
- Analytics data: generally 18 months, then aggregated or anonymized.
- Marketing list: until you unsubscribe.

## 6. Security Measures

TLS encryption in transit (e.g., TLS 1.3), AES-256 encryption at rest for sensitive data, hashed and salted passwords, strict access controls with MFA, reputable providers (Firebase, Azure; ISO 27001 / SOC 2), periodic assessments, and breach notification per law (typically within 72 hours under GDPR).

## 7. Your Rights and Choices

Depending on jurisdiction: access and portability, correction, deletion, restriction of processing, objection to processing, withdrawal of consent, non-discrimination (CCPA/CPRA), and the right to lodge a complaint with a supervisory authority. To exercise rights, contact **privacy@fnfirst.com**. We verify identity and aim to respond within 30 days (45 under CCPA where applicable). Fastest deletion: Settings → Account → Delete My Account in the app.

## 8. International Users

EU/UK: Fn First Holdings LLC is the data controller; GDPR rights per Section 7; SCCs for transfers. California: CCPA/CPRA rights as described; we do not "sell" or "share" personal information as defined by the CCPA. Other regions: we honor applicable local privacy rights.

## 9. Children's Privacy

Services are not intended for children under 16. We do not knowingly collect their data and will delete it promptly if discovered.

## 10. Changes to This Privacy Policy

We may update this Policy; the "Last Updated" date will change, and material changes will be announced at least 7 days before taking effect.

## 11. Digital Services Act (DSA) Notice (EU Users)

Our Services are not platforms for user-shared public content. Users are responsible for content they input/generate; report misuse to privacy@fnfirst.com. Algorithmic systems (text-to-speech, translation, AI features) are deterministic on user input — no recommendation algorithms or content feeds. Our Services are digital tools with no physical product risks.

## 12. Contact Us

**Fn First Holdings LLC**
Attn: Privacy Officer
30 N Gould St STE 11959
Sheridan, WY 82801 USA

Email: privacy@fnfirst.com (privacy) · support@fnfirst.com (general support)

© 2025 Fn First Holdings LLC. All rights reserved.
