Privacy Policy

Faivv Limited ("Faivv", "we", "us", or "our"), a company incorporated in Hong Kong, operates the Intellpost service — including the website at intellpost.ai, the browser extension, and the mobile application (collectively, the "Service").

This Privacy Policy explains how we collect, use, store, and share your personal data, and your rights under the Personal Data (Privacy) Ordinance (Cap. 486) of Hong Kong ("PDPO"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.

We collect the following categories of data:

• Account data: When you create an account, we collect your email address and, if you sign in with Google, your Google display name and profile photo URL as provided by Google Firebase Authentication.
• Usage data: Records of your draft generation and regeneration events, including timestamps and usage counts, stored in Firestore under your user ID or guest ID.
• Anonymised analytics: We separately record aggregate analytics events that contain no personal identifiers. These include: event type, actor type (user or guest, without any associated ID), client platform (browser extension, Android, or iOS), tone and length preferences, detected content language, the hostname of the article website only (e.g. bbc.com, never the full URL or path), coarse geographic region (country and timezone only, not city or region), AI model used, and request duration. This data cannot be linked back to any individual and is used solely to monitor service performance and improve the product.
• Content data: Article URLs you submit, article text processed for AI analysis, your reaction text, and the drafts generated for you. This content is processed to deliver the Service and stored in Firestore.
• Guest identity: If you use the Service without an account, we assign a randomly generated guest ID (UUID) stored on your device. This ID is used for rate limiting and session continuity and is not linked to your real-world identity.
• Rate limiting data: We store rate limit counters in Redis keyed to your user ID, guest ID, or IP address. IP addresses used for rate limiting are not retained beyond what is operationally necessary and are not stored long-term.
• Preferences:Your language preference is stored in your browser's local storage and is not transmitted to our servers.

We use the data we collect to:

• provide, operate, and maintain the Service;
• authenticate your identity and manage your account;
• generate AI-assisted draft posts in response to your requests;
• enforce rate limits and prevent abuse of the Service;
• diagnose technical problems and improve service reliability;
• monitor aggregate service usage patterns and improve product quality, performance, and cost efficiency; and
• comply with our legal and regulatory obligations.

We do not use your personal data for advertising purposes and do not sell your personal data to third parties.

We share data with the following third-party service providers who act as data processors on our behalf:

• Google Firebase (Google LLC):Authentication, Firestore database, and cloud infrastructure. Your account data and content data are stored on Firebase/Google Cloud servers. Google's privacy policy applies: policies.google.com/privacy.
• OpenRouter / OpenAI:AI model inference. Your article content and reaction text are transmitted to these providers' APIs to generate draft posts. These providers process your content only to respond to your generation request and are bound by their respective data processing terms.
• Railway (Railway Corp.):Hosting and infrastructure for our backend server and Redis database. Server-side request data (including IP addresses) is processed on Railway's infrastructure.

We do not share your personal data with any other third parties except as required by applicable law or a lawful court order.

Our service providers operate outside Hong Kong, including in the United States. By using the Service, you consent to your personal data being transferred to and processed in these jurisdictions, which may have different data protection laws than Hong Kong. We take reasonable contractual and technical steps to ensure that our service providers maintain appropriate safeguards for your data.

We retain your account data and associated content data for as long as your account remains active. Guest data (drafts, usage events) is retained for a limited period for operational and abuse prevention purposes. Rate limiting counters reset automatically after the applicable daily window expires.

You may request deletion of your account and all associated personal data at any time through the Account page or by contacting us at contact@faivv.com.

Under the Personal Data (Privacy) Ordinance (Cap. 486), you have the right to:

• Access: request a copy of the personal data we hold about you; and
• Correction: request that we correct any inaccurate personal data we hold about you.

To exercise these rights, submit a written request to contact@faivv.com. We will respond within the timeframes required by the PDPO. We may charge a reasonable fee for data access requests as permitted by the PDPO.

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include TLS encryption for data in transit, Firebase security rules for data at rest, and access controls on our backend systems. However, no internet-based service can guarantee absolute security, and we cannot warrant that unauthorised access will never occur.

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13 without verifiable parental consent, we will take prompt steps to delete that data.

We do not use tracking or advertising cookies on this website. We use browser storage for essential functions, including language preference and Firebase Authentication session persistence. Authentication state may be stored in browser-managed storage so that you remain signed in between visits, unless you sign out or clear site data. The mobile application uses device storage for session state and draft continuity.

Because we currently use only essential storage for core service functionality, a separate cookie preference banner is not displayed at this time.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Updated versions will be posted at intellpost.ai/privacy with a revised effective date. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at: contact@faivv.com

If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner for Personal Data (Hong Kong) at www.pcpd.org.hk.