Privacy Policy

Phemly operates a SaaS platform at app.phemly.com and website phemly.com. This policy explains data collection, use, storage, and protection practices in compliance with GDPR and Czech Act No. 110/2019 Coll.

Company: Phemly (operated by Filip Zakravsky) Email: privacy@phemeapp.com Address: Czech Republic

Account Data: Email address, full name, hashed passwords.

Project & Business Data: Brand/company name, website domain, competitor information, search queries.

Analytics Data: Scan results, aggregated metrics including visibility scores and sentiment.

Usage & Technical Data: IP address, browser type, pages visited, user actions.

Payment Data: Billing information processed by payment provider, subscription status.

Processing activities justified under GDPR Articles 6(1)(b) for contract performance, 6(1)(f) for legitimate interests, 6(1)(a) for marketing consent, and 6(1)(c) for legal obligations.

We use your data to provide and maintain AI visibility monitoring, generate reports and recommendations, process payments and subscriptions, communicate service updates, improve platform functionality, and prevent abuse and ensure security.

Phemly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Analytics Integration: Users may optionally connect their Google Analytics 4 (GA4) account to Phemly. We request read-only access to Google Analytics data (analytics.readonly scope) solely to display aggregated traffic metrics — such as session counts and traffic sources — within the user's own Phemly dashboard.

We do not use Google Analytics data for any purpose other than displaying it back to the user who granted access. We do not share, sell, transfer, or use Google user data to serve advertising or for any other secondary purpose. We do not allow humans to read Google user data unless the user has explicitly requested it (e.g. support) or we are required to do so for security or legal reasons.

Revoking Access: Users can revoke Phemly's access to their Google Analytics account at any time via Google Account settings (myaccount.google.com/permissions). Revoking access removes all stored Google Analytics tokens immediately.

Google Sign-In: We use Google OAuth 2.0 for account authentication. We access only the email address and basic profile information necessary to create and maintain your account.

Data is shared with cloud infrastructure, payment processing, email delivery, and AI service providers. International transfers are protected via EU Standard Contractual Clauses and Data Privacy Framework decisions.

Implemented measures include encryption at rest and in transit, secure password hashing, access controls, rate limiting, and regular security reviews. Infrastructure is hosted within the EU.

Account data: retained until deletion. Project/analytics data: retained until deletion. Usage logs: 12 months. Payment records: as legally required.

Account deletion removes all data within 30 days.

You have the right of access, right to rectification, right to erasure, right to restriction, right to portability, right to object, and right to withdraw consent. Exercise your rights by contacting privacy@phemeapp.com — we guarantee a response within 30 days.

We use essential cookies for authentication and session management only. Local storage is used for theme preferences. No third-party tracking or advertising cookies are used.

The Service is not directed to anyone under 16. We do not knowingly collect data from children under 16.

Breaches posing risks to your rights will be reported to the supervisory authority within 72 hours. Affected users will be notified promptly.

Office for Personal Data Protection (UOOU) Pplk. Sochora 27, 170 00 Prague 7, Czech Republic www.uoou.cz

Updates will be notified to registered users via email with the date of changes reflected at the top of this page.

Privacy inquiries: privacy@phemeapp.com General inquiries: hello@phemeapp.com