Privacy Policy

Version v5-2026-05-14 Last updated: 2026-05-14

Contents

Who is responsible
What data we collect
Why we process your data
Sub-processors
Where data is stored
How long we keep data
International transfers
Your rights
Cookies
Contact

This policy explains how Fullplay Media handles personal data when you use our project portal or work with us on a film project. It is written to comply with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), and — where it applies to Swiss-domiciled users — the Swiss Federal Act on Data Protection (nDSG).

1. Who is responsible

The data controller is:

Fullplay Media
Kandelstr. 7, 79541 Lörrach
Deutschland
info@fullplaymedia.ch

For any privacy question — including requests to access or delete your data — please write to that address. We act as our own data protection contact; there is no separate DPO.

2. What data we collect

Only what we need to run a project for you:

Account & contact data: name, email address, phone, company name, your role.
Project data: the brief you share with us, scope notes, locations, shoot dates, deliverable specs, and any files or links you upload.
Communication content: messages exchanged through the portal, emails to and from info@fullplaymedia.ch related to your project, meeting notes and (if you agree to it) Zoom meeting recordings.
Technical data: IP address, browser user-agent, login timestamps and pages viewed, used to keep the service secure and to investigate abuse.
Acceptance evidence: when you tick the "I accept the Terms and Privacy Policy" box, we record your name, the timestamp, your IP address and the document version. This is required to prove lawful consent.
Billing data: invoice details processed through our accounting system (sevDesk).

3. Why we process your data

We process the data above on the following legal bases:

Contract performance (Art. 31(2)(a) nDSG, Art. 6(1)(b) GDPR) — to prepare offers, deliver projects, send invoices and communicate with you.
Legitimate interests (Art. 31(1) nDSG, Art. 6(1)(f) GDPR) — to keep the platform secure, prevent abuse, and improve our service; we balance this against your interests and only collect what is proportionate.
Legal obligation (Art. 6(1)(c) GDPR) — to keep accounting records as required by German commercial and tax law (§ 257 HGB, § 147 AO).
Consent (Art. 6(1) GDPR where applicable) — for optional features such as the AI project assistant, AI summarisation of emails, or Zoom recording. You can withdraw consent at any time.

4. Sub-processors

We use the following third-party providers ("sub-processors") to operate the platform. We share only the data each provider needs for its specific function:

Hostinger International Ltd. (EU data centre) — hosts the platform on a virtual server located in the EU.
Anthropic, PBC (USA) — provides the AI models used for the project assistant, brief analysis, email-draft suggestions, the Lena inbound-lead assistant, and the AI translation of these legal documents into German and French. Inputs are processed in the United States. When operator-enabled, content of emails sent to/from info@fullplaymedia.ch may be sent to Anthropic for summarisation or draft generation. Anthropic does not train its models on data submitted through their API. We also use the Anthropic Files API (beta) so that PDF or image attachments included in client conversations with Lena can be read natively by the model; uploaded files are deleted automatically once the conversation closes.
Resend, Inc. (USA) — sends transactional emails (offer notifications, account emails, password resets, handoff notifications). Outbound mail is queued in an encrypted local outbox and retried on transient failure.
Google LLC — Gmail API (USA / EU) — used to read and send emails from info@fullplaymedia.ch and lena@fullplaymedia.ch.
sevDesk GmbH (Germany) — accounting and invoicing.
Zoom Communications, Inc. (USA, EU data residency option enabled) — used for video calls when scheduled; cloud recordings are imported only with the participants' knowledge.
Backblaze, Inc. — B2 Cloud Storage (EU Central region, Amsterdam) — off-site backup of the ops database via Litestream replication, and a content-addressed mirror of legal-acceptance events. Database content is replicated with at-rest encryption (SSE-B2) on a 30-day rolling retention; legal-acceptance event JSON is additionally encrypted client-side (AES-256-GCM) before upload.
Dropbox, Inc. (USA) — receives a 15-minute encrypted snapshot of the ops database and an encrypted copy of our configuration file for disaster-recovery purposes. All uploads to Dropbox are encrypted client-side with AES-256-GCM using a passphrase that Dropbox does not possess; Dropbox therefore only ever stores ciphertext. This is our Schrems II supplementary measure for the US transfer (see §7).
Notion Labs, Inc. (USA) — limited CRM mirror used by the Lena inbound-lead assistant to surface existing-client context and to file handoff tasks for our team. Only the data needed for that lookup is shared.

We have written Data Processing Agreements ("DPAs") in place with each of the above providers under Art. 28 GDPR. A current list is available on request.

5. Where data is stored

The platform's primary database is a SQLite file stored on our virtual server in the EU. To protect against data loss we maintain two parallel backup destinations:

Backblaze B2 (EU Central, Amsterdam) — continuous Litestream replication of the live database (sub-second lag, 30-day rolling retention). Server-side encryption is applied by Backblaze; the legal-acceptance mirror is additionally encrypted client-side before upload.
Dropbox (USA) — 15-minute encrypted snapshots of the ops database and of our configuration file, used for disaster-recovery from a complete loss of the virtual server. The snapshot is encrypted client-side with AES-256-GCM before it leaves the EU server; Dropbox cannot read the contents. The encryption passphrase is held by Fullplay Media in a password manager and is required to decrypt the backup.

Project files (footage, edits, deliverables) are stored on cloud storage we control. Backups are retained for the duration needed to recover from incidents.

6. How long we keep data

The platform runs an automated retention purge once an hour. The following periods reflect what the code actually enforces:

Accounting records (invoices, payment records held in sevDesk): 10 years, as required by German commercial and tax law (§ 257 HGB, § 147 AO). Held by sevDesk; we do not auto-delete these.
Email correspondence (inbound and outbound messages in our Gmail-synced ops inbox): 2 years from receipt, then deleted with their attachments.
Zoom transcripts: full transcript text deleted after 1 year; the short AI summary + action items are kept for project history.
Project briefs, deliverables, in-portal communications: kept while the project is active and for a reasonable period afterwards in case of follow-up. On written request after the project ends, we delete project data within 90 days, except where we must retain it for legal reasons (accounting).
Leads in terminal states (lost or converted to a client): deleted 2 years after last update. Leads converted to clients are kept under the client record separately.
Internal agent event log (used to debug automations): 2 years from occurrence.
Audit log (records of who accessed or changed personal data, GDPR Art. 30 accountability): 3 years from the event.
Acceptance evidence (T&C / Privacy acceptance log on portal_links + customer_accounts + crew): kept for the lifetime of the underlying contract plus our accounting retention period, to demonstrate lawful consent.
Backups: the database is continuously replicated (sub-second) using Litestream to two destinations: a local file replica on the same server (for fast recovery from application-level issues) and an off-site replica at Backblaze B2 in the EU Central region (Amsterdam) for protection against server-level disaster. Both replicas use a rolling 30-day retention. Records you delete may remain in backups for up to 30 days before being overwritten.
Server logs at the hosting layer: typically rotated within 90 days unless we are investigating a security incident.

7. International transfers

Some of our sub-processors process personal data in the United States: Anthropic, Resend, Dropbox, Zoom and Notion. For each of these transfers we rely on the EU Standard Contractual Clauses (SCCs) and — where the recipient supports it — the Swiss FDPIC's recognised transfer mechanism, in conjunction with each provider's Data Processing Addendum.

In addition, following the Schrems II judgement (CJEU C-311/18), we apply supplementary technical measures for data that leaves the EEA:

The Dropbox snapshot of our database is encrypted client-side with AES-256-GCM before upload; Dropbox stores only ciphertext.
Anthropic API requests use TLS in transit, are not used for model training, and are subject to Anthropic's 30-day retention policy for abuse-monitoring purposes.
Where the Lena inbound-lead assistant sends a customer message to Anthropic for a reply, that processing is necessary for the performance of pre-contractual measures under Art. 6(1)(b) GDPR; the customer can opt out at any time by emailing info@fullplaymedia.ch and we will continue the conversation without AI assistance.

All other sub-processors store data inside the EU or the EEA.

8. Your rights

Under the GDPR (and, where applicable, the Swiss nDSG), you have the right to:

Ask what data we hold about you (right of access).
Correct inaccurate data (rectification).
Have your data deleted, where no overriding legal obligation requires us to keep it (erasure / "right to be forgotten").
Receive your data in a portable, machine-readable format (data portability).
Object to processing based on legitimate interests, and withdraw any consent you have given.
Lodge a complaint with the competent supervisory authority — in Germany the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), in other EU member states your national data protection authority, or in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).

To exercise these rights, write to info@fullplaymedia.ch. We respond within 30 days. For the right of access we provide a machine-readable JSON export covering every record across our internal database that references your email address.

9. Cookies

The platform uses a single session cookie to keep you logged in. There are no analytics cookies, no advertising cookies, no third-party trackers and no cross-site tracking. The session cookie is essential to operate the service; it does not require consent under Swiss or EU rules.

10. Contact

Questions or requests about this policy: info@fullplaymedia.ch.

This policy may be updated from time to time. The version string at the top of the page changes when we publish a new version. Material changes are announced by email at least 30 days in advance.