Privacy Policy
This policy explains what personal data Fibric Inc. ("Fibric," "we") processes, why, and the choices you have. It covers our marketing site, the Fibric platform, and the products built on it. Customer data processed by an operator on a customer's behalf is governed by our Data Processing Addendum, not this policy.
Overview
Fibric is the operational layer for the physical world. We act as a data controller for the personal data of our website visitors, account holders, and prospective customers, and as a data processor for the data our customers route through the platform. This policy describes our controller activities; see the DPA for our processor obligations.
Information we collect
You give us
- Account & contact — name, work email, company, role when you sign up, request access, or contact us.
- Operation setup — the systems you connect and the intents and guardrails you configure during onboarding.
- Communications — messages you send to support, sales, or community channels.
We collect automatically
- Usage & device — pages viewed, actions taken, IP address, browser, and similar telemetry, used to operate and improve the service.
- Cookies — see Cookies below.
How we use data
We use personal data to provide and secure the service, authenticate accounts, provision tenants, respond to you, send service and (with consent where required) marketing communications, meet legal obligations, and improve the product. We do not sell personal data, and we do not use customer-governed operational data to train shared models.
Legal bases
Where the GDPR or similar laws apply, we rely on: contract (to deliver the service you requested), legitimate interests (to secure and improve the platform), consent (for optional marketing and non-essential cookies), and legal obligation (to comply with law).
Governed data & operators
When an operator acts on a customer's systems, every action is single-flight, idempotent, attributable, and written to a receipt. A reseller and tenant identifier rides every event and row, and tenancy is enforced at the data layer so one customer's data is never exposed to another. We process that operational data strictly on the customer's instructions as a processor.
Retention
We keep personal data only as long as needed for the purposes above or as required by law, then delete or anonymize it. Account data is retained for the life of the account and a limited period afterward; receipts and audit records are retained per the customer's configured policy.
Security
We protect data with encryption in transit and at rest, least-privilege access, tenant isolation, and a fail-closed trust model. No method is perfectly secure, but we work to industry standards and continuously improve. See Security and our Responsible Disclosure policy.
Your rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict your personal data, and to object to or withdraw consent. To exercise these, contact us below; we respond within the timeframes the law requires. You may also lodge a complaint with your local supervisory authority.
International transfers
We may process data in countries other than yours. Where we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses.
Changes to this policy
We may update this policy as the product and law evolve. We will post the new version here and update the date above; material changes will be communicated where appropriate.
Contact
Questions about this policy or your data? Email privacy@fibric.io, or write to Fibric Inc., Attn: Privacy. For data-processing matters, see the DPA.