Privacy Policy

The Service is operated by PRIME AXIS LLP, a limited liability partnership registered in the Republic of Singapore (the “Operator”). If you are an EEA, UK, Singapore, or other jurisdiction resident with specific data-protection rights, the Operator acts as the controller (or data user, under Singapore PDPA) of your personal information.

You can contact us about privacy matters at hello@primeaxis.digital.

We collect the following categories of information:

a. Information you provide

• Account data — when you sign in with Google or via email magic link, we receive your email address, display name, and Firebase user ID.
• Subscription data — if you subscribe, we store your plan, start date, and a reference to your Stripe customer and subscription IDs. Card details never touch our servers; they are handled directly by Stripe.
• Newsletter signups — your email address and an opt-in flag for the daily digest.
• Generator inputs — the headlines you submit to the satire generator. We retain anonymised samples for service improvement and abuse detection.
• Support correspondence — anything you email us or send through a contact form.

b. Information collected automatically

• Usage data — page views, referrers, device type, browser version, approximate location (city-level), and the times of your visits.
• Technical logs — IP address, user-agent string, and request timestamps. We use these for security, rate limiting, and debugging.
• Cookies and similar technologies — see the cookies section below.

• To provide the Service and your account features.
• To process subscription payments and billing.
• To send the optional daily satire digest if you have opted in.
• To detect, prevent, and respond to abuse, fraud, and security incidents (including bot activity and prompt-injection attempts on the generator).
• To measure traffic and improve the Service via aggregated analytics.
• To serve advertising via Google AdSense (subject to your consent choices).
• To comply with our legal obligations.

We do not sell your personal information. We do not share your account or contact data with advertisers for their own marketing purposes.

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your data on the following legal bases:

• Contract — to provide the Service, manage subscriptions, and process payments.
• Consent — for the daily digest newsletter, analytics cookies, and personalised advertising. You can withdraw consent at any time.
• Legitimate interests — to keep the Service secure, prevent abuse, and operate at a sustainable cost. We balance these interests against your rights and freedoms.
• Legal obligation — to respond to lawful requests from regulators or courts.

We share personal data only with service providers we rely on to run the Service. They act on our instructions and are bound by contractual data-protection obligations.

• Google (Firebase Authentication, Firestore, Cloud Storage, App Hosting, Cloud Functions, Cloud TTS, Vertex AI, Google Analytics 4, AdSense) — hosting, authentication, data storage, AI generation, analytics, and advertising. See Firebase privacy and Google privacy.
• Stripe, Inc. — payment processing and subscription billing. See Stripe privacy policy.
• Email delivery — for transactional emails and the daily digest, via the Firebase Trigger Email extension backed by an SMTP provider.

We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of FeelingsFirst, our users, or others.

We use cookies and similar technologies for three purposes:

• Strictly necessary — sign-in sessions and CSRF/security protection. These cannot be disabled.
• Analytics — Google Analytics 4 (page views, navigation flow). Disabled by default until you consent.
• Advertising — Google AdSense personalisation. Disabled by default until you consent.

We use Google Consent Mode v2 — until you make a choice, all non-essential storage stays denied. You can change your decision at any time using the “Cookie preferences” link in the footer.

PRIME AXIS LLP is based in Singapore. Our service providers (Google, Stripe) are primarily based in the United States, with some processing in the European Union. Personal data may be transferred to and processed in those jurisdictions.

For transfers out of the EEA, UK, or Switzerland we rely on appropriate safeguards such as the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and the EU-US Data Privacy Framework where applicable.

For transfers out of Singapore, we comply with the Singapore PDPA cross-border transfer requirement by taking reasonable steps to ensure the recipient is bound by legally enforceable obligations to provide a standard of protection at least comparable to the PDPA.

• Account data — retained for as long as your account exists. When you delete your account we erase or anonymise account data within 30 days.
• Subscription records — retained for up to 7 years to comply with tax and accounting laws.
• Generator inputs — anonymised after 90 days; full deletion on request.
• Newsletter — until you unsubscribe.
• Logs — up to 90 days.

Depending on where you live, you may have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• delete your data (the “right to be forgotten”);
• restrict or object to certain processing, including direct marketing;
• port your data to another service;
• withdraw consent at any time without affecting prior lawful processing;
• lodge a complaint with your local data-protection authority — in the EEA via your national supervisor, in the UK via the ICO, and in Singapore via the Personal Data Protection Commission.

Singapore residents (PDPA): under the Personal Data Protection Act 2012, you have rights of access and correction. Submit requests in writing to hello@primeaxis.digital. We respond within 30 days; if more time is needed we will notify you of the expected timeframe.

To exercise these rights, email hello@primeaxis.digital. We respond within 30 days. We may need to verify your identity first.

California residents (CCPA / CPRA):you also have the right to know what personal information is collected, to delete it, to correct inaccurate information, and to opt out of “sharing” for cross-context behavioural advertising. We honour the Global Privacy Control signal.

The Service is not directed to children under 13 (or under 16 in the EEA / UK) and we do not knowingly collect personal information from them. If you believe we have collected information from a child, contact us and we will delete it.

We use industry-standard safeguards including TLS in transit, encryption at rest (via Firebase / Google Cloud), least-privilege IAM, rate limiting, and bot protection. No system is perfectly secure — if you suspect a vulnerability, please contact hello@primeaxis.digital.

We may update this Privacy Policy from time to time. When we do, we update the “Last updated” date above and, for material changes, give reasonable notice on the site or by email before they take effect.

Questions, complaints, or rights requests: hello@primeaxis.digital.