Welcome to Factum. Your privacy and the security of your data are our absolute priority. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and what your rights are regarding your personal data. Please read this Policy carefully. By using our website (factum.mk) and our application (chat.factum.mk) (collectively, "Services"), you confirm that you have read and understood its provisions. This Policy is an integral part of our General Terms of Use.
Our commitment to privacy
Factum is an AI platform owned and operated by the Company for Marketing, Consulting and Software Development SOVETI DOOEL Skopje (hereinafter: "Factum", "We", "Us"). We understand that as legal professionals, you entrust us with sensitive information. Your User Content (Input and Output content) is NEVER used to train our or any other AI models. This Policy complies with the Personal Data Protection Law of the Republic of North Macedonia ("PDPL").
Key definitions
The terms used in this Policy have the following meaning:
Controller:
A person who determines the purposes and manner of personal data processing.
Processor:
A person who processes personal data on behalf of the Controller.
User account data:
Information that you provide to us when registering and managing your account. For this data, Factum is the Controller.
Input content:
Questions (prompts), data, texts, and documents that you enter or attach in the Services.
Output content:
Text, analyses, and other content generated by the Services in response to your Input content.
User content:
Input content and Output content together. For this data, You (the User) are the Controller, and Factum acts solely as a Processor.
Sub-processors:
Third parties (companies) that we engage to help us provide the Services.
What data do we process and why?
We process two basic types of data: User account data and User content.
User account data
(Factum as Controller)
What data do we collect?
Identification information:
Name and surname, email address.
Authentication information:
Password (in encrypted, hashed form) or data from your Google profile if you log in through it.
Payment and subscription information:
Details about the selected package, payment history (we do not store your payment card details).
Technical data:
IP address, device type and browser, login time, Service usage data (Usage Data).
Communication data:
Content of your communication with our support team.
What data do we collect?
Creating and managing your user account.
Providing access to Services according to your subscription package.
Payment processing.
Communicating with you regarding your account, news, and Service changes.
Providing technical support.
Protection from fraud and abuse and maintaining the security of our platform.
Legal basis:
Contract performance:
Processing is necessary to provide you with the services you have subscribed to.
Legitimate interest:
For maintaining platform security and improving our services.
User content
(You as Controller, Factum as Processor)
What data do we process?
Your Input content, which may include personal data of third parties. As Controller, you are responsible for having an appropriate legal basis for processing that data through our platform.
Purpose of processing:
The sole purpose is to process your Input content and generate Output content for you through our AI assistant, according to your instructions.
Legal basis:
Contract performance: We process this data exclusively on your order, in order to perform the service you requested.
Access to User content:
Factum will maintain commercially reasonable physical, technical, and administrative safeguards to protect the security and confidentiality of your User content. You acknowledge that the structure of the systems used in connection with the Services makes it technically possible for a limited number of authorized Factum personnel to access your User content, but only to the extent reasonably necessary to:
perform the Services on your behalf (e.g., when resolving a technical issue you have reported and for which you have given express consent);
respond to appropriately authorized requests for information from competent government authorities;
comply with any applicable law, court order, or other legal obligation;
investigate and help prevent security threats, fraud, or other illegal or malicious activities;
enforce/protect Factum's rights and properties, as defined in the General Terms of Use.
With whom do we share your data?
(Sub-processors)
To provide our Services, we work with carefully selected technology partners (Sub-processors). We share data with them only to the extent necessary for platform operation. We have contracts with all of them that bind them to protect your data and not use it for other purposes.
AI Providers (for Input content processing):
OpenAI, L.L.C. (USA)
Anthropic, PBC (USA)
Google, LLC (USA)
Note:
Our contracts with these providers explicitly prohibit the use of your data for training their models.
Infrastructure and Hosting:
Hetzner Online GmbH (Germany):
For hosting our servers and databases.
Supabase, Inc. (USA):
For database management.
Data security
We take security seriously and apply top technical and organizational measures to protect your data:
Encryption:
All data is encrypted, both in transit (using TLS 1.3 protocol) and at rest (using AES-256 standard).
Access control:
Access to data by our personnel is strictly limited according to the "minimum access" principle (need-to-know basis).
Physical security:
Our servers are hosted in highly secured data centers in the European Union (Germany), which are certified according to the ISO 27001 standard.
Application security:
We regularly perform security checks and updates to protect against vulnerabilities.
Incident management:
We have established procedures for rapid response in case of any security incident.
Data retention
User account data:
We keep them as long as you have an active user account. After account deletion, data is deleted from our active systems and kept in backups according to our internal policies and legal obligations (e.g., for accounting purposes), after which they are permanently destroyed.
User content:
You have complete control. Your conversations and attached documents remain on the platform until you decide to delete them. By deleting a conversation, folder, or the entire user account, this data is permanently removed from our systems.
Your rights as a personal data subject
According to the Personal Data Protection Law, you have the following rights regarding your personal data for which we are the Controller:
Right of access:
To request and receive information about what personal data of yours we process.
Right of correction:
To request correction of inaccurate or completion of incomplete data.
Right of deletion ("right to be forgotten"):
To request deletion of your data under conditions provided by law. You can exercise this right directly by deleting your user account.
Right to restrict processing:
To request restriction of processing of your data.
Right to portability:
To receive your data in structured, readable format and transfer it to another controller.
Right to object:
To object to the processing of your data based on legitimate interest.
Right to withdraw consent:
If processing is based on consent, you can withdraw it at any time.
To exercise these rights, you can contact us at the email address specified in the "Contact" section. You also have the right to submit a request to the Personal Data Protection Agency of the Republic of North Macedonia.
International data transfer
Our primary servers and databases are located in the European Union (Germany). For the purposes of providing AI functionalities, part of your Input content is forwarded to our Sub-processors (OpenAI, Anthropic, Google) whose servers may be located in the United States of America. Each such transfer is carried out with the application of appropriate safeguards according to PDPL and European GDPR regulation, such as Standard Contractual Clauses (SCCs) or EU-U.S. Data Privacy Framework, thus ensuring an adequate level of protection of your data.
International data transfer
Our primary servers and databases are located in the European Union (Germany). For the purposes of providing AI functionalities, part of your Input content is forwarded to our Sub-processors (OpenAI, Anthropic, Google) whose servers may be located in the United States of America. Each such transfer is carried out with the application of appropriate safeguards according to PDPL and European GDPR regulation, such as Standard Contractual Clauses (SCCs) or EU-U.S. Data Privacy Framework, thus ensuring an adequate level of protection of your data.
Cookies policy
Our website uses cookies to improve your user experience. For more information, please see our Cookies Policy.
Changes to the Privacy Policy
We reserve the right to change and supplement this Privacy Policy. You will be notified in time of all significant changes via email or through notification on our platform. The latest version will always be available on our website.
Contact information
If you have any questions regarding this Privacy Policy or the way we process your data, please contact us.
Personal data controller:
SOVETI DOOEL Skopje st. "Vladimir Komarov" no. 31/1-9A, 1000 Skopje Republic of North Macedonia VAT: 4032022554313 Contact email: info@factum.mk
Factum
Check the contract and highlight risky clauses.
Is the privacy policy compliant with the law?
How to file a lawsuit for unpaid wages?
