Last updated: 17 June 2026
This policy explains what personal data Fovisto collects, why, how it is used, and your rights. Section 4 details how each individual tool handles your data.
Fovisto ("we", "us", "our") operates the platform at https://fovisto.com and all associated tools.
Data controller contact: info@fovisto.com
Across all Fovisto tools, we collect the following data when you register or use the platform:
Tool-specific data collected is detailed in Section 4 below.
| Purpose | Legal basis |
|---|---|
| Providing all Fovisto tools and operating your account | Art. 6(1)(b) β performance of a contract |
| Processing special-category health data in F Health | Art. 9(2)(a) β explicit consent |
| Processing candidate and employee data in F HR | Art. 6(1)(b) β contract; Art. 6(1)(c) β legal obligation |
| Sending transactional emails (verification, password reset) | Art. 6(1)(b) β contract performance |
| AI-generated insights across all tools | Art. 6(1)(b) β contract; Art. 9(2)(a) for health data |
| Security, fraud prevention, rate limiting | Art. 6(1)(f) β legitimate interests |
| Compliance with legal obligations | Art. 6(1)(c) β legal obligation |
| Subscription and payment management | Art. 6(1)(b) β contract performance |
The sections below describe the additional data collected and processed by each individual Fovisto tool.
Data collected: health entries you log (weight, blood pressure, glucose, sleep, symptoms, lab results, medications, exercise and more), health profile (date of birth, height, medical conditions, allergies), personal medical notes, and β for clinic accounts β patient data (reference numbers, insurance IDs, phone numbers) and clinical records.
How it is used: to provide personalised health dashboards, trend analysis, and AI-powered health insights. Clinic accounts may access their authorised patients' records. Health data is never used for advertising or shared with third parties without your explicit consent.
Special category data (GDPR Art. 9): health data is sensitive personal data. We process it only with your explicit consent, which you may withdraw at any time by deleting your account. Clinic accounts act as independent data controllers for their patients' records; Fovisto acts as data processor.
AI insights: AI-generated health summaries and protocol suggestions are computed using your logged data and are not shared externally. They are for informational purposes only and do not constitute medical advice.
Mobile app β camera & photos: the Fovisto mobile app may, with your permission, use your device camera and photo library so you can photograph meals (for AI calorie & macro estimation) and attach images to your health records. Meal photos are processed to estimate nutrition and may be retained to improve our AI; you can delete them at any time. We do not access your photo library without your action.
Mobile app β precise location (GPS): during a live workout session you may enable location so the app can measure distance, route and pace. Location is collected only while you are recording a session, is used solely for that workout, and is never used for advertising or shared with third parties.
Mobile app β Apple Health & Health Connect: with your explicit consent, the app may read health and fitness data (such as steps, heart rate, calories, sleep and activity) from Apple HealthKit (iOS) or Health Connect (Android) to display your daily summary, and may write your logged workouts back to them. This data is used only to provide app functionality, is never used for advertising, and is not shared with third parties. You can revoke access at any time in your deviceβs Health settings.
Motion & sensors: the app may use motion/step sensors during a live workout to count steps. This data stays on your device and in your workout record.
Data collected: product names, SKUs, barcodes, stock levels, categories, reorder thresholds, warehouse locations, supplier names, supplier contact details, and purchase/order history.
How it is used: to track stock levels, generate restocking alerts, produce AI-powered demand forecasts, and create inventory reports for your business. Supplier contact details are stored solely to support your internal procurement workflows.
Third-party data: if you store supplier or partner data in F Inventory, you are responsible for ensuring you hold a lawful basis for doing so under GDPR.
Data collected: shipment details, sender and recipient names and addresses, courier assignments, parcel weights and dimensions, tracking events, and delivery timestamps.
How it is used: to track and manage shipments, assign couriers, predict delays, and generate route and delivery reports. Recipient personal data is processed solely to enable shipment tracking within your organisation.
Third-party recipient data: you are the data controller for recipient personal data entered into F Logistics and are responsible for maintaining a lawful basis for storing it.
Data collected: client names, billing addresses, email addresses, VAT numbers, invoice line items, amounts, payment statuses, and payment dates.
How it is used: to create and manage invoices, track payment statuses, and generate billing reports. Client billing information is processed solely to provide the F Invoice service to you and is not used for any other purpose.
Client data responsibility: you are the data controller for client personal data in F Invoice. Fovisto acts as data processor. You are responsible for ensuring clients are informed their data is stored and processed via the platform.
Data collected: datasets and files you upload for processing, reconciliation, or report generation. File content is not inspected, profiled, or used for any purpose other than processing your request.
How it is used: to process, reconcile, and clean datasets, and to generate AI-powered analysis reports. Uploaded files are treated as strictly confidential business data.
Automatic deletion: uploaded files are deleted from our servers within 24 hours of export unless you explicitly choose to save them. Saved datasets are retained until you delete them or close your account.
Data collected: job posting details (title, description, requirements, location), candidate application data (names, contact details, CV/rΓ©sumΓ© content, cover letters, assessment results), employee records (position, contract type, employment status), and internal HR notes.
How it is used: to manage job postings, track candidate applications, and maintain internal HR records for your organisation. Candidate data is accessible only to authorised HR users within your account.
Data controller responsibility: you act as data controller for candidate and employee personal data stored in F HR. Fovisto acts as data processor. You are responsible for informing candidates how their data is used and for complying with applicable employment and data protection law.
Retention: candidate data is retained for the duration of the recruitment process. We recommend you delete candidate data you no longer need, in line with your own data retention policies and legal obligations.
Data collected: inspection records, quality checklists, defect logs, audit trail entries (including the name of the user who made each entry and the timestamp), non-conformance reports, and quality metric summaries.
How it is used: to support quality management workflows, maintain audit trails, track defects and non-conformances, and generate quality reports for your organisation. Audit trail data β including user identity and timestamps β is preserved to ensure record integrity.
Retention: quality and audit records are retained for the duration of your account. We recommend you export and archive records in accordance with any regulatory retention requirements applicable to your industry before closing your account.
We do not sell your personal data. We do not share data with advertisers. We share data only with:
Our servers are located in the European Union (Germany). We do not transfer your data outside the EEA.
You have the following rights regarding your personal data:
To exercise any of these rights, email us at info@fovisto.com. We will respond within 30 days.
You also have the right to lodge a complaint with your national supervisory authority β e.g. the BfDI in Germany or the ICO in the UK.
X-Content-Type-Options, X-Frame-Options: DENY, Content-Security-Policy, Referrer-Policy.We use only a single, strictly necessary session token stored in localStorage to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics scripts.
The Fovisto platform is not directed to children under 16. We do not knowingly collect personal data from children under 16. In F Health, patient records for minors may only be created by an authorised medical professional with appropriate guardian consent.
We may update this Privacy Policy from time to time. Significant changes will be communicated by email or by a prominent in-platform notice. The "Last updated" date at the top of this page indicates when the policy was last revised.
For any privacy-related questions or to exercise your rights: