Legal
Privacy Policy
Applies to fomax.ai and all associated mobile and web applications · Jurisdiction: Islamic Republic of Pakistan
Last updated: June 29, 2026
This Privacy Policy explains how Fomax ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our platform. By using Fomax, you agree to the practices described in this document.
1 Who We Are
Fomax is an AI-powered Growth Operating System accessible at fomax.ai and related web and mobile applications. Fomax provides content creation (Irysh), community management, and personal execution tools for brands, creators, and individuals.
| Platform Name | Fomax |
|---|---|
| Operator | Fomax |
| Contact Email | info@fomax.ai |
| Jurisdiction | Islamic Republic of Pakistan |
| Applicable Law | Prevention of Electronic Crimes Act 2016 (PECA), Personal Data Protection Bill (Pakistan), Electronic Transactions Ordinance 2002 |
2 Information We Collect
2.1 Information You Provide Directly
- Account registration details (name, email address, phone number, profile photo)
- Business or brand name and industry type
- Payment and billing information (processed via third-party payment gateways; we do not store raw card data)
- Content you create, upload, or publish through the platform (posts, captions, images, videos, notes)
- Goals, schedules, and personal milestones entered into the Growth module
- Messages and communications within Community spaces
- Appointment and session booking details
2.2 Information Collected Automatically
- IP address, device type, browser type, and operating system
- Usage data: pages visited, features used, time spent, clicks, and session duration
- Social media account data (when you connect LinkedIn, Instagram, TikTok, X/Twitter, Facebook)
- Analytics and performance data from published content
- Cookies and similar tracking technologies (see Section 10)
2.3 Information from Third Parties
- Data from connected social media platforms via authorised APIs
- Authentication data from OAuth providers (Google, Facebook, etc.)
- Trend and competitor data sourced through Social Mind integrations
3 How We Use Your Information
We use your personal information for the following purposes:
- Service Delivery: To create and manage your account, deliver AI-generated content, process bookings, and enable community features
- AI & Personalisation: To improve our AI tools (Irysh, Social Mind, AI Day Planner) based on your preferences and usage patterns. We do not use Meta Platform Data (Facebook or Instagram data received via the Meta Graph API) to train AI models.
- Analytics & Insights: To provide you with audience analytics, growth reports, and performance dashboards
- Communication: To send service notifications, product updates, newsletters (where opted-in), and security alerts
- Billing: To process subscription payments and manage plan changes
- Safety & Compliance: To detect fraud, enforce our Terms, and comply with applicable Pakistani law
- Product Improvement: To analyse aggregated and anonymised usage patterns and improve platform features
4 Legal Basis for Processing
- Contractual Necessity: Processing required to provide the services you have subscribed to
- Consent: Where you have expressly opted in (e.g., marketing emails, social media connections)
- Legitimate Interest: To improve our services, ensure platform security, and prevent misuse
- Legal Obligation: Where required by Pakistani law, including PECA 2016 and any applicable data protection regulations
5 Sharing of Information
We do not sell your personal data. We may share your information only in the following circumstances:
- Service Providers: Trusted third-party vendors who process data on our behalf (hosting, payment processing, email delivery, analytics) under binding confidentiality agreements. Current processors include: Supabase Inc. (database and authentication), Amazon Web Services Inc. (cloud hosting and storage), and OpenAI OpCo LLC (AI content suggestions — receives anonymised prompts only; no Meta user personal data is shared).
- Social Media Platforms: When you publish content through Fomax, data is shared with the relevant platform (LinkedIn, Instagram, TikTok, X, Facebook) in accordance with their own terms
- Legal Requirements: When required by a Pakistani court order, law enforcement authority, or government directive under applicable law
- Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred with prior notice
- With Your Consent: In any other circumstance where you have given explicit consent
6 Meta Platform Data (Facebook & Instagram)
When you connect your Facebook or Instagram account to Fomax, we receive Meta Platform Data via the Meta Graph API. This section explains how we handle that data specifically.
6.1 What Meta Platform Data We Receive
- Facebook Page IDs, Page names, and Page access tokens
- Instagram Business account IDs and usernames
- User ID and name returned during OAuth login
- Page post engagement data (comments, likes, shares) for connected Pages
- Instagram post metrics (reach, impressions, engagement) for connected accounts
- Instagram post comments for connected accounts
6.2 How We Use Meta Platform Data
- To display your connected Facebook Pages and Instagram accounts in the Fomax workspace
- To publish content you create and explicitly approve to your connected Pages and Instagram accounts
- To display engagement metrics and comments in the Social Mind analytics dashboard
- To generate AI-powered content suggestions based on your own post performance and audience comments
- To delete content you published via Fomax when you request removal
6.3 Restrictions on Meta Platform Data
- We do not sell, license, or transfer Meta Platform Data to any third party
- We do not use Meta Platform Data to train or improve AI or machine learning models
- We do not use Meta Platform Data for advertising or marketing purposes unrelated to your own content management
- We do not combine Meta Platform Data with data from data brokers or other sources for profiling purposes
- Access tokens are stored in encrypted form and are only used to make API calls on your explicit behalf
6.4 Meta Platform Data Retention
- Page access tokens and Instagram account IDs are retained while your account is active and the social account remains connected
- When you disconnect a social account, associated access tokens are deleted from our systems within 30 days
- Post engagement data and comment data are retained for up to 12 months to power historical analytics
For more information on how Meta handles your data, please review Meta's Privacy Policy at facebook.com/privacy/policy.
7 Government and Law Enforcement Data Requests
Fomax has established the following policies for handling requests from public authorities for user personal data:
- Legal Review: All requests from public authorities are reviewed to verify their legal basis before any data is disclosed. We do not comply with requests that lack proper legal authority.
- Right to Challenge: We reserve the right to challenge requests we consider unlawful, overbroad, or inconsistent with applicable law. Where permitted by law, we will notify affected users of such requests.
- Data Minimisation: When legally required to respond to a government data request, we disclose only the minimum information strictly necessary to comply with the specific legal requirement.
- Documentation: We maintain records of all government data requests received, our responses, the legal reasoning applied, and the authorities involved.
Fomax has not shared personal data with public authorities in response to national security requests in the past 12 months.
8 Data Retention
- Active account data is retained for the duration of your subscription plus 90 days after cancellation
- Content and media you have published may be retained for up to 12 months after account deletion unless you request earlier removal
- Billing and transaction records are retained for 7 years as required under Pakistani financial regulations
- Anonymised and aggregated analytics data may be retained indefinitely
- Meta Platform Data (access tokens, Page IDs, Instagram account IDs) is deleted within 30 days of disconnecting your social account
9 Data Deletion Requests
You have the right to request deletion of your personal data and any Meta Platform Data associated with your Fomax account. To request data deletion:
- Email info@fomax.ai with the subject line "Data Deletion Request" and include your registered email address
- Or visit fomax.ai/privacy and use the Data Deletion Request form
- Or disconnect your Facebook or Instagram account in Settings > Social Media to immediately revoke access and trigger deletion of associated tokens
Upon receiving a verified deletion request, we will:
- Delete your account and all associated personal data within 30 days
- Delete all Meta Platform Data including stored access tokens, Page IDs, and Instagram account IDs
- Retain only data we are legally required to keep (e.g., billing records under financial regulations)
- Confirm deletion to you by email within 7 business days of completing the process
10 Cookies and Tracking Technologies
Fomax uses cookies and similar technologies to:
- Keep you logged in and remember your preferences
- Measure platform performance and diagnose errors
- Deliver personalised content recommendations
You may disable cookies through your browser settings, though this may affect certain platform features. We do not use cookies for third-party advertising.
11 Data Security
We implement industry-standard security measures to protect your data, including:
- TLS/SSL encryption for all data transmitted to and from the platform
- Encrypted storage for passwords, access tokens, and sensitive credentials
- Access controls limiting employee access to personal data on a need-to-know basis
- Regular security audits and vulnerability assessments
- SOC 2 compliance standards
No system is completely secure. In the event of a data breach that affects your rights, we will notify you within 72 hours of becoming aware, as required under applicable law.
12 Your Rights
Subject to applicable Pakistani law, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Deletion: Request deletion of your account and associated personal data (see Section 9)
- Right to Withdraw Consent: Withdraw consent for optional processing at any time
- Right to Data Portability: Request your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
To exercise any of these rights, email us at info@fomax.ai. We will respond within 7 business days.
13 Children's Privacy
Fomax is intended for users aged 13 and above. Users between 13 and 17 years of age must obtain parental or guardian consent before creating an account. We do not knowingly collect personal data from children under the age of 13.
14 International Data Transfers
Fomax operates globally and your data may be stored or processed on servers located outside Pakistan, including in the United States (Supabase Inc., Amazon Web Services, OpenAI) and the European Union (AWS Frankfurt region). Where this occurs, we ensure appropriate safeguards are in place to protect your data in accordance with this Policy and applicable Pakistani law.
15 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-platform notice at least 14 days before the changes take effect. Continued use of Fomax after the effective date constitutes acceptance of the revised Policy.
16 Contact Us
For any privacy-related queries, requests, or complaints, please contact our Data Protection Officer:
| info@fomax.ai | |
| Platform | fomax.ai |
| Response Time | Within 7 business days |
© 2026 Fomax. All rights reserved. · Create · Connect · Grow
Effective June 17, 2026 · Updated June 29, 2026 · Governed by the laws of the Islamic Republic of Pakistan
