The data controller for personal data processed through FanSpeak within the meaning of Art. 4(7) GDPR is:
The controller processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Coll. on personal data processing (Czech law).
The email address is used for:
When the User connects the Service to a third-party platform (e.g. YouTube), FanSpeak retrieves and stores, on the basis of the User's authorisation:
This data is retrieved solely on the basis of the authorisation granted by the User and is used exclusively to power the Service's features (inbox, search, reply tracking, analytics).
| Purpose of processing | Legal basis | GDPR reference |
|---|---|---|
| Login and account management (email) | Performance of a contract | Art. 6(1)(b) |
| Retrieval of Connected Platform data | Performance of a contract | Art. 6(1)(b) |
| Security logs (IP, User-Agent) | Legitimate interest (security, fraud prevention) | Art. 6(1)(f) |
| Service improvement (anonymised analytics) | Legitimate interest | Art. 6(1)(f) |
| Marketing communications (opt-in only) | Consent | Art. 6(1)(a) |
| Compliance with legal obligations | Legal obligation | Art. 6(1)(c) |
Where processing is based on legitimate interest (Art. 6(1)(f) GDPR), the Controller has carried out a balancing test. The result is available on request at privacy [at] fanspeak.io.
| Category of data | Retention period |
|---|---|
| Email address (account data) | Duration of account + 30 days after closure |
| Connected Platform data (comments, metadata) | While channel is connected; deleted within 30 days of disconnection or account closure |
| Security logs (IP, User-Agent) | 90 days |
| Contact form / email submissions | 12 months |
| Accounting and tax records | As required by Czech Act No. 563/1991 Coll. (generally 5–10 years) |
The Controller does not sell Users' personal data. Data may be shared with:
A complete list of processors is available on written request to privacy [at] fanspeak.io.
Under GDPR, you have the following rights:
To exercise any of these rights, contact privacy [at] fanspeak.io or privacy [at] fanspeak.io. The Controller will respond within 30 days; in complex cases the period may be extended by a further 2 months (Users will be informed of any extension).
The Controller implements technical and organisational measures appropriate to the risk of processing:
No system is perfectly secure. Please report any security vulnerabilities to privacy [at] fanspeak.io.
In the event of a personal data breach, the Controller will act in accordance with Art. 33 and 34 GDPR – notifying the supervisory authority within 72 hours and informing affected data subjects where required.
FanSpeak uses only strictly necessary (technical) cookies:
No advertising or tracking cookies are used. Consent is not required for these cookies under Art. 6(1)(b) GDPR and applicable Czech law (§ 89 of Act No. 127/2005 Coll.), as they are strictly necessary for the provision of the Service.
Users' data is generally processed within the European Economic Area (EEA). Where transfers outside the EEA occur, appropriate safeguards are in place:
A copy of the relevant safeguards is available on request at privacy [at] fanspeak.io.
FanSpeak does not carry out automated decision-making or profiling within the meaning of Art. 22 GDPR that would produce legal or similarly significant effects on Users.
The Controller reserves the right to update this Policy at any time. Users will be notified of material changes by an in-app notice at least 14 days before the changes take effect. The current version is always available at https://fanspeak.io/legal?tab=privacy.