Privacy Policy

Last updated: March 17, 2026

1. Introduction

Pheme ("we", "our", "us") operates the SaaS platform at app.phemeapp.com and the website phemeapp.pages.dev (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and Czech Act No. 110/2019 Coll. on the Processing of Personal Data.

2. Data Controller

The data controller is:

Company: Pheme (operated by Filip Zakravsky)
Email: privacy@phemeapp.com
Address: Czech Republic

3. Information We Collect

3.1 Account Data

Email address — for authentication and communication
Full name — provided during registration
Password — stored in hashed form (we never store plaintext passwords)

3.2 Project & Business Data

Brand/company name — the brand you are monitoring
Website domain — your website URL for AI visibility tracking
Competitor information — competitors you choose to track
Search queries — queries you configure for monitoring

3.3 Analytics Data

Scan results — data collected from AI platforms about your brand visibility
Aggregated metrics — visibility scores, sentiment, and performance indicators

3.4 Usage & Technical Data

IP address — for security purposes
Browser type and version — for compatibility
Pages visited and actions — for product improvement

3.5 Payment Data

Billing information — processed by our payment provider (we do not store credit card numbers)
Subscription status — plan type and billing period

4. Legal Basis for Processing

Purpose	Legal Basis (GDPR)
Account creation and authentication	Art. 6(1)(b) — Contract performance
AI visibility monitoring and analytics	Art. 6(1)(b) — Contract performance
Payment processing	Art. 6(1)(b) — Contract performance
Security and fraud prevention	Art. 6(1)(f) — Legitimate interest
Product improvement	Art. 6(1)(f) — Legitimate interest
Service communications	Art. 6(1)(b) — Contract performance
Marketing communications	Art. 6(1)(a) — Consent (opt-in)
Legal compliance	Art. 6(1)(c) — Legal obligation

5. How We Use Your Data

To provide and maintain the AI visibility monitoring service
To generate reports and recommendations
To process payments and manage subscriptions
To communicate service updates and notifications
To improve and optimize our platform
To prevent abuse and ensure security

6. Third-Party Service Providers

We may share your data with third-party service providers who assist us in delivering the Service, including providers of cloud infrastructure, payment processing, email delivery, AI services, and other IT and operational support. These providers process data solely on our behalf and are bound by appropriate data processing agreements.

Where data is transferred outside of the EU/EEA, we ensure adequate protection through EU Standard Contractual Clauses (SCCs) or EU-US Data Privacy Framework adequacy decisions.

7. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption of data at rest and in transit
Secure password hashing
Access controls ensuring users can only access their own data
Rate limiting and authentication on all API endpoints
Regular security reviews

Our primary infrastructure is hosted within the European Union.

8. Data Retention

Data Type	Retention Period
Account data	Until account deletion
Project and analytics data	Until account deletion
Usage logs	12 months
Payment records	As required by law

When you delete your account, all associated personal data is permanently removed within 30 days.

9. Your Rights (GDPR Articles 15–22)

As a data subject, you have the following rights:

Right of Access — Request a copy of all personal data we hold about you
Right to Rectification — Request correction of inaccurate data
Right to Erasure — Request deletion of your account and all associated data
Right to Restriction — Request temporary restriction of processing
Right to Portability — Receive your data in a machine-readable format
Right to Object — Object to processing based on legitimate interest
Right to Withdraw Consent — Withdraw consent at any time for consent-based processing

To exercise your rights, contact us at privacy@phemeapp.com. We will respond within 30 days. You may also manage your data directly from the Settings page within the application.

10. Cookies

We use essential cookies required for authentication and session management. We also store your theme preference locally. We do not use third-party tracking, advertising, or analytics cookies.

11. Children's Privacy

Our Service is not directed to anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.

13. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

Office for Personal Data Protection (UOOU)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
Website: www.uoou.cz

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights, contact us at:

Email: privacy@phemeapp.com
General: hello@phemeapp.com