Figa
Log in Get started

Privacy Policy

Last updated: February 15, 2026

This policy explains how Figa ("Figa", "we", "us") handles personal data when you use getfiga.com and app.figa.cc (the "Services").

1. Data controller

The controller of your personal data is: devnity Paweł Malok, address: ul. Jesionowa 1, 41-922 Radzionków, Poland, NIP: 6263043079, VAT EU: PL6263043079, REGON: 389075462.

For privacy questions and rights requests, contact us at contact@getfiga.com.

2. Categories of data we process

  • Account and profile data (email address, authentication data, basic profile fields).
  • Workspace and product data (memberships, settings, expenses, categories, usage activity).
  • Billing data (plan, subscription status, transaction identifiers, invoice/refund metadata).
  • Security and audit data (IP addresses, device/session signals, access and action logs).
  • Support communications and operational messages.
  • Analytics data (product interaction events), only when analytics consent is granted.

3. Purposes and legal bases

  • Provide and secure the Services (contract performance; legitimate interest).
  • Manage subscriptions, invoices, and financial records (contract; legal obligation).
  • Prevent abuse, fraud, and unauthorized access (legitimate interest).
  • Respond to support requests and required communications (contract; legitimate interest).
  • Measure and improve product usage patterns (consent, where required).

4. Payments and Paddle

Payments and subscription transactions are handled through Paddle, which operates as Merchant of Record for checkout and invoicing. Paddle processes payment and tax details and shares limited billing metadata with us so we can provision and manage your subscription.

We do not store full payment card details. For Paddle's terms and privacy information, see Paddle Legal.

5. Sharing and subprocessors

  • Paddle for billing, payment operations, tax handling, and billing support flows.
  • Hosting and infrastructure providers required to run and secure the Services.
  • Email and communication providers for transactional messaging and support.
  • PostHog for analytics, only when analytics consent is enabled.

6. International transfers

Depending on where service providers operate, personal data may be processed outside your country of residence. Where required, we rely on appropriate safeguards for cross-border transfers.

7. Retention

We retain data for as long as needed to provide the service, comply with legal obligations, enforce agreements, and resolve disputes. Billing and accounting records may be retained for longer periods where required by law. Analytics retention follows project configuration in PostHog.

8. Your rights

Depending on your jurisdiction, you can request access, rectification, erasure, restriction, objection, and portability. You can withdraw analytics consent at any time using "Cookie settings". You may also lodge a complaint with your local data protection authority (in Poland: President of the Personal Data Protection Office, UODO).

9. Security

We use technical and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, or alteration.

10. Children

The Services are not directed to children under 16. If you believe a child provided personal data to us, contact us so we can review and remove it where appropriate.

11. Changes to this policy

We may update this policy from time to time. Material updates will be reflected by changing the "Last updated" date and, where required, by additional notice.

12. Contact

For privacy requests and questions, contact contact@getfiga.com.