This Privacy Policy explains how SmartData Technologies Kft. ("SmartData", "we", "us" or "our") collects, uses, discloses and protects your personal data when you visit firstapp.app, use the FirstApp application at app.firstapp.app, or otherwise interact with us (together, the "Service"). We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR") and applicable Hungarian data protection law, including Act CXII of 2011 on Informational Self-Determination and Freedom of Information (the "Info Act").
1. Data controller
The controller responsible for your personal data is:
- Company
- SmartData Technologies Kft.
- Registered seat
- 1089 Budapest, Korányi Sándor utca 4. 4. ajtó, Hungary
- Tax number (Adószám)
- 27056190-2-42
- Activity
- Information technology consultancy (NACE / TEÁOR 6220)
- Privacy contact
- privacy@firstapp.app
We have not appointed a statutory Data Protection Officer, as we are not required to under Article 37 GDPR. All privacy matters are handled by our privacy contact above.
2. Personal data we collect
We collect only the data we need to provide and improve the Service:
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, hashed password (or federated login identifier), account settings. | You, at sign-up. |
| Project & content data | The prompts you write, the applications you generate, source code, configuration and files you upload or create in your projects. | You, while using the Service. |
| Deployment data | Custom domain names, DNS and TLS configuration, deployment metadata for apps you publish. | You, at deployment. |
| Billing data | Plan, subscription status, billing email and transaction identifiers. Card details are handled by our payment processor and are not stored by us. | You and our payment processor. |
| Usage & technical data | IP address, browser and device type, log timestamps, feature usage, error diagnostics. | Collected automatically. |
| Support data | Messages, attachments and correspondence you send us. | You, when you contact us. |
We do not intentionally collect special categories of personal data (Article 9 GDPR). Please do not submit sensitive personal data in your prompts or projects unless strictly necessary.
3. Purposes and legal bases
We process your personal data for the following purposes, each on the legal basis indicated under Article 6(1) GDPR:
| Purpose | Legal basis |
|---|---|
| Creating and managing your account and authenticating you. | Performance of a contract — Art. 6(1)(b). |
| Generating, previewing, building and deploying your applications. | Performance of a contract — Art. 6(1)(b). |
| Processing payments and managing subscriptions. | Performance of a contract — Art. 6(1)(b); legal obligation for tax/accounting records — Art. 6(1)(c). |
| Securing the Service, preventing abuse and fraud, and keeping audit logs. | Legitimate interests — Art. 6(1)(f). |
| Maintaining, debugging and improving the Service and its quality. | Legitimate interests — Art. 6(1)(f). |
| Responding to support requests and communicating service notices. | Performance of a contract — Art. 6(1)(b); legitimate interests — Art. 6(1)(f). |
| Sending optional product news or marketing (where applicable). | Consent — Art. 6(1)(a), withdrawable at any time. |
| Complying with legal obligations and responding to lawful requests. | Legal obligation — Art. 6(1)(c). |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests are not overridden by your rights and freedoms. You may object to such processing at any time (see GDPR & Your Rights).
4. AI processing of your prompts
FirstApp generates applications from your prompts using large language models. To do this, the text of your prompts and relevant project context are transmitted to and processed by our AI infrastructure and sub-processors solely to produce your requested output. We do not use your prompts or generated code to train third-party foundation models, and we contractually require our AI sub-processors not to do so on our behalf. This processing is necessary to perform our contract with you (Art. 6(1)(b) GDPR).
5. How we share data
We do not sell your personal data. We share it only with:
- Processors (sub-processors) that operate the Service on our documented instructions under Article 28 GDPR data processing agreements — including cloud hosting and edge infrastructure (Cloudflare, Inc.), AI model providers, our payment processor, and email/communication providers.
- Authorities or advisers where required to comply with a legal obligation, enforce our terms, or establish, exercise or defend legal claims.
- A successor entity in the event of a merger, acquisition or reorganisation, subject to this Policy.
Every processor is bound by confidentiality and by contractual data-protection obligations at least as protective as those in this Policy.
6. International transfers
We and our processors are located primarily in the European Union. Some processors (for example certain cloud, AI or email providers) may process data outside the European Economic Area (EEA), including in the United States. Where personal data is transferred outside the EEA, we rely on an appropriate safeguard under Chapter V GDPR — typically the European Commission's Standard Contractual Clauses, an adequacy decision, or a certified transfer framework — together with supplementary measures such as encryption in transit and at rest. You may request a copy of the relevant safeguards by emailing privacy@firstapp.app.
7. Data retention
We keep personal data only for as long as necessary for the purposes described above:
- Account and project data — for the life of your account. After you delete a project or close your account, we delete or irreversibly anonymise the associated data within 30 days, except where retention is required by law.
- Billing and accounting records — retained for the period required by Hungarian tax and accounting law (generally 8 years).
- Security and audit logs — retained for a limited period proportionate to security needs, then deleted.
8. Security
We implement appropriate technical and organisational measures under Article 32 GDPR, including encryption in transit (TLS) and at rest, strict access controls and least-privilege permissions, isolated build/preview sandboxes, security headers, audit logging, and regular review of our infrastructure. No system can be guaranteed perfectly secure, but we work continuously to protect your data and will notify you and the competent supervisory authority of a personal data breach where legally required.
9. Your rights
Subject to the conditions in the GDPR, you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent at any time. A full description of these rights and how to exercise them is set out on our dedicated GDPR & Your Rights page. To make a request, email privacy@firstapp.app. We respond within one month.
Right to lodge a complaint. If you believe we have processed your personal data unlawfully, you may lodge a complaint with the Hungarian supervisory authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
1055 Budapest, Falk Miksa utca 9–11, Hungary (postal: 1363 Budapest, Pf. 9)
Phone: +36 (1) 391 1400 · Email: ugyfelszolgalat@naih.hu · Web: naih.hu
You may also complain to the supervisory authority in your EU country of residence or work.
10. Cookies
The marketing site at firstapp.app is static and sets no tracking cookies. The FirstApp application uses strictly necessary cookies to keep you signed in and to secure your session. See our Cookie Policy for details.
11. Children
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. We will post the revised version here with a new "Last updated" date and, where changes are material, notify you by email or in-app. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
13. Contact us
For any privacy question or request, contact SmartData Technologies Kft. at privacy@firstapp.app or by post at 1089 Budapest, Korányi Sándor utca 4. 4. ajtó, Hungary.