Feix Privacy Policy

Draft for founder review. To be published at feix.app/privacy.

Last updated: 2026-07-15. AI processing statements apply to processing from 15 July 2026 onward.


1. Who we are

Feix is a service operated by Firat Ilim, an entrepreneur individuel (micro-entreprise) trading as Llull Lab / Studio Llull.

Unless stated otherwise, this policy describes Feix-managed deployments (systems we build and host for you). For self-hosted deliveries, your system runs on your own infrastructure; Section 7 describes what we retain after delivery.

When your Feix-managed system processes personal data of your users (bookings, members, guests, clients), you are the controller of that data and Feix acts as your data processor. A Data Processing Agreement (DPA) governs this relationship and is available on request (see Section 9).

2. What data we process

CategoryExamplesRole
Account and access dataEmail address, invite code, session recordsController
Project brief and recordThe brief you submit, your delivery email, the generated system files kept as your project recordController (the content remains yours)
Service credentials (BYO package only)Credentials you provide so your system can run against your own service accountsProcessor (used only to operate your system)
Your system's operational dataPersonal data your Feix-managed system processes about your own usersProcessor (you are the controller)
Payment dataBilling details, transaction records (processed by our payment provider; we do not store full card numbers)Controller (jointly with the payment provider, which acts as an independent controller)
Usage dataLog records, request metadataController

3. Why we process it and on what legal basis

We do not sell your data. We do not use your brief, your system or its data to train AI models (see Section 6 and the AI Model Use Statement).

4. Where your data is stored and processed

Your brief and the generation process are processed within the EU, and your Feix-managed system runs on EU-based infrastructure. Your project record is stored in the EU. Two of our providers are incorporated outside the EU: our transactional email provider (which receives your email address and a request identifier, not your content) and our managed database provider (which stores data within the EU). Both relationships are covered by Standard Contractual Clauses (SCCs) under GDPR Art. 46. Visits to feix.app itself transit a US-operated content delivery network, as with most websites.

5. Sub-processors

We describe sub-processors by category here; the current named list is provided in our DPA and on request at contact@llulllab.com.

CategoryPurposeLocationTransfer safeguard
Cloud hosting providerApplication services, your Feix-managed system, encrypted backupsEU (Germany)N/A (EU)
Managed database providerAccount, project-record and system dataEU (Netherlands)Data in EU; SCCs (2021/914) for the non-EU provider entity
AI processing (hosted model inference)Generation and quality review of your systemEUN/A (EU); not used for training; the underlying model vendor does not receive your content
Design-reference retrievalLocating relevant passages in our own internal design library (contains no customer data)EUN/A (EU)
Email delivery providerTransactional email (email address and a request identifier)USASCCs (2021/914)

The payment provider is not a sub-processor: it acts as an independent controller under its own privacy terms.

6. AI processing

The brief you submit is processed solely to generate your system, using AI model inference that runs on EU-based infrastructure operated by our infrastructure sub-processor; the underlying model vendor does not receive your content, and your content is not used to train any model. Working copies created during generation are not retained: generation runs leave no stored execution content on our servers (this configuration is verified in production). What we keep is your project record (Section 7). Systems built for Feix-managed hosting use EU model processing; integrations with non-EU services are added only on your written instruction and are then listed in your DPA annex.

7. How long we keep it

8. Your rights (GDPR)

You have the right to access, rectification, erasure, restriction, data portability, and objection. Email contact@llulllab.com; we respond within one month. You may lodge a complaint with the French supervisory authority (CNIL, cnil.fr).

9. Data Processing Agreement

Customers whose Feix-managed system processes personal data of their own users can request a signed DPA (GDPR Art. 28) at contact@llulllab.com. It includes the named sub-processor list, security measures, breach-notification terms (72 hours), audit rights, and end-of-contract deletion/return.

10. Security

Data is encrypted in transit (TLS 1.3). Account, project-record and system data are held in a managed EU database that encrypts data at rest, and our backups are encrypted (AES-256). Access is authenticated and role-restricted. Service credentials you provide are stored in the managed EU database and used only to operate your system. See the Security FAQ for an honest statement of what we do and do not have.

11. Changes

We will post material changes to this page and update the date above.


Prepared 2026-07-15. AI inference and embeddings for Feix run in an EU cloud region as of 15 July 2026 (verified live: end-to-end generation on EU inference, zero stored execution content after the retention configuration, notification emails now carry an identifier only). Deletion timing is backed by an internal runbook with verification queries; the 2-day backup expiry reflects our mirror-backup cadence. Identity facts from the INPI synthèse record. Qualified counsel review of the DPA and liability clauses is recommended before institutional signature.

Feix by Llull Lab, ParisPrivacyTermsLlull Lab