This Privacy Policy explains how SmartData Technologies Kft. ("SmartData", "we", "us" or "our") collects, uses, discloses and protects your personal data when you visit firstapp.app, use the FirstApp application at app.firstapp.app, or otherwise interact with us (together, the "Service"). We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR") and applicable Hungarian data protection law, including Act CXII of 2011 on Informational Self-Determination and Freedom of Information (the "Info Act").

1. Data controller

The controller responsible for your personal data is:

Company
SmartData Technologies Kft.
Registered seat
1089 Budapest, Korányi Sándor utca 4. 4. ajtó, Hungary
Tax number (Adószám)
27056190-2-42
Activity
Information technology consultancy (NACE / TEÁOR 6220)
Privacy contact
privacy@firstapp.app

We have not appointed a statutory Data Protection Officer, as we are not required to under Article 37 GDPR. All privacy matters are handled by our privacy contact above.

2. Personal data we collect

We collect only the data we need to provide and improve the Service:

CategoryExamplesSource
Account dataName, email address, hashed password (or federated login identifier), account settings.You, at sign-up.
Project & content dataThe prompts you write, the applications you generate, source code, configuration and files you upload or create in your projects.You, while using the Service.
Deployment dataCustom domain names, DNS and TLS configuration, deployment metadata for apps you publish.You, at deployment.
Billing dataPlan, subscription status, billing email and transaction identifiers. Card details are handled by our payment processor and are not stored by us.You and our payment processor.
Usage & technical dataIP address, browser and device type, log timestamps, feature usage, error diagnostics.Collected automatically.
Support dataMessages, attachments and correspondence you send us.You, when you contact us.

We do not intentionally collect special categories of personal data (Article 9 GDPR). Please do not submit sensitive personal data in your prompts or projects unless strictly necessary.

3. Purposes and legal bases

We process your personal data for the following purposes, each on the legal basis indicated under Article 6(1) GDPR:

PurposeLegal basis
Creating and managing your account and authenticating you.Performance of a contract — Art. 6(1)(b).
Generating, previewing, building and deploying your applications.Performance of a contract — Art. 6(1)(b).
Processing payments and managing subscriptions.Performance of a contract — Art. 6(1)(b); legal obligation for tax/accounting records — Art. 6(1)(c).
Securing the Service, preventing abuse and fraud, and keeping audit logs.Legitimate interests — Art. 6(1)(f).
Maintaining, debugging and improving the Service and its quality.Legitimate interests — Art. 6(1)(f).
Responding to support requests and communicating service notices.Performance of a contract — Art. 6(1)(b); legitimate interests — Art. 6(1)(f).
Sending optional product news or marketing (where applicable).Consent — Art. 6(1)(a), withdrawable at any time.
Complying with legal obligations and responding to lawful requests.Legal obligation — Art. 6(1)(c).

Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests are not overridden by your rights and freedoms. You may object to such processing at any time (see GDPR & Your Rights).

4. AI processing of your prompts

FirstApp generates applications from your prompts using large language models. To do this, the text of your prompts and relevant project context are transmitted to and processed by our AI infrastructure and sub-processors solely to produce your requested output. We do not use your prompts or generated code to train third-party foundation models, and we contractually require our AI sub-processors not to do so on our behalf. This processing is necessary to perform our contract with you (Art. 6(1)(b) GDPR).

5. How we share data

We do not sell your personal data. We share it only with:

Every processor is bound by confidentiality and by contractual data-protection obligations at least as protective as those in this Policy.

6. International transfers

We and our processors are located primarily in the European Union. Some processors (for example certain cloud, AI or email providers) may process data outside the European Economic Area (EEA), including in the United States. Where personal data is transferred outside the EEA, we rely on an appropriate safeguard under Chapter V GDPR — typically the European Commission's Standard Contractual Clauses, an adequacy decision, or a certified transfer framework — together with supplementary measures such as encryption in transit and at rest. You may request a copy of the relevant safeguards by emailing privacy@firstapp.app.

7. Data retention

We keep personal data only for as long as necessary for the purposes described above:

8. Security

We implement appropriate technical and organisational measures under Article 32 GDPR, including encryption in transit (TLS) and at rest, strict access controls and least-privilege permissions, isolated build/preview sandboxes, security headers, audit logging, and regular review of our infrastructure. No system can be guaranteed perfectly secure, but we work continuously to protect your data and will notify you and the competent supervisory authority of a personal data breach where legally required.

9. Your rights

Subject to the conditions in the GDPR, you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent at any time. A full description of these rights and how to exercise them is set out on our dedicated GDPR & Your Rights page. To make a request, email privacy@firstapp.app. We respond within one month.

Right to lodge a complaint. If you believe we have processed your personal data unlawfully, you may lodge a complaint with the Hungarian supervisory authority:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
1055 Budapest, Falk Miksa utca 9–11, Hungary (postal: 1363 Budapest, Pf. 9)
Phone: +36 (1) 391 1400 · Email: ugyfelszolgalat@naih.hu · Web: naih.hu

You may also complain to the supervisory authority in your EU country of residence or work.

10. Cookies

The marketing site at firstapp.app is static and sets no tracking cookies. The FirstApp application uses strictly necessary cookies to keep you signed in and to secure your session. See our Cookie Policy for details.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. We will post the revised version here with a new "Last updated" date and, where changes are material, notify you by email or in-app. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

13. Contact us

For any privacy question or request, contact SmartData Technologies Kft. at privacy@firstapp.app or by post at 1089 Budapest, Korányi Sándor utca 4. 4. ajtó, Hungary.