FAROContact

Legal

Data Protection

Effective: 2026-06-01Last updated: 2026-05-18

This page summarises your rights under the EU General Data Protection Regulation (GDPR) and how to exercise them with Mažoji bendrija FARO applications. Full processing details are in our Privacy Policy.

1. Data controller

Mažoji bendrija FARO applications
Lithuanian mažoji bendrija, reg. code 307725118
Registered office: J. Savickio g. 4-7, LT-01108 Vilnius, Lithuania
Privacy contact: privacy@faroapplications.com

Because of our size and product scope, we are not required to appoint a designated Data Protection Officer under Art. 37 GDPR. Requests sent to privacy@faroapplications.com reach the team directly and we review every data-subject request ourselves rather than routing it through a queue or third party.

2. Your rights under GDPR

If we process personal data about you, you have the following rights:

  • Right of access (Art. 15) — request a copy of the personal data we hold and information about how we process it.
  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your data, subject to legal retention requirements.
  • Right to restriction (Art. 18) — request that we limit how we process your data while a dispute is resolved.
  • Right to data portability (Art. 20)— receive a structured, machine-readable export of data you've provided to us.
  • Right to object (Art. 21) — object to processing based on our legitimate interests.
  • Right to withdraw consent — where consent is the legal basis (e.g. HealthKit / Health Connect data), you can withdraw it at any time.

3. How to submit a request

Email privacy@faroapplications.com from the address tied to your account. Tell us:

  • Which right you want to exercise.
  • The product(s) involved (Hunter Reborn, Storyforge, or both).
  • Any details that help us locate the right account (e.g. display name).

We respond within 30 days at no cost. For complex or bulk requests we may extend by up to two months and will tell you why. We may ask for additional information to verify your identity if your request reaches us through an unfamiliar channel.

4. Complaints

If you believe we've mishandled your personal data, please reach out to us first — we'll work to make it right. You also have the right to lodge a complaint with the Lithuanian supervisory authority:

Valstybinė duomenų apsaugos inspekcija (VDAI)
L. Sapiegos g. 17, Vilnius, Lithuania
vdai.lrv.lt
Email: ada@ada.lt

If you reside in another EU member state, you may also complain to your local data protection authority.

5. International transfers

We store personal data in the European Union (Supabase Frankfurt region). Some sub-processors are headquartered in the United States (Vercel for site and API hosting, Resend for transactional email, Cloudflare for DNS and email routing, and the parent entities of Supabase and Google Cloud). Where these transfers occur, they are carried out under the European Commission's Standard Contractual Clauses (Decision 2021/914) and, for recipients certified under it, the EU–US Data Privacy Framework. See our Privacy Policy §5 and §6 for the full sub-processor list and storage locations.

6. Security

We apply technical and organisational measures appropriate to the risk: encryption in transit and at rest, access controls, principle of least privilege, and 72-hour breach notification per Art. 33 GDPR where required.

7. Updates

Material changes to this notice will be communicated by in-app notice or email at least 14 days in advance.