Privacy Policy

Fuse is an anonymous-first platform. We are designed from the ground up to minimise what we know about you. You choose a handle, not a name. You reveal yourself only when you decide to. This policy explains exactly what data we hold, why, how long we keep it, and what rights you have over it.

Data Controller: Fuse is operated by Aner Izraeli, an Israeli sole proprietor (osek patur), who is the data controller for personal data collected through this service. Contact: privacy@fuseboard.online.

If you are in the EU/EEA or UK, we rely on the following legal bases under Article 6 of the GDPR:

• To authenticate you and maintain your session
• To display your profile and listings to other users
• To deliver transactional emails (new messages, listing expiry reminders)
• To operate the platform (rate limiting, abuse prevention)

We never sell your data. We never use it for advertising.

We share data only with the following sub-processors:

• Google Firebase— authentication, database (Firestore), and file storage. Data is processed under Google's data processing terms and Standard Contractual Clauses (SCCs).
• SendGrid (Twilio) — transactional email delivery. Only your email address and the email content are shared.
• Google Cloud Run — hosting. Your requests are processed on Google Cloud infrastructure.
• Paddle— payment processing for paid subscriptions. When you purchase a plan, your payment and billing details are handled by Paddle as the Merchant of Record. Paddle's own privacy policy applies to data they collect: paddle.com/legal/privacy.

No other third parties receive your personal data.

Google API Services:Fuse's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Our infrastructure runs on Google Cloud in the us-central1 region (United States). If you access Fuse from the EU/EEA, UK, or Israel, your data is transferred to the US. We ensure adequate protection through:

• Google Cloud: Standard Contractual Clauses (SCCs) adopted by the European Commission, which are also recognised by the Israeli Privacy Protection Authority as a valid transfer mechanism.
• SendGrid / Twilio: Standard Contractual Clauses (SCCs).

You may request a copy of the applicable SCCs by emailing privacy@fuseboard.online.

• Active accounts: retained until you close your account
• Closed listings: retained for 90 days for admin audit, then deleted
• Conversations and messages: retained while either participant has an active account. If you delete your account, the messages you sent remain in the thread to preserve conversation continuity — but your real identity data (display name, email, photo) is immediately and permanently scrubbed. Messages remain attributed to your anonymous handle; the underlying account UID in those records is a dead reference — the account no longer exists and cannot be used to identify you.
• Server logs: up to 30 days (cloud provider standard)
• Privacy audit trail (opt-outs, account closures): retained indefinitely as required evidence of consent and its withdrawal.

We may disclose personal data (such as IP addresses from server logs or email addresses) when we are legally required to do so — for example, in response to a valid court order, a lawful request from law enforcement or a competent government authority, or to protect the safety, rights, or property of our users or the public. We will comply with lawful and duly authorised legal requests.

Where permitted by applicable law, we will endeavour to notify affected users before complying with such a request. We will not disclose more data than is strictly required to satisfy the legal obligation.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authorities (including the Israeli Privacy Protection Authority) and, where required by law, affected users — within the timelines and in the manner required by applicable law, including GDPR Articles 33–34 and the Israeli Privacy Protection Regulations (Data Security), 5777-2017.

If you are in the EU, EEA, or UK, you have the right to:

• Access — request a copy of the data we hold about you
• Rectification — correct inaccurate data via Settings
• Erasure — delete your account permanently via Settings → Danger zone. This deletes your profile, closes your listings, and removes your data from our systems within 30 days.
• Portability — request an export of your data by emailing us
• Object — to processing based on legitimate interest (e.g. transactional emails — use the unsubscribe link or Settings)
• Restriction — ask us to limit processing while a dispute is being resolved

To exercise any right not covered by in-app controls, email privacy@fuseboard.online. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority. Our lead supervisory authority is the Israeli Privacy Protection Authority (gov.il/en/departments/the_privacy_protection_authority). If you are in the EU/EEA, you may instead contact the data protection authority in your country of residence.

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights:

• Know — the categories and specific pieces of personal information we collect, and the purposes for which we use them (see sections above)
• Delete — request deletion of your personal information (available in-app via Settings → Danger zone, or by emailing us)
• Correct — request correction of inaccurate personal information
• Opt out of sale or sharing — we do not sell or share your personal information with third parties for cross-context behavioural advertising. There is nothing to opt out of, but you have this right if our practices ever change.
• Non-discrimination — we will not discriminate against you for exercising any of these rights

To submit a request, email privacy@fuseboard.online with the subject line California Privacy Request. We will respond within 45 days as required by law.

If you are in Israel, the Privacy Protection Law, 5741-1981, grants you the right to:

• Access — request to inspect your personal data held in our database
• Correct — request correction of inaccurate data
• Delete — request deletion in accordance with applicable law (available in-app or by emailing us)

To submit a request, email privacy@fuseboard.online. You may also lodge a complaint with the Privacy Protection Authority at gov.il/he/departments/the_privacy_protection_authority.

Fuse is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@fuseboard.online and we will delete it promptly.

We will update this page if our practices change. Material changes will be announced via the in-app notification system at least 14 days before taking effect.

Questions or requests about this policy: privacy@fuseboard.online

Data Controller: Aner Izraeli (sole proprietor, Israel).