focadio.
click to skip
Privacy policy

How focadio handles personal data.

focadio is operated by Patnick (Vantaa, Finland). This policy explains what personal data we process, why, how, and the rights you have under the GDPR, UK GDPR and CCPA/CPRA.

Last updated: April 22, 2026

Section 01

Controller details

focadio is operated by Patnick, a Finnish private limited company, which acts as the data controller for the personal data described here.

Contact: legal@patnick.com · Keltasafiirinpolku 1A 07, 01300 Vantaa, Finland. A dedicated Data Protection Officer is not mandatory for our current activities.

Section 02

Scope

This policy applies to visitors of focadio.com, people who create an account, and users of the platform in the United States and the European Union.

It is governed by the EU/EEA GDPR, the UK GDPR, and the California CCPA/CPRA where applicable.

Section 03

Data we collect

Provided directly by you:

  • Name, email, and password (stored only as a bcrypt hash)
  • Company name and the brand domain you track
  • The queries, competitors and project settings you enter
  • Support messages you send us

Through optional integrations (only with your consent): authentication tokens and the data returned by any connector you choose to enable.

Collected automatically: IP address, browser/device headers, cookieless analytics (Plausible), and essential session and CSRF cookies.

Payment data: card numbers, CVC and expiry are collected and processed exclusively by Stripe. focadio stores only your customer ID, subscription status, the last four digits, the card brand, and invoice metadata.

Section 05

Sub-processors

We rely on vetted providers to run the service: Stripe (payments), Supabase (database, EU), Vercel / Railway (hosting), OpenRouter & OpenAI (AI-engine probing), DataForSEO (SERP data), an email delivery provider, and Plausible (cookieless analytics).

focadio does not sell personal data. focadio does not share personal data for cross-context behavioural advertising. focadio does not permit any sub-processor to use your personal data to train or fine-tune their AI models.

Section 06

International data transfers

Our primary database is in the EU. Where data is transferred outside the EEA we rely on the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or the EU–US Data Privacy Framework where the recipient is certified.

Section 07

Data retention

  • Active accounts: for the life of the account plus 30 days after cancellation
  • Invoices and accounting records: as required by tax/corporate law (typically 6 years in Finland)
  • Integration tokens: until revoked or the account is closed
  • Support tickets: up to 3 years
  • Analytics: rolling 24 months
  • Security logs: up to 12 months
Section 08

Your rights

Under the GDPR / UK GDPR you have the right to access, rectify, erase, restrict and port your data, to withdraw consent, and to lodge a complaint with a supervisory authority (Finland's Office of the Data Protection Ombudsman, or the UK ICO).

Under the CCPA/CPRA you have the right to know, delete and correct, to opt out of sale/sharing (which we do not do), to limit sensitive-data use, and to non-discrimination.

To exercise any right, email legal@patnick.com. We acknowledge within 72 hours and respond within one month (GDPR) or 45 days (CCPA).

Section 09

Measurement & AI

focadio measures how your brand appears inside AI-generated answers by sending the prompts you define to AI engines and SERP providers, then analysing the responses. focadio never modifies your website.

AI probing is performed via third-party APIs with zero-retention requested where the provider supports it.

Section 10

Security measures

  • TLS 1.2+ encryption in transit
  • Database encryption at rest (managed by Supabase)
  • Bcrypt password hashing
  • Need-to-know data access with audit logging
  • Two-factor authentication for staff
  • Regular updates and planned security reviews

Report a vulnerability to legal@patnick.com with "Security" in the subject line.

Section 11

Children's privacy

The service is not directed at individuals under 16. If we learn we hold a child's data without a lawful basis, we delete it promptly.

Section 12

Changes to this policy

We notify you of material changes by email at least 30 days before they take effect. Continued use after that date indicates acceptance.

Section 13

Contact

All privacy inquiries: legal@patnick.com · Keltasafiirinpolku 1A 07, 01300 Vantaa, Finland. We respond within 2 business days.

Last updated: April 22, 2026. Questions? legal@patnick.com
Privacy Policy — focadio — focadio