← Back to foolem.app

Foolem — Privacy Policy

Last updated: 27 May 2026

This Privacy Policy explains what data Foolem collects, how we use it, who we share it with, and your rights regarding your data.

We aim to collect as little personal information as reasonably possible. Foolem does not require an account or signup to play.

1. Who is the data controller

For the purposes of the EU General Data Protection Regulation (GDPR), the data controller for Foolem is:

Eik Bidstrup, operating under the trade name "Havnia" (planned business entity), based in Copenhagen, Denmark.

Contact for privacy questions: contact@foolem.app

If you are in the EU and believe your data rights have been violated, you also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk.

2. What data we collect

Information you provide

When you play Foolem, you may upload:

  • Voice recordings — short audio clips recorded during gameplay
  • Video recordings — short video clips recorded during Dare mode (18+ feature)
  • A chosen display name and emoji — used to identify you to other players in your room
  • Reports — if you report another user's content, we collect the details you provide

Information collected automatically

When you use Foolem, our infrastructure providers automatically collect:

  • IP address — used for rate limiting and abuse prevention
  • Browser and device information — user agent, screen size, and similar technical details needed to deliver the Service
  • Room and gameplay events — which rooms you joined, when, and basic gameplay actions, for the duration of your session
  • Aggregate usage and performance metrics — collected via Vercel Web Analytics and Vercel Speed Insights (both cookieless) to understand how the Service is used and to monitor performance

Our analytics (Vercel Web Analytics and Vercel Speed Insights) are cookieless and collect only aggregate data — they do not use cookies, do not track you across other websites, and are not used to identify you or build a profile of you. The metrics are derived transiently from your IP address and user agent. Beyond this, we do not use cookies for advertising or tracking, and we use only essential browser storage required for the Service to function (such as your anonymous session and display name). See Section 10 for more on cookies and analytics.

Information we do NOT collect

We do not collect:

  • Your real name, address, or government ID
  • Your email address (unless you contact us)
  • Your location beyond what is inferred from your IP address by our infrastructure providers
  • Payment information (we do not currently process payments)
  • Marketing or behavioural profiling data

3. How we use your data

We use the data we collect to:

  • Operate the Service and enable gameplay between players
  • Deliver voice and video recordings to other players in your room
  • Prevent abuse, fraud, and violations of our Terms of Service
  • Respond to reports and moderate content
  • Diagnose technical issues
  • Communicate with you if you contact us

We do not:

  • Sell your data to third parties
  • Use your data for advertising or behavioural profiling
  • Share your data with third parties except as described in Section 5

4. Legal basis for processing (GDPR)

Under GDPR, we process your data on the following legal bases:

  • Performance of contract (Art. 6(1)(b)) — for processing necessary to provide the Service you requested (e.g., delivering recordings to other players in your room)
  • Legitimate interests (Art. 6(1)(f)) — for abuse prevention, security, and basic operational logging. Our legitimate interest is in keeping Foolem safe and functional. We balance this against your privacy and only collect what is necessary.
  • Legal obligation (Art. 6(1)(c)) — when we are required to retain or report data to comply with law (for example, retention of evidence following reports of illegal content)
  • Consent (Art. 6(1)(a)) — where you have provided explicit consent (e.g., by accepting our Terms when entering Dare mode)

5. Who we share your data with

Foolem does not sell your data. We share data only with the following categories of recipients, and only as necessary to operate the Service.

Infrastructure sub-processors

We rely on the following service providers to host and deliver Foolem:

  • Vercel (USA) — hosts the foolem.app website and serverless backend. Vercel's privacy policy: vercel.com/legal/privacy-policy
  • Supabase (USA / EU) — hosts our database, authentication, and storage. Supabase's privacy policy: supabase.com/privacy
  • Daily.co (USA) — provides real-time voice and video infrastructure. Daily.co's privacy policy: daily.co/legal/privacy

These providers process data on our behalf under data processing agreements. They are contractually required to protect your data and use it only for the purposes we authorise.

Transfers outside the EU

Some of our sub-processors are based in the United States. When personal data is transferred outside the EU, we rely on the EU Standard Contractual Clauses or other approved transfer mechanisms to protect your data.

Other players in your room

Voice and video recordings you create in a room are shared with other players in that room as part of gameplay. Your chosen display name is also visible to them.

Authorities

We may share data with law enforcement or other authorities when:

  • Required by valid legal process
  • Necessary to investigate or report illegal content (for example, suspected CSAM is reported to NCMEC and Danish authorities, as described in our Terms)
  • Necessary to protect the safety of users or the public

6. How long we keep your data

We retain data only as long as necessary:

  • Voice recordings: automatically deleted within 48 hours of creation
  • Video recordings: automatically deleted within 24 hours of creation
  • Reported content: retained for up to 90 days following a report, for moderation and evidence preservation
  • Room data and gameplay events: retained for up to 24 hours after the room ends
  • Server logs (including IP addresses): typically retained by our infrastructure providers for up to 30 days for security and diagnostics
  • Reports and moderation records: retained for up to 12 months for pattern detection and abuse prevention
  • Correspondence with us: retained as long as reasonably necessary to respond and follow up, generally not more than 24 months

Data may be retained longer if required by law or if needed to enforce our Terms.

7. Your rights under GDPR

If you are in the EU, EEA, or UK, you have the following rights regarding your personal data:

  • Right of access — you can ask us what data we hold about you
  • Right to rectification — you can ask us to correct inaccurate data
  • Right to erasure ("right to be forgotten") — you can ask us to delete your data, subject to legal exceptions
  • Right to restrict processing — you can ask us to limit how we use your data
  • Right to data portability — you can ask us to provide your data in a portable format
  • Right to object — you can object to certain types of processing, including processing based on our legitimate interests
  • Right to withdraw consent — where processing is based on your consent, you can withdraw it at any time

To exercise any of these rights, contact us at contact@foolem.app. We will respond within 30 days.

Because Foolem operates largely without accounts, identifying which data belongs to you may require additional information. We may ask you for details (such as approximate dates and room codes) to locate your data.

You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk.

8. Children's privacy

Foolem is not intended for children under 13. Dare mode and video features are restricted to users 18 years of age or older.

If we learn that we have collected data from a child under 13 without parental consent (or under 16 in the EU, where required), we will delete that data promptly. If you believe we have collected data from a minor in violation of this policy, please contact us at contact@foolem.app.

9. Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption of data in transit (HTTPS / TLS)
  • Encryption of data at rest in our database and storage
  • Access controls limiting who can read sensitive data
  • Automatic deletion of recordings after short retention periods
  • Rate limiting and abuse detection

No system is perfectly secure. We cannot guarantee absolute security, but we work to follow current industry best practices.

If a data breach occurs that is likely to result in a risk to your rights, we will notify the Danish Data Protection Authority within 72 hours, and notify affected users where required by law.

10. Cookies and similar technologies

Foolem uses only strictly necessary storage required to operate the Service — principally a first-party session cookie for your anonymous login, together with localStorage/session storage (for example, remembering your display name during a session). These are exempt from consent because the Service cannot function without them.

For analytics we use Vercel Web Analytics and Vercel Speed Insights. These are cookieless: they set no cookies and store nothing on your device. They collect only aggregate usage and performance data (such as page views and load times), derived transiently from your IP address and user agent, and they do not track you across other websites or identify you. We rely on our legitimate interest (GDPR Art. 6(1)(f)) in understanding and improving the Service as the legal basis — and because no information is stored on or read from your device for this purpose, no cookie-consent banner is required.

We do not use any advertising or cross-site tracking cookies. If we ever introduce tracking or advertising cookies (or any other non-essential storage) in the future, we will request your consent in accordance with EU ePrivacy rules — and present a consent banner — before doing so.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through a notice on foolem.app at least 14 days before they take effect, where reasonably possible. The "Last updated" date at the top of this policy reflects the latest revision.

12. Contact

For questions about this Privacy Policy or your data, please contact us at:

contact@foolem.app

We aim to respond to all privacy inquiries within 30 days.

Foolem is committed to handling your data with care and transparency. If anything in this policy is unclear, please contact us and we will do our best to explain.