Privacy Policy

Last updated: March 20th 2026

This Privacy Policy explains how Noloco Limited, trading as Fonic (“Fonic”, “we”, “us”, or “our”), collects, uses, and otherwise processes personal data in connection with the website located at fonic.ai (the “Site”) and the Fonic software and related services for creating, generating, publishing, and managing reports and related content, features, and functionality (together, the “Services”).

Noloco Limited is a company incorporated in Ireland with company registration number 685318 and its registered office at 77 Camden Street Lower, Dublin 2, D02 XE80, Ireland.

This Privacy Policy has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Protection Act 2018, and other applicable data protection laws.

In this Privacy Policy, the terms “controller”, “processor”, “personal data”, and “processing” have the meanings given to them under applicable data protection laws.

Personal data generally means any information relating to an identified or identifiable natural person. Processing generally means any operation performed on personal data, including collecting, storing, using, disclosing, or deleting it.

Noloco Limited, trading as Fonic, acts as the data controller in relation to personal data processed for its own business purposes, including when you visit the Site, create or administer an account, communicate with us, receive marketing communications from us, or otherwise interact with us directly.

Where a Fonic customer uses the Services to create, manage, or share reports, forms, or other content that includes personal data, that customer will generally act as the data controller of that personal data, and Noloco Limited will act as a data processor on that customer's behalf, except where we process such data for our own limited purposes permitted by law, such as security, fraud prevention, legal compliance, or service improvement using aggregated or de-identified data.

Users (“User” or “Report Owner”) may use the Fonic platform to create, host, and manage reports (collectively, a “Report”), and related features, content, applications, which may be accessible to the general public (“End Users”).

To the extent that a Report Owner inputs personal data into the platform and Fonic processes such personal data, both parties acknowledge that the Report Owner is the data controller and Fonic acts as the data processor, processing personal data on behalf of the Report Owner pursuant to their instructions.

If you are an End User and have questions concerning the processing of your personal data by a Report Owner, or wish to exercise your data subject rights in relation to such processing, you should contact the relevant Report Owner directly.

The purpose of this Privacy Policy is to explain Fonic's data processing activities, including how and why we process personal data, and to outline our duties and responsibilities regarding data protection. As our processing practices may evolve, this Policy will be updated periodically to reflect such changes.

Personal Data We Collect

In the context of providing our services, Fonic collects and processes different categories of personal data, depending on the type of relationship you have with us:

1. User Account Information

  • Full name
  • Email address
  • Login credentials
  • Billing address and payment details (processed through secure third-party payment providers)

This information is necessary to identify you as a user, enable the proper management of your account, and ensure secure access to the services provided by Fonic. Additionally, the collection of billing and payment data is required to meet legal and contractual obligations, including the processing of transactions and compliance with fiscal and administrative requirements. Such processing is carried out in accordance with the GDPR and is essential for the performance of the contractual relationship between Fonic and the Report Owner.

Users shall not use the Service to process personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Additionally, users shall not use the Service to process passwords, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. We urge all users to exercise responsible and lawful conduct while using our service, ensuring the privacy and dignity of all individuals are respected and protected.

2. Technical and Usage Data

  • IP address
  • Browser type and version
  • Information about the device used
  • Cookies and similar technologies (see our Cookie Policy)
  • Records of interactions with the website and the platform, usage patterns of features, and pages visited (collected through analytics tools such as Google Analytics, Segment, and Amplitude)

The collection of these data enables Fonic to ensure the proper functioning of the platform, enhance user experience, maintain the security of its services, and prevent fraudulent use. The analysis of usage patterns and anonymous metrics is essential for the ongoing optimization and development of the services provided. Such processing is based on Fonic legitimate interest and is carried out with appropriate safeguards to protect the rights and freedoms of the data subjects.

3. Optional Profile Data

  • Information you choose to provide voluntarily, such as profile pictures or other details added to your account.

These data are collected only when the Report Owner chooses to provide them voluntarily for the purpose of personalizing their profile or enhancing their use of the platform. The legal basis for such processing is their consent, which may be withdrawn or modified by them at any time.

4. Data from Third Parties

  • Data that may be shared by Report Owners for the provision of specific services within the Fonic platform. In such cases, Fonic acts as a data processor, while the Report Owner shall be responsible for determining the purposes and means of such processing.

These data may be shared by Report Owners for the provision of specific services within the Fonic platform. In such cases, Fonic acts as a data processor and undertakes to process the data in accordance with the instructions of the data controller (the Report Owner), and subject to strict standards of lawfulness, transparency, and security as required by GDPR.

5. Custom Report Data

  • Information that end-users of reports created on Fonic may input, such as contact details, uploaded files, or other identifiers. These data are processed exclusively on behalf of Fonic's clients, who are responsible for ensuring the lawfulness of such processing.

This is data that end users enter into reports created on the Fonic platform, such as contact details, uploaded files, or other identifiers. Such data is processed exclusively on behalf of Fonic's clients, who bear the responsibility for ensuring the lawfulness and legitimacy of the processing in accordance with applicable data protection regulations.

Data Controller and Data Processor

Fonic may act either as a data controller or as a data processor, depending on the nature of the personal data processed and the context in which such processing takes place:

Fonic as Data Controller

Fonic acts as a data controller when it determines the purposes and means of the processing of personal data relating to the operation of its own platform, including:

  • Management of user accounts and login credentials.
  • Payment processing and billing.
  • Provision of technical support and customer service.
  • Analysis of platform usage, improvement of functionalities, and security purposes.

In these cases, data subjects may exercise their rights in accordance with the provisions of the GDPR by contacting Fonic through the details provided in this Policy.

Fonic as Data Processor

When clients (“Report Owners”) use the Fonic platform to develop and manage their own reports, Fonic processes the personal data that end-users input into such reports (for example: forms, user profiles, uploaded files). In these situations, the Report Owner is the data controller, and Fonic acts solely as the processor, following the client's instructions.

If you are an end-user of a Report created on Fonic and wish to exercise your rights of access, rectification, erasure, restriction, objection, or portability in relation to the data entered in such application, you must contact the Report Owner directly, as they are the controller of such processing.

Sub-processors

Fonic may engage third-party service providers (“sub-processors”) to ensure the proper functioning of the platform, including, among others, hosting services, cloud storage, data analytics, payment processing, and artificial intelligence tools.

In accordance with Article 28 of the GDPR, Fonic enters into a binding data processing agreement or equivalent legal instrument with each sub-processor that processes personal data on its behalf, expressly setting out:

  • The subject matter and duration of the processing.
  • The nature and purpose of the processing.
  • The type of personal data processed.
  • The obligations and rights of both Fonic and the sub-processor.

Fonic ensures that all sub-processors are subject to equivalent data protection obligations and comply with strict standards of security, confidentiality, and regulatory compliance. Sub-processors are subject to periodic review, which may include assessment of relevant certifications such as ISO/IEC 27001 or SOC 2 Type II, contractual compliance audits, and evaluation of their technical and organizational measures.

How We Protect Your Data

At Fonic, we implement robust security procedures designed to safeguard the confidentiality, integrity, and availability of your personal data. The data stored for your Fonic report(s), as well as any information transmitted between your device and our servers, is protected using Transport Layer Security (TLS) encryption with 256-bit keys, one of the most advanced and widely recognized standards for securing internet communications.

Additionally, all personal data maintained within our systems is encrypted at rest, ensuring protection against unauthorized access, disclosure, or loss.

For more detailed information regarding Fonic's security measures and protocols, please refer to our dedicated Security page.

Data Subject Rights

Data protection laws grant certain rights to data subjects (the “Data Subject Rights”) aimed at protecting their privacy and control over personal data processing.

These rights include the right to:

  • Receive detailed information about the processing of their data in accordance with transparency obligations, as outlined in this Privacy Policy;
  • Access their personal data;
  • Rectify inaccurate or incomplete data;
  • Erase personal data, also known as the “right to be forgotten”;
  • Restrict the processing of their data;
  • Data portability;
  • Object to processing; and
  • Object to decisions based solely on automated processing, including profiling.

The exercise of these Data Subject Rights is subject to any limitations established by applicable data protection laws.

For more information about how a Report Owner processes your personal data, or to exercise any of your data subject rights concerning such processing, you must contact the relevant Report Owner directly.

With respect to data processing by Fonic, you may exercise your data subject rights by contacting us at support@noloco.io. Your request will be handled in accordance with applicable data protection laws.

Disclosure and Sharing of Your Information

At Fonic, we are committed to safeguarding your personal data and will only share or disclose your information under the following circumstances:

  • Legal Requirements: We may disclose your personal data when required by law or to protect our rights, security, or the rights and safety of others. This includes investigation of fraud, intellectual property infringements, piracy, or other unlawful activities. Disclosures may include your name, address, phone number, or email address.
  • Service Providers, Affiliates, and Contractors: With your consent, we may share your personal data with trusted service providers, affiliates, and external contractors who assist in delivering, maintaining, and improving our services. These third parties are bound by strict contractual obligations to ensure the confidentiality and protection of your data.
  • Business Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of such transactions, subject to compliance with applicable data protection laws. We will inform you via email if such transfers occur.
  • Law Enforcement and Public Authorities: We will not disclose your personal data to law enforcement agencies, government officials, or other third parties without a valid court order, legal process, or lawful request. However, we may disclose information in good faith where necessary to protect Fonic's rights or those of third parties, prevent harm, or report suspected illegal activity.

We undertake all necessary technical and organizational measures to protect your data throughout any such disclosures or transfers, complying fully with applicable data protection regulations.

Use of Artificial Intelligence

Fonic integrates artificial intelligence technologies to enhance the report-building experience and the functionality of reports developed on the platform. At present, Fonic uses Anthropic language models and may also rely on other providers (such as OpenAI) to ensure availability, performance, and flexibility.

International Data Transfers

In certain circumstances, Fonic may transfer and process personal data in countries located outside the European Economic Area (EEA).

To ensure an adequate level of protection for personal data in such transfers, Fonic:

  • Commits to relying on the Standard Contractual Clauses (SCCs) adopted by the European Commission, or on other equivalent legal mechanisms pursuant to the GDPR.
  • Periodically conducts documented assessments to verify that all its sub-processors and external providers comply with strict data security and confidentiality standards as part of its ongoing compliance program.
  • As part of its ISO 27001 certification, subjects its key providers to annual audits and reviews accreditations such as SOC 2 or ISO 27001 to confirm their commitment to data protection.

When an international transfer requires a different legal basis — for example, the data subject's explicit consent or an adequacy decision adopted by the European Commission — Fonic will clearly and accessibly communicate this to data subjects.

Fonic maintains a current record of all international data transfers carried out.

Data subjects may request additional information regarding the specific transfer mechanisms employed by contacting: support@noloco.io.

Use by Minors

In accordance with Article 8 of the General Data Protection Regulation (GDPR), Fonic's services are intended solely for individuals aged 16 and over.

Fonic does not knowingly collect personal data from children under the age of 16 without verifiable consent from their legal guardians. If it becomes aware that personal data has been collected from a child without such consent, Fonic will promptly erase that data.

Parents or guardians who believe their child has provided personal data to Fonic without proper authorization may contact support@noloco.io to request deletion of such data.

Fonic commits to implementing reasonable measures to verify the age of its users in order to comply with GDPR requirements and protect the privacy rights of minors.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which such data was collected and processed, as described in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., for legal proceedings or investigations).

When determining appropriate retention periods, Fonic considers factors including the purpose of processing, the nature and sensitivity of the personal data, potential risks associated with processing, and applicable legal obligations. Once personal data is no longer required, it will be securely deleted or anonymized to protect your privacy.

Third-Party Links

Our website may contain links to third-party websites for your convenience. Please note that Fonic does not control and is not responsible for the content, privacy policies, or practices of any third-party sites linked to or from our platform.

Providing a link does not imply endorsement, sponsorship, or approval of the third party or its policies. We encourage you to review the privacy policies of these third-party sites before submitting any personal information.

By accessing third-party websites through links on our site, you acknowledge and agree that your interactions with such third parties are solely between you and the third party, and that Fonic shall not be held liable for any loss or damage arising from your use of or reliance on third-party websites.

Announcements and Changes Related to the Service

Fonic may update this Privacy Policy from time to time to reflect changes in our processing practices, legal requirements, or the operation of the Platform.

For material changes that affect how we collect, use, or share personal data, we will provide at least fifteen (15) days' prior notice by email to the address associated with your account and by publishing an updated version on our Website with a revised “Last updated” date. For non-material changes, such as clarifications or corrections that do not alter the substance of the Policy, we may update the Policy without prior notice.

Continued use of the Service after the effective date of any change constitutes your acceptance of the updated Privacy Policy. If you do not agree with a material change, you may terminate your account in accordance with our Terms of Service.

Fonic may also send you communications related to the provision and improvement of its services. You cannot opt out of receiving service-related communications.

Contacting Us

If you have any questions or require further information regarding this Privacy Policy or the processing of your personal data by or on behalf of Fonic, please contact us at support@noloco.io.

While you have the right to file a complaint with the relevant data protection authority regarding Fonic compliance with applicable data protection laws, we kindly request that you first contact us to allow us the opportunity to address and resolve any concerns you may have regarding the processing of your personal data.