← Back to home

Privacy Policy

Last updated: 12 April 2026

1. Who are we?

FAQ-Tool is an online service that allows users to create AI-generated FAQ answers based on Google Search Console data. The service is provided by FAQ-Tool (hereinafter: "we", "us" or "FAQ-Tool").

Contact address: hashmatholland@gmail.com

2. What data do we collect?

We collect the following personal data:

  • Email address — required for creating an account and logging in.
  • Password — stored as an encrypted hash via Supabase Auth. We do not have access to your password in readable form.
  • Payment data — credit card and payment information is processed exclusively by Stripe. We do not store payment data in our own systems (see section 5).
  • Google Search Console data — search queries and associated URLs that you import via the GSC connection (see section 6).
  • Usage data — the number of AI answers you generate per month, for monitoring your subscription limit.
  • Technical log data — server log files that may contain IP addresses and timestamps, solely for security and troubleshooting.

3. How do we use your data?

We use your data solely for the following purposes:

  • Creating and managing your account.
  • Delivering the service (generating AI FAQ answers).
  • Processing payments and managing your subscription.
  • Monitoring usage limits associated with your subscription.
  • Sending transactional emails (confirmations, password reset).
  • Securing the service and preventing fraud.

We do not sell your data to third parties and do not use it for marketing purposes without explicit consent.

4. Legal basis (GDPR)

We process your personal data on the following grounds:

  • Performance of a contract — to deliver the service you signed up for.
  • Legitimate interest — for security, fraud prevention and service improvement.
  • Legal obligation — for retaining financial records as required by tax law.

5. Stripe – payment processing

Payments are processed by Stripe, Inc., an external payment service provider. When checking out, you are redirected to a secure Stripe environment. We only receive a customer ID and subscription status from Stripe — no full payment details.

Stripe processes personal data in accordance with their own privacy policy. Stripe is certified as a PCI DSS Level 1 service provider. Stripe Privacy Policy.

6. Google Search Console

If you connect your Google Search Console account, you give the service permission to retrieve search queries and URL data from your GSC property. This data is stored in our database and used to generate AI FAQ answers.

We only store the data you explicitly import. You can disconnect at any time via your dashboard. After account deletion, this data will also be erased.

7. How long do we retain your data?

Retention periods:

  • Account data — as long as your account is active. After deletion, data is immediately erased.
  • Payment records — retained for the legally required period of 7 years.
  • Log files — maximum 30 days, then automatically deleted.

8. Security

We take appropriate technical and organisational measures to protect your data, including:

  • Encrypted connections (HTTPS/TLS) for all data communication.
  • Row Level Security in our database — your data is only accessible to you.
  • Encrypted password storage via Supabase Auth (bcrypt).
  • Secure infrastructure via Supabase (EU region) and Vercel.

9. Your rights (GDPR)

As an EU resident, you have the following rights regarding your personal data:

  • Access — you can request which data we process about you.
  • Rectification — you can have incorrect data corrected.
  • Erasure — you can delete your account and all associated data via Settings → Delete account.
  • Objection — you can object to processing based on legitimate interest.
  • Portability — you can request an export of your data.
  • File a complaint — you have the right to file a complaint with the relevant supervisory authority.

Send your request to hashmatholland@gmail.com. We will respond within 30 days.

10. Cookies

We only use functional cookies that are necessary for the operation of the service (session management via Supabase Auth). We do not place tracking or advertising cookies.

11. Changes to this policy

We may update this privacy policy from time to time. For material changes, we will notify you by email. The date at the top of this document shows when the policy was last updated.

12. Contact

If you have questions about this privacy policy or the processing of your data, please contact us:

Email: hashmatholland@gmail.com

HomeTerms of ServiceLog in