Privacy Policy

Last updated: June 19, 2026

This Privacy Policy explains how Zyndix MB ("Fonderis", "we", "us", "our") collects, uses, and protects your personal data when you use fonderis.com and the Fonderis application (the "Service"). Fonderis is a product operated by Zyndix MB. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Lithuanian data protection law.

1. Who we are (Data Controller)

Zyndix MB, a company registered in the Republic of Lithuania, company code 307427011, registered address J. Jasinskio g. 16B, 03163 Vilnius, Lithuania. For any privacy questions, contact us at amir@zyndix.com (alternative: ingrida@zyndix.com).

2. What data we collect

  • Account data: your name, email address, hashed password, and language preference.
  • Company profile data: company name, registration code, legal form, industry, size, location, revenue range, founding year, project descriptions, funding goals, and similar details you provide.
  • Documents: files you upload (e.g. company documents, past applications) to help draft your grant applications.
  • Usage data: pages viewed, features used, interactions, approximate location, and device/browser information, collected via analytics and session-analytics tools.
  • Payment data: processed by Stripe. We do not store full card numbers; we receive limited billing and subscription metadata.
  • Communications: messages you send us.

3. How we use your data and our legal bases

  • To provide the Service — match grants, score eligibility, and draft applications (performance of a contract, GDPR Art. 6(1)(b)).
  • To process payments and manage subscriptions (contract).
  • To secure and improve the Service and prevent abuse (legitimate interests, Art. 6(1)(f)).
  • To run analytics to understand and improve the Service (consent, where required, for non-essential analytics; otherwise legitimate interests).
  • To send service emails, and, with your consent, occasional product updates.
  • To comply with legal obligations (Art. 6(1)(c)).

4. AI processing

To match grants and draft applications, your company profile and document content are processed by AI providers acting as our processors — OpenAI (ChatGPT/GPT models), Anthropic (Claude), and Cohere — and the translation provider DeepL. Under our agreements with these providers, your content is processed only to deliver the Service and is not used to train their models. [Confirm each provider's current terms.]

5. Sharing and sub-processors

We share data with service providers who process it on our behalf:

  • Supabase — database and authentication (hosted in the EU, Frankfurt)
  • Hetzner — application hosting and file storage (Germany)
  • Stripe — payment processing
  • OpenAI, Anthropic, Cohere, DeepL — AI matching, drafting, and translation
  • Google — Google Analytics 4 and Google Tag Manager (website analytics); we also use Google Search Console to monitor search performance
  • Microsoft — Microsoft Clarity (product analytics, including session analytics such as click and scroll interactions)
  • PostHog — product analytics (EU hosting)
  • Sentry — error monitoring
  • Resend — transactional email

We do not sell your personal data.

6. International transfers

We store and process data within the EU/EEA wherever possible. Some sub-processors (e.g. Google, Microsoft, OpenAI, Anthropic, Stripe) may process data outside the EEA under appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. Data retention

We retain your data while your account is active and as needed to provide the Service. After you close your account, we delete or anonymise your personal data within 90 days, unless we are required to keep it longer by law (e.g. accounting records).

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your data, and to object to or withdraw consent for certain processing. To exercise these rights, contact amir@zyndix.com. You also have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (Valstybinė duomenų apsaugos inspekcija — VDAI, vdai.lrv.lt).

9. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

10. Security

We use industry-standard measures, including encryption in transit and access controls, to protect your data. No method of transmission or storage is completely secure.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version with a new date and, for material changes, notify you.

13. Contact

amir@zyndix.com · Zyndix MB, J. Jasinskio g. 16B, 03163 Vilnius, Lithuania.