1. Introduction
FactMatters ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fact-checking service. Please read this policy carefully to understand our practices regarding your personal data. By making a registration, signing in or sending us a message, you accept this Privacy Policy.
We are Serpact OOD, a Bulgarian limited liability company, having its seat and address at 19 Krairechna Street, office 6, Svilengrad 6500, Bulgaria. Email: contact@serpact.com. Website: factmatters.com.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you sign in with Google, we receive your name, email address, and profile picture.
- Content: Text you submit for fact-checking.
- Payment Information: Processed securely by Stripe; we do not store credit card details.
- Communications: Messages you send us through our contact forms — including your name, email address, and any other information you provide, as well as your phone number if you call us.
2.2 Information Collected Automatically
- Usage Data: Features used, fact-checks performed, timestamps.
- Device Information: Browser type, operating system, IP address.
- Cookies: Session cookies and analytics cookies (see Cookie Policy below).
2.3 Information We Do Not Collect
We do not collect or process personal data that:
- reveal the racial or ethnic origin of users, or other data relating to their health or mental state;
- reveal political, religious or philosophical beliefs, or trade union membership;
- disclose users' genetic or biometric data, or data concerning sexual orientation,
If such information is shared with us, it will not be subject to processing and will be deleted immediately upon receipt. If it is included in content you submit to the Service, it may be processed only to the extent technically necessary to perform the requested analysis and will not be used for any additional purpose.
3. How We Use Your Information
3.1 Purposes of Processing
We use the collected information for:
- Providing and maintaining the fact-checking service.
- Processing transactions and managing subscriptions.
- Sending service-related emails (e.g., payment receipts, subscription updates).
- Improving and personalising the service.
- Answering your questions.
- Sending marketing or informational communications where you have provided consent.
- Detecting and preventing fraud or abuse.
- Complying with legal obligations.
3.2 Legal Grounds for Processing
We collect and process your personal data on the following legal grounds under Regulation (EU) 2016/679 ("GDPR"):
3.2.1 Performance of a contract for the fact-checking services
- Legal basis and purposes: Article 6(1)(b) GDPR — processing is necessary for the performance of a contract to which you, or a person represented by you, are a party, or for taking steps at your request prior to entering into a contract.
- Processed data: full name, email address, profile information received from the authentication provider, and any additional contact details voluntarily provided by you.
- Term for processing: until you delete your account or until the moment we learn that the contract will not be concluded. Where there is a legal requirement to store data for a longer period (e.g., tax or accounting legislation), the longer period shall apply.
- Necessity of providing the data: providing this data is necessary for concluding the contract; if not provided, it may not be possible to provide the service you have requested.
3.2.2 Consent for proper and efficient functioning of the Website
- Legal basis and purposes: Article 6(1)(a) GDPR — where you have given explicit and informed consent to processing of your data for proper and efficient functioning of the Website.
- Processed data: your IP address and the page from which you were referred to our website; information about your stay on our website and the sections you have visited; information about your browser and operating system; other technical information in accordance with the requirements of the information system.
- Term for processing: until consent is withdrawn.
- Necessity of providing the data: providing this data is not a condition for entering into a contract; analytics cookies and third-party cookies are not mandatory and declining them has no consequences for you.
3.2.3 Consent for marketing, advertising, and informational communications
- Legal basis and purposes: Article 6(1)(a) GDPR — where you have given explicit and informed consent to the processing of your data for marketing, advertising, and receiving information from us.
- Processed data: email address. If you have provided other personal data based on your consent (such as name, address, telephone number, social media contacts, or website), those data may also be processed. When processing is based on consent, you provide it by ticking the relevant boxes and clicking the confirmation button; you may consent to only some of the specified purposes.
- Term for processing: until consent is withdrawn.
- Necessity of providing the data: providing this data is not a condition for concluding a contract and is not mandatory. If you do not provide it, you will not receive the relevant advertising, marketing, or other information from us.
3.2.4 Compliance with a legal obligation
- Legal basis and purposes: Article 6(1)(c) GDPR — when a public authority conducts an inspection of our activities and requests access to your data on a relevant legal basis.
- Processed data: name, address, social media contacts, website, email address, telephone number.
- Term for processing: until the completion of the relevant procedure with the authority, unless the data are processed on another basis with a longer period, in which case the longer period applies.
- Necessity of providing the data: the data is never provided by you for the purposes of processing on this basis; therefore the necessity of providing it depends on the basis on which you provided it originally.
4. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services, regardless of subscription status. Your personal data are stored on secure servers located in the European Union, ensuring compliance with EU data protection regulations. Fact-check history is retained for your reference. You can delete your account at any time through the Settings page, which will permanently remove your data from our systems.
Certain data may be retained for longer periods where required by applicable legal obligations (for example, accounting or tax legislation) or where necessary to resolve disputes, enforce agreements, or comply with regulatory requirements.
Personal data stored for marketing and advertising purposes is processed on the basis of your consent until you withdraw it. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
5. Data Sharing
We do not sell your personal data. We may share information with processors who process the data on our behalf and on our instructions, based on a contract under Article 28 of Regulation (EU) 2016/679, including but not limited to:
- Service Providers: Companies that help us operate the Service (Stripe for payments, email delivery services, cloud hosting providers, IT specialists).
- AI Providers: Your submitted content is sent to third-party AI services for fact-check processing.
In certain cases, we may disclose personal data to third parties — independent or joint controllers who process the data for their own purposes, including:
- providers of online advertising, marketing, and analytics services (e.g., Google, Meta/Facebook), when based on valid consent;
- third parties involved in the organisation and running of games, competitions or promotions, in accordance with the rules of the relevant initiative;
- professional consultants and service providers such as accountants, auditors, lawyers, and notaries, when they process personal data as independent controllers rather than as processors on our instructions.
In these cases, the relevant third parties are solely responsible for the processing of personal data in accordance with applicable law.
6. Your Rights (GDPR)
You have the following rights in relation to our processing of your personal data:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Portability: Request transfer of your data to another service.
- Object: Object to processing of your data in certain circumstances.
- Withdraw Consent: Withdraw consent at any time where processing is based on consent.
- Restriction of Processing: In certain circumstances you have the right to request the restriction or blocking of the processing of certain data — for example, where the accuracy of the data is being verified, where you contest the basis for processing, or where processing is unlawful.
- Right of Appeal: If you are dissatisfied with how your request has been handled or believe that we are not processing your personal data lawfully, you have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection, the supervisory authority responsible for the implementation of Regulation (EU) 2016/679 and the Bulgarian Personal Data Protection Act. Contacts of the Commission: 1592 Sofia, 2 "Prof. Tsvetan Lazarov" Blvd., Information and Contact Centre – tel. 02/91-53-519, Reception – working hours 9:00–17:30, email kzld@cpdp.bg, website www.cpdp.bg.
- Automated Individual Decision-Making, Including Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We do not carry out automated decision-making, including profiling.
To exercise these rights, use the Settings page or contact us directly at contact@serpact.com.
7. Principles Relating to Processing of Personal Data
We guarantee that the personal data being processed are:
- processed lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency");
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes ("purpose limitation");
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimisation");
- accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy");
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation");
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ("integrity and confidentiality").
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), secure database storage, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the competent supervisory authority and, where required by law, the affected individuals in accordance with applicable data protection legislation.
9. International Transfers
Your data may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place, such as relying on adequacy decisions of the European Commission, the European Commission's Standard Contractual Clauses, and other applicable legal safeguards to protect your data in accordance with this policy.
10. Cookie Policy
We use cookies and similar technologies to enhance your experience:
Essential Cookies
Required for the Service to function. These include session cookies for authentication and security tokens. You cannot opt out of essential cookies.
Analytics Cookies
With your consent, we use Google Analytics 4 to understand how visitors use the Service. These cookies are only loaded after you accept analytics cookies via our cookie consent banner. You can change your preference at any time by updating your cookie preferences in the consent banner or through your browser settings.
Managing Cookies
When you first visit our site, a cookie consent banner will appear allowing you to accept or decline analytics cookies. Essential cookies cannot be disabled as they are required for the Service to function. You can also control cookies through your browser settings.
| Cookie Name | Purpose | Duration |
|---|
| next-auth.session-token | Authentication | Session |
| next-auth.csrf-token | Security | Session |
| next-auth.callback-url | Redirect after login | Session |
| cookie-consent | Stores your cookie preference | Persistent (localStorage) |
| _ga, _ga_* | Google Analytics (if accepted) | 2 years |
11. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.