Privacy Policy

Version v3-2026-05-11 Last updated: 2026-05-11

Contents

Who is responsible
What data we collect
Why we process your data
Sub-processors
Where data is stored
How long we keep data
International transfers
Your rights
Cookies
Contact

This policy explains how Fullplay Media handles personal data when you use our project portal or work with us on a film project. It is written to comply with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), and — where it applies to Swiss-domiciled users — the Swiss Federal Act on Data Protection (nDSG).

1. Who is responsible

The data controller is:

Fullplay Media
Kandelstr. 7, 79541 Lörrach
Deutschland
info@fullplaymedia.ch

For any privacy question — including requests to access or delete your data — please write to that address. We act as our own data protection contact; there is no separate DPO.

2. What data we collect

Only what we need to run a project for you:

Account & contact data: name, email address, phone, company name, your role.
Project data: the brief you share with us, scope notes, locations, shoot dates, deliverable specs, and any files or links you upload.
Communication content: messages exchanged through the portal, emails to and from info@fullplaymedia.ch related to your project, meeting notes and (if you agree to it) Zoom meeting recordings.
Technical data: IP address, browser user-agent, login timestamps and pages viewed, used to keep the service secure and to investigate abuse.
Acceptance evidence: when you tick the "I accept the Terms and Privacy Policy" box, we record your name, the timestamp, your IP address and the document version. This is required to prove lawful consent.
Billing data: invoice details processed through our accounting system (sevDesk).

3. Why we process your data

We process the data above on the following legal bases:

Contract performance (Art. 31(2)(a) nDSG, Art. 6(1)(b) GDPR) — to prepare offers, deliver projects, send invoices and communicate with you.
Legitimate interests (Art. 31(1) nDSG, Art. 6(1)(f) GDPR) — to keep the platform secure, prevent abuse, and improve our service; we balance this against your interests and only collect what is proportionate.
Legal obligation (Art. 6(1)(c) GDPR) — to keep accounting records as required by German commercial and tax law (§ 257 HGB, § 147 AO).
Consent (Art. 6(1) GDPR where applicable) — for optional features such as the AI project assistant, AI summarisation of emails, or Zoom recording. You can withdraw consent at any time.

4. Sub-processors

We use the following third-party providers ("sub-processors") to operate the platform. We share only the data each provider needs for its specific function:

Hostinger / our VPS provider — hosts the platform on a server located in the EU.
Anthropic (USA) — provides the AI models used for the project assistant, brief analysis and email-draft suggestions. Inputs are processed in the United States. When operator-enabled, content of emails sent to/from info@fullplaymedia.ch may be sent to Anthropic for summarisation or draft generation. Anthropic does not train its models on this data.
Resend — sends transactional emails (offer notifications, account emails).
Google (Gmail API) — used to read and send emails from info@fullplaymedia.ch when the operator has connected the mailbox.
sevDesk (Germany) — accounting and invoicing.
Zoom — used for video calls when scheduled; cloud recordings are imported only with the participants' knowledge.
Backblaze B2 Cloud Storage (EU Central region, Amsterdam) — encrypted off-site backup of the ops database via Litestream. Database content is replicated with at-rest encryption (SSE-B2) and a 30-day rolling retention.

We have written agreements with these providers governing data protection in line with applicable law.

5. Where data is stored

The platform's primary database is a SQLite file stored on our VPS in the EU and continuously replicated for backup to a Dropbox account (encrypted in transit and at rest by Dropbox). Project files (footage, edits, deliverables) are stored on cloud storage we control. Backups are retained for the duration needed to recover from incidents.

6. How long we keep data

The platform runs an automated retention purge once an hour. The following periods reflect what the code actually enforces:

Accounting records (invoices, payment records held in sevDesk): 10 years, as required by German commercial and tax law (§ 257 HGB, § 147 AO). Held by sevDesk; we do not auto-delete these.
Email correspondence (inbound and outbound messages in our Gmail-synced ops inbox): 2 years from receipt, then deleted with their attachments.
Zoom transcripts: full transcript text deleted after 1 year; the short AI summary + action items are kept for project history.
Project briefs, deliverables, in-portal communications: kept while the project is active and for a reasonable period afterwards in case of follow-up. On written request after the project ends, we delete project data within 90 days, except where we must retain it for legal reasons (accounting).
Leads in terminal states (lost or converted to a client): deleted 2 years after last update. Leads converted to clients are kept under the client record separately.
Internal agent event log (used to debug automations): 2 years from occurrence.
Audit log (records of who accessed or changed personal data, GDPR Art. 30 accountability): 3 years from the event.
Acceptance evidence (T&C / Privacy acceptance log on portal_links + customer_accounts + crew): kept for the lifetime of the underlying contract plus our accounting retention period, to demonstrate lawful consent.
Backups: the database is continuously replicated (sub-second) using Litestream to two destinations: a local file replica on the same server (for fast recovery from application-level issues) and an off-site replica at Backblaze B2 in the EU Central region (Amsterdam) for protection against server-level disaster. Both replicas use a rolling 30-day retention. Records you delete may remain in backups for up to 30 days before being overwritten.
Server logs at the hosting layer: typically rotated within 90 days unless we are investigating a security incident.

7. International transfers

Anthropic processes data in the United States. We rely on the EU Standard Contractual Clauses (SCCs) and the Swiss FDPIC's recognised transfer mechanism for this transfer, and Anthropic's Data Processing Addendum. Other sub-processors are based in the EU, Switzerland or the EEA.

8. Your rights

Under the GDPR (and, where applicable, the Swiss nDSG), you have the right to:

Ask what data we hold about you (right of access).
Correct inaccurate data (rectification).
Have your data deleted, where no overriding legal obligation requires us to keep it (erasure / "right to be forgotten").
Receive your data in a portable, machine-readable format (data portability).
Object to processing based on legitimate interests, and withdraw any consent you have given.
Lodge a complaint with the competent supervisory authority — in Germany the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW), in other EU member states your national data protection authority, or in Switzerland the Federal Data Protection and Information Commissioner (FDPIC).

To exercise these rights, write to info@fullplaymedia.ch. We respond within 30 days.

9. Cookies

The platform uses a single session cookie to keep you logged in. There are no analytics cookies, no advertising cookies, no third-party trackers and no cross-site tracking. The session cookie is essential to operate the service; it does not require consent under Swiss or EU rules.

10. Contact

Questions or requests about this policy: info@fullplaymedia.ch.

This policy may be updated from time to time. The version string at the top of the page changes when we publish a new version. Material changes are announced by email at least 30 days in advance.