Privacy Policy

1. The short version

We only collect what we need to run the platform: the information you give us when you sign up, the apps and content you create, basic usage signals to keep the service safe and reliable, and billing data when you pay us. We don’t sell your personal data. We don’t use your content or your prompts to train our or third-party AI models. You can access, export, and delete your data at any time.

2. Who is responsible

Feldova is operated by Bergert Digital (“Feldova”, “we”, “us”). Feldova is the data controller for personal data processed through the platform, except where another creator acts as controller for the data you submit to their app (see section 13).

For privacy questions, contact us at privacy@feldova.com. You can reach our data protection contact at the same address.

3. What data we collect

We collect and process the following categories of personal data:

• Account data. Your name, email address, hashed password, email verification status, and the authentication sessions we issue to keep you signed in.
• Profile data. Your public creator handle, optional bio, location, links, and avatar image. These are visible on your public creator page if you make it public.
• Workspace data. Workspace name, slug, optional bio, avatar, members, roles, and invitations you create or accept.
• Content you create. The apps you generate, the prompts you send to Studio, the code and assets produced, app metadata, screenshots you capture, and any files you upload.
• Usage and ledger data. Token-ledger entries (grants, debits, purchases), app publish and fork events, edit-session heartbeats, and similar records needed to operate the service.
• Billing data. When you purchase tokens or subscribe, we store the Mollie customer identifier, payment references, amounts, currencies, and invoice metadata. Full payment-card details are handled by Mollie — we never see or store them.
• Communications. Emails we send you (verification, password reset, change-of-email confirmations, invitations, account-deletion confirmations) and any replies you send to us.
• Technical data. IP address, user-agent string, device and browser metadata, timestamps, referrer, and diagnostic logs — collected automatically when you interact with the service. We also record error traces and request metadata needed to operate and secure the platform.

4. How we use your data

We use personal data to:

• create and maintain your account, authenticate you, and send service emails;
• operate Studio and the public Apps listing — run your prompts through AI providers, store the resulting code and assets, host your apps, and serve them to users;
• process token purchases, subscriptions, and (in the future) creator payouts;
• keep the platform safe and reliable — detect and prevent abuse, fraud, and technical incidents, apply rate limits, and investigate reports;
• improve the service — diagnose errors, measure reliability, and develop new features;
• communicate with you about the service, your account, and changes that affect your rights;
• comply with legal obligations (for example, tax, accounting, and reporting).

We do not sell personal data. We do not use your content, prompts, or AI output to train Feldova’s or any third party’s general-purpose AI models.

5. Legal bases (GDPR Art. 6)

Under the GDPR, our legal bases for processing are:

• Contract performance (Art. 6(1)(b)) — to provide the service you sign up for: account, workspace, Studio, Apps listing, runtime, billing.
• Legitimate interests (Art. 6(1)(f)) — to keep the platform secure, prevent fraud and abuse, debug and improve the service, and defend legal claims. We balance these interests against your rights and only rely on this basis where our interest is not overridden by your interests.
• Legal obligation (Art. 6(1)(c)) — to comply with tax, accounting, consumer-protection, and other mandatory laws.
• Consent (Art. 6(1)(a)) — where we ask for it, for example for optional analytics cookies or marketing emails. You can withdraw consent at any time without affecting processing already carried out.

6. AI prompts and generated output

Feldova uses third-party AI providers (currently Mistral AI and Anthropic) to turn your prompts into working apps. When you ask Studio to build or edit an app, we send your prompt, prior conversation turns for that app, and relevant code context to the AI provider and store the response in your workspace.

We have agreements with our AI providers that prohibit them from using your prompts or the generated output to train their models. Providers may retain request data for a short period for abuse detection in line with their own policies.

Please don’t paste regulated personal data (health, financial identifiers, legal case details), secrets, or other sensitive content into prompts unless you have the right to do so and are comfortable with it being transmitted to an AI provider.

7. Cookies and similar technology

We use a small set of cookies and similar client-side storage to operate the service:

• Authentication cookies — keep you signed in between requests.
• Active-workspace cookie (feldova_active_workspace) — remembers which of your workspaces you are using.
• Preference storage — theme, recently used pages, and similar local settings.

These are strictly necessary to provide the service and do not require consent under ePrivacy rules. We do not use third-party advertising or cross-site tracking cookies. If that changes we will ask for your consent beforehand.

8. Who we share data with

We share personal data only with service providers (“processors”) that help us operate Feldova, and only to the extent each one needs to do its job:

• Hetzner Online GmbH (Germany) — cloud hosting and object storage for the database, application servers, avatars, and screenshots.
• Mollie B.V. (Netherlands) — processing payments, storing payment methods, and, in the future, disbursing creator payouts via Mollie Connect.
• Sendinblue / Brevo (France) — delivering transactional emails: verification, password reset, invitations, billing notifications.
• Mistral AI (France) and Anthropic PBC (United States) — AI model providers that process your prompts on our behalf to generate apps.

We may also share data with professional advisors, auditors, and authorities where we are legally required to. If Feldova is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of the transaction — we will notify you before your data becomes subject to a different privacy policy.

A current list of subprocessors is available on request at privacy@feldova.com.

9. International data transfers

Most of our processing happens inside the European Economic Area. Some processors (notably Anthropic) may process data in the United States or other countries outside the EEA. Where that happens, we rely on the European Commission’s Standard Contractual Clauses and, where appropriate, additional safeguards (such as encryption in transit, access controls, and limited retention) to protect your data.

10. How long we keep data

We keep personal data only as long as we need it for the purposes set out in this policy or as required by law:

• Account & profile data — for as long as your account is active. When you delete your account, we delete or anonymize your personal data within 30 days, except for records we must keep for legal reasons (see below).
• Apps and content — for as long as you keep them, or until you delete them. Public apps may remain available after account deletion if you haven’t unpublished them; you can unpublish before deleting.
• Billing records — retained for up to 7 years to comply with Dutch tax and accounting law.
• Security and abuse logs — typically up to 12 months, longer where needed to investigate a specific incident.
• Backups — rolling encrypted backups kept for up to 30 days. Deleted data may persist in a backup for that window before expiring.

11. Your rights

If the GDPR applies to you, you have the following rights:

• Access — get a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — ask us to delete your personal data when it is no longer needed, you withdraw consent, or you object to processing.
• Restriction — ask us to stop processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format, or have it sent directly to another service where technically feasible.
• Objection — object to processing based on legitimate interests, including profiling.
• Withdraw consent — at any time, where processing relies on your consent.
• Complaint — lodge a complaint with a supervisory authority, for example the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl) or the authority in your country of residence.

Most of these rights can be exercised directly from your account settings — update your profile, export your workspace, or delete your account. For anything else, email privacy@feldova.com and we will respond within 30 days.

12. Automated decisions and profiling

We do not make decisions that produce legal or similarly significant effects about you solely by automated means. We do use automated systems for abuse detection, rate-limiting, and AI-assisted content generation, but a human is involved before any action that meaningfully restricts your access to the service, and you can always contact us to review the outcome.

13. Apps built by other creators

When you use an app that another creator has built and published on Feldova, the creator (typically their workspace) can act as an independent data controller for the data you submit to that app — the notes you write, the entries you create, the files you upload, and so on. Feldova acts as a data processor for that data on the creator’s behalf.

Check the creator’s profile and the app’s description for their contact details. If you can’t reach them or aren’t sure who the controller is, contact us and we will help you connect.

14. Security

We take security seriously. Measures include encryption of data in transit (TLS), encryption at rest for backups and object storage, hashed passwords, isolated per-tenant storage for app data, least-privilege access controls for staff, audit logging, and periodic review of subprocessors. No system is perfectly secure — please use a strong, unique password and enable any additional protections we offer.

15. Children

Feldova is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

16. Data breaches

If a personal-data breach is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of it, as required by Art. 33 GDPR, and — where the risk is high — inform you directly without undue delay.

17. Changes to this policy

We may update this policy as the platform evolves. When we make material changes, we will update the “Last updated” date at the top and notify you by email or in-app message for changes that affect your rights. Non-material changes (clarifications, typos) may be made without notice.

18. How to contact us

Questions, requests, or complaints about this policy? Email privacy@feldova.com. For anything else, see our Terms of Service.