FastLanding

Privacy Policy

Last updated: June 9, 2026

This Privacy Policy explains how costeffective.software ("we", "us") collects, uses and protects your personal data when you use our AI landing-page builder. We are based in the European Union and process personal data in accordance with the EU General Data Protection Regulation (GDPR).

If you have any questions, contact us at support@costeffective.software.

1. Who we are (data controller)

The data controller for your account data is Cost-Effective Software (company legal name and registered address to be inserted here), reachable at support@costeffective.software.

For data submitted by visitors of landing pages that you publish (for example contact-form submissions), you are the data controller and we act as your data processor — see section 6.

2. What data we collect

  • Account data: your email address, display name and optional profile photo, provided when you sign up with email/password or Google.
  • Content you create: project names, prompts and chat messages you send to the AI, brand details you enter (business name, descriptions, colors), generated page code and content, and images or videos you upload.
  • Billing data: your subscription tier and Stripe customer reference. Card details are entered directly with Stripe and never reach our servers.
  • Usage data: generation counts used for fair-use limits, and technical logs (timestamps, error logs) needed to operate the service.
  • Leads collected on your behalf: form submissions from visitors of landing pages you publish.

We do not use third-party analytics or advertising trackers on this site. Cookies are limited to those strictly necessary for authentication and session management (Supabase auth cookies).

3. Why we process your data (legal bases)

  • To provide the service — creating your account, generating and hosting your pages, storing your projects (Article 6(1)(b) GDPR, performance of a contract).
  • To process payments and manage subscriptions via Stripe (Article 6(1)(b) and legal obligations under tax and accounting law, Article 6(1)(c)).
  • To enforce fair-use limits, prevent abuse and keep the service secure (Article 6(1)(f), legitimate interest).
  • To send you transactional emails such as invites and account notifications (Article 6(1)(b)).

4. AI processing of your prompts

When you generate or edit a page, the prompt you write, relevant project context and the current page code are sent to our AI model providers — primarily OpenAI (for code generation), and in some configurations Google (Gemini) or Anthropic — to produce the result. We send only what is needed to fulfil your request and we do not permit these providers to use your data to train their models under our API agreements.

5. Service providers (processors)

We use a small number of infrastructure providers to run the service:

  • Supabase — database, authentication and file storage (your account, projects, uploads and leads live here).
  • Vercel — hosting of this application and of the landing pages you publish.
  • Stripe — payment processing and subscription billing.
  • OpenAI (and, where configured, Google or Anthropic) — AI generation of page content and code.
  • Resend — transactional email delivery.
  • GitHub — code storage for the deployment pipeline of generated sites.
  • Unsplash — when you request stock imagery, search queries derived from your page content are sent to Unsplash.

Some of these providers are located in the United States. Where data is transferred outside the EEA, we rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses.

6. Leads from your published pages (we act as processor)

Landing pages you publish can include contact forms. Submissions from your visitors are stored in our database and shown to you in your Leads dashboard. For this data you are the controller: you decide why it is collected and you are responsible for informing your visitors and having a privacy notice on your published page. We store and display this data on your instructions only and delete it when you delete the project or your account.

7. How long we keep data

  • Account and project data: for as long as your account exists. When you delete your account, we delete your personal data within 30 days.
  • Leads: until you delete them, the related project, or your account.
  • Billing records: kept as long as required by tax and accounting law (typically up to 10 years).
  • Technical logs: kept for a short rolling period needed for security and debugging.

8. Your rights

Under the GDPR you have the right to access, rectify, erase and receive a copy of your personal data, to restrict or object to processing, and to data portability. You can also withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email support@costeffective.software. We respond within one month. You also have the right to lodge a complaint with your local supervisory authority — in Bulgaria, the Commission for Personal Data Protection (CPDP, www.cpdp.bg).

9. Security

All traffic is encrypted in transit (TLS). Data is stored with row-level security so each account can only access its own data, and third-party access tokens we store on your behalf are encrypted at rest.

10. Children

The service is not directed at children under 16 and we do not knowingly collect their data.

11. Changes to this policy

We may update this policy as the service evolves. We will post the new version here and update the date above; for material changes we will notify you by email or in the app.