Privacy Policy

Effective Date: February 20, 2026

Table of Contents

  1. Introduction
  2. Products Covered
  3. Information We Collect
  4. How We Use Your Information
  5. Third-Party Services
  6. Data Storage and Security
  7. Data Retention
  8. Your Rights Under GDPR
  9. Your Rights Under CCPA
  10. Children's Privacy
  11. International Data Transfers
  12. Do Not Track Signals
  13. Third-Party Links
  14. Changes to This Privacy Policy
  15. Contact Us

1. Introduction

This Privacy Policy describes how fonszi Kft. ("Fonszi," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our products, services, and websites. By accessing or using any Fonszi product, you acknowledge that you have read and understood this Privacy Policy.

We are committed to protecting your privacy and handling your data transparently. This policy applies to all products and services operated by Fonszi, as listed below.

2. Products Covered

This Privacy Policy covers the following products and services:

Athletes and Fitness

  1. fonskii — Ski tracking app (iOS, Android)
  2. beloop — Professional workout timer (iOS, Android)

Design Tools

  1. Composa Pro Suite — Bidirectional Compose-to-Figma design bridge (Figma Plugin)
  2. Forge — Website-to-Figma conversion (Chrome Extension + Figma Plugin)
  3. Android Studio Plugin — Compose preview export to Figma (JetBrains IDE)

Developer Tools

  1. git-hook-suite — Centralized git hooks for KMP projects (CLI + Desktop)
  2. LocalTask AI — AI-powered bug analysis plugin for Android Studio

Website

  1. fonszi.com — Company website

3. Information We Collect

The types of information we collect vary by product category. We collect only the information necessary to provide and improve our services.

3.1 Mobile Applications (fonskii, beloop)

Data stored locally on your device:

  • Workout and session data (timer configurations, session history, personal records, athlete profiles, test results)
  • User preferences and app settings
  • Cached ski resort data (fonskii)

Location data (fonskii only):

fonskii uses GPS and barometer data to track altitude, speed, distance, and vertical during ski sessions. Location data is processed on-device for real-time activity detection (skiing, lift, resting). Location data is stored locally on your device as part of session history. We do not transmit raw location data to our servers.

Usage analytics:

  • Anonymous usage statistics, including screens visited, features used, session duration, and app version. Collected via Firebase Analytics.

Crash reports:

  • Crash logs and diagnostic data, including device model, operating system version, stack traces, and app state at the time of the crash. Collected via Firebase Crashlytics.

Advertising data (beloop — ad-supported):

  • Ad interaction data and advertising identifiers, collected and processed by Google AdMob for serving personalized or contextual advertisements in the ad-supported version of beloop.
  • iOS App Tracking Transparency (ATT): On iOS 14 and later, beloop presents Apple's App Tracking Transparency prompt before any advertising identifier is accessed. If you decline, only contextual (non-personalized) advertisements are served. You can change this permission at any time in your device Settings › Privacy & Security › Tracking.
  • Opt-out: On Android, you can opt out of personalized ads via Settings › Privacy › Ads on your device.

Billing data:

  • Subscription status and purchase receipts, processed by RevenueCat and the respective app store (Apple App Store, Google Play). We do not directly collect or store your payment card information.

3.2 Figma Plugins (Composa, Forge)

Figma file data:

When you use our Figma plugins, the plugin reads data from your Figma files (nodes, styles, layout properties, design tokens, text content) to perform analysis, generation, or conversion operations. This data is processed entirely within the Figma Plugin sandbox and your local browser environment. We do not transmit your Figma file contents to external servers.

Chrome Extension data (Forge only):

The Forge Chrome Extension reads the DOM structure and computed styles of the active browser tab to extract layout, typography, color, and component information for Figma conversion. This data is processed locally in your browser and transferred to the Figma plugin via clipboard. We do not transmit page content to external servers.

Usage analytics and billing:

  • Plugin usage statistics and subscription status are managed through Figma Payments. Figma processes billing and provides us with aggregated, anonymized usage data.

3.3 Backend Services

Authentication data:

  • Email address and securely hashed password when you create an account.
  • Secure tokens for session management.
  • Optional two-factor authentication secret (encrypted at rest).

Error reports:

If you use products with error monitoring enabled, error reports are submitted to our servers. These reports include: error messages, stack traces, log levels, platform identifiers, app version, and device type. Reports are deduplicated using content hashing. They do not contain personally identifiable information.

License and API keys:

  • Application identifiers and API keys for monitored applications. These are associated with your account.

3.4 Website (fonszi.com)

Cookie-free analytics (Umami):

fonszi.com uses Umami, a privacy-focused, cookie-free analytics tool that we self-host at analytics.fonszi.com. Umami collects only anonymous, aggregate data: page views, referrer URLs, browser type, device type, country (derived from IP, which is never stored), and UTM campaign parameters. Umami does not use cookies, does not track users across sessions, does not collect personal information, and does not share data with any third party. All data is stored on our own infrastructure. You cannot be identified from this data. This approach is GDPR and CCPA compliant by design.

Contact form data:

  • If you contact us via email or a contact form, we collect your email address and the content of your message.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing services: To operate, maintain, and deliver the features and functionality of our products.
  • Improving products: To understand usage patterns, diagnose technical issues, and improve performance and user experience.
  • Customer support: To respond to your inquiries and resolve issues.
  • Security: To detect, prevent, and address fraud, abuse, and security incidents.
  • Billing: To process subscriptions and purchases through our payment partners.
  • Advertising: To display advertisements in ad-supported mobile applications (via Google AdMob).
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.
  • Communications: To send service-related notifications (e.g., security alerts, product updates). We do not send marketing emails unless you have opted in.

5. Third-Party Services

We use the following third-party services that may process your data. Each service operates under its own privacy policy:

Service Purpose Data Processed Privacy Policy
Firebase Analytics (Google) Usage analytics for mobile apps Anonymous usage events, device info, app version Google Privacy Policy
Firebase Crashlytics (Google) Crash reporting for mobile apps Crash logs, device model, OS version, stack traces Google Privacy Policy
Google AdMob (Google) Advertising in ad-supported mobile apps Advertising ID, ad interaction data Google Privacy Policy
RevenueCat Subscription management for mobile apps Purchase receipts, subscription status, anonymous user ID RevenueCat Privacy Policy
RevenueCat Payment processing & subscription management (plugins/desktop) Payment details (processed by RevenueCat; we do not store card data) RevenueCat Privacy Policy
Figma Payments Billing for Figma plugins Subscription status, usage tier Figma Privacy Policy
Polar.sh Payments for developer tools and templates Purchase details, email address Polar.sh Privacy Policy
Cloud hosting provider Cloud hosting for our backend services Backend data (database, application logs) Available upon request
Apple App Store Distribution and billing for iOS apps Purchase and subscription data Apple Privacy Policy
Google Play Store Distribution and billing for Android apps Purchase and subscription data Google Privacy Policy

6. Data Storage and Security

6.1 Storage Locations

  • On-device storage: The majority of user data (workout sessions, timer configurations, athlete profiles, design file data) is stored locally on your device. We prioritize on-device storage to minimize data exposure.
  • Cloud storage: Account data (email, hashed password) and error monitoring reports are stored in a secure cloud-hosted database.
  • No sale of personal data: We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6.2 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All communications between our applications and servers use HTTPS with modern encryption.
  • Authentication: Secure token-based authentication with expiration and rotation for API access.
  • Password security: User passwords are securely hashed using industry-standard algorithms. We never store passwords in plaintext.
  • Two-factor authentication: Optional two-factor authentication is available for account security.
  • Rate limiting: API endpoints are protected by rate limiting to prevent brute-force attacks and abuse.
  • Error report deduplication: Error reports are deduplicated using content hashing to minimize data stored.
  • Principle of least privilege: Our applications request only the minimum permissions necessary for their functionality.

7. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion request, we will delete your account data within 30 days, except where retention is required by law.
  • Analytics data: Firebase Analytics data is retained for 26 months (the Firebase default retention period), after which it is automatically deleted.
  • Crash reports: Firebase Crashlytics data is retained for 90 days.
  • Error monitoring reports: Error reports submitted to our servers are retained for 12 months, after which they are automatically purged.
  • On-device data: Data stored locally on your device (sessions, settings, preferences) is retained until you delete the application or clear its data manually.
  • Billing records: Transaction records are retained as required by applicable tax and financial regulations.

8. Your Rights Under GDPR (European Economic Area Users)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): You may request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: You may request that we limit the processing of your personal data under certain circumstances.
  • Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) for transfer to another service provider.
  • Right to object: You may object to the processing of your personal data for direct marketing or where processing is based on legitimate interests.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your member state.

Legal bases for processing: We process personal data under the following legal bases:

  • Performance of a contract: To provide the services you have requested (e.g., account creation, subscription management).
  • Legitimate interests: To improve our products, ensure security, and prevent fraud.
  • Consent: For personalized advertising in mobile apps, where applicable. The fonszi.com website uses cookie-free analytics (Umami) that requires no consent.
  • Legal obligation: To comply with tax, financial, and other regulatory requirements.

To exercise any of these rights, please contact us at dev@fonszi.com. We will respond to your request within 30 days.

9. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and its amendments under the California Privacy Rights Act (CPRA) provide you with the following rights:

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
  • Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions (e.g., legal compliance, transaction completion).
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out, but you may contact us to confirm this at any time.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of personal information collected (preceding 12 months):

  • Identifiers (email address, IP address, device identifiers)
  • Internet or electronic network activity (usage analytics, crash reports, pages visited)
  • Geolocation data (approximate, via IP; precise, only in fonskii with your permission)
  • Commercial information (subscription and purchase history, processed by third-party billing providers)

Categories of personal information sold: None. We do not sell personal information.

Categories of personal information shared for cross-context behavioral advertising: None.

To exercise your rights, contact us at dev@fonszi.com or submit a request via our website. We will verify your identity before fulfilling your request and will respond within 45 days.

10. Children's Privacy (COPPA)

Our products and services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at dev@fonszi.com, and we will delete the information from our systems.

For users in the European Economic Area, the applicable age threshold may be higher (up to 16 years, depending on the member state) in accordance with the GDPR.

11. International Data Transfers

If you are accessing our services from outside the jurisdiction where our servers are located, please be aware that your data may be transferred to, stored, and processed in a different jurisdiction, where data protection laws may differ from those in your region.

For users in the EEA, UK, or Switzerland, we rely on the following transfer mechanisms as applicable:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with our third-party service providers

12. Cookies and Do Not Track

Cookies: The fonszi.com website does not set any cookies. Our analytics tool (Umami) is entirely cookie-free and does not use localStorage, sessionStorage, or any browser fingerprinting techniques. We use only essential browser features (such as localStorage) for site functionality preferences like cookie consent banners. If we introduce non-essential cookies in the future, we will update this policy and provide a consent mechanism before setting them.

Do Not Track: Our website respects Do Not Track (DNT) signals. Umami, our analytics provider, is privacy-first by design and does not track individual users across sessions or websites. No personal data is collected regardless of DNT settings.

Our products and website may contain links to third-party websites, services, or applications (e.g., app store listings, GitHub repositories, Figma Community). We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our products, practices, or applicable laws. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy.
  • We will post the revised policy on our website at https://fonszi.com/privacy.
  • For material changes that significantly affect your rights, we will provide notice through in-app notifications, email (if you have an account), or a prominent notice on our website.

We encourage you to review this Privacy Policy periodically. Your continued use of our products after any changes constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

fonszi Kft.
Email: dev@fonszi.com
Website: https://fonszi.com

We will respond to all privacy-related inquiries within 30 days.

Copyright 2026 fonszi Kft. All rights reserved.