Privacy Policy for FidForward: how we collect and use your data

Introduction

We are committed to ensuring your privacy and the legal use of your personal data. This Privacy Policy applies to our website, platform and applications (collectively, the ‘Services’). We encourage you to read this Privacy Policy carefully before using any of the Services.

By using FidForward you agree to the collection, use, and processing of information in accordance with this policy.

Interpretation and Definitions

Interpretation

Words with capitalized initial letters have defined meanings under the following conditions. These definitions have the same meaning regardless of whether they appear in singular or plural forms.

Definitions

For the purposes of this Privacy Policy:

• FidForward (referred to as either “FidForward”, “We”, “Us”, or “Our” in this Agreement) refers to fidforward.com.

• Account means a unique account created for you to access our service.

• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.

• Cookies are small files placed on your device (computer, mobile device, or any other device) by a website, containing details of your browsing history on that website.

• Country refers to Spain.

• Device means any device that can access the service such as a computer, cellphone, or digital tablet.

• Personal Data is any information that relates to an identified or identifiable individual.

• Service refers to the website, platform and applications.

• Service Provider means any natural or legal person who processes the data on behalf of FidForward. It refers to third-party companies or individuals employed by FidForward to facilitate the service, provide the service on behalf of FidForward, perform services related to the service, or assist FidForward in analyzing how the service is used.

• Usage Data refers to data collected automatically, generated by the use of the service or from the service infrastructure (e.g., duration of a page visit).

• Website refers to fidforward.com, accessible from fidforward.com.

• You means the individual accessing or using the service, or the company, or other legal entity on behalf of which such individual is accessing or using the service.

Data Collection and Usage

Personal Data

While using Our Service, We may ask you to provide Us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:

• Email address
• First and last name
• Usage data
• Metadata of your calendar events, if and when processed by our service.

Usage Data

Usage data is collected automatically when using the Service. This may include information such as your device’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.

FidForward processes your feedback data using advanced AI and machine learning techniques to provide features such as feedback structuring and templatization. This processing is integral to the service we provide and is performed with your consent.

We do not make automated decisions using your data. We do not use any profiling tools or systems to process your data and make decisions based on profiling.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. These technologies are used to collect and track information and to improve and analyze our Service.

Access to Google User Data

FidForward uses OAuth to authenticate and access information on the user’s Google account. OAuth is a secure mechanism that gives FidForward access to your Google account data without sharing your password. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

FidForward utilizes the strictly necessary information to provide the best experience to the user:

• Calendar: collects the event data (such as attendees and date/time) to understand the user’s most frequent interactions. This information allows FidForward to be proactive in the feedback collection.

You may provide your consent to data collection during the account creation process or within your account settings. You can also opt-out or withdraw your consent at any time through your account settings. If you choose not to provide certain types of personal data, you may be unable to access some functionalities of the service.

Usage of Google Analytics

FidForward uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your device, to help the website analyze how users use the site. The information generated by the cookie about your use of the website, including your IP address, will be transmitted to and stored by Google on servers in the United States.

Purpose and Scope:

• Analysis: Google will use this information to evaluate your use of our website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage.

• Data Sharing: Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

• IP Anonymization: We have activated IP anonymization on FidForward, meaning that Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area.

User Options:

• Opt-Out: You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of FidForward.

• Browser Add-On: Additionally, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under Google Analytics Opt-out Browser Add-on.

Sharing of Your Data

We may share your personal information in the following situations:

• With Service Providers: To monitor and analyze the use of our Service and to contact you. We will only work with Service Providers that adhere to strict data usage policies.
  • Feedback data is transiently shared with third-party Large Language Model providers for structuring and templatization within the app.
  • Post-processing, all feedback data is irrevocably deleted, ensuring no persistent storage.
  • We will only work with Service Providers that adhere to strict data usage policies, such as not using the FidForward user’s data for model training. In specific to our current provider, data is retained for abuse monitoring for up to 30 days, then deleted, unless legally required.
• For Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• With Affiliates: Information may be shared within our family of companies.
• With Business Partners: To offer you certain products, services, or promotions.
• With Your Consent: We may disclose your personal information for any other purpose with your consent.

All data sharing, including with Google APIs, adheres to external policies like the Google API Services User Data Policy, including the Limited Use requirements.

Data Retention

We retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. The retention period varies based on the type of data and the purpose for which it is processed. Below is a breakdown of various scenarios and their corresponding data retention periods:

• General Use of Services: We will process your data as long as you have an active user account or as needed to provide you with our services. Once your account is deleted or your interaction with our services ends, we will retain your personal data for a period of 6 years to comply with our legal obligations and resolve any disputes.
• Data Processing: For data specifically related to feedback, we will retain this data until you delete your account or request the removal of this data.
• Technical and Analytical Data: Data used for analytics and technical improvements will be retained as long as you have an active account. After account deletion, we may anonymize this data and use it for analytical purposes.
• Marketing Communications: If you opt-in for marketing communications, we will process your data for this purpose until you withdraw your consent or opt-out of such communications.
• Inquiries and Support: Data related to user support inquiries or feedback will be kept for a period of 2 years to ensure adequate follow-up and service improvement.
• Legal Requirements: In cases where we are legally required to retain data for a longer period, such as for compliance with tax laws or other legal obligations, we will retain the data as per the required duration by law.
• Inactive Accounts: Data from inactive accounts will be archived after 1 year of inactivity and stored securely for 5 additional years before being permanently deleted, unless required to be retained longer by law.
• Request-Based Archival: Upon user request, data can be archived and retained securely for the duration specified by the user or for a period of up to 6 years.
• Storage Locations: Personal data is stored on secure servers located within the European Union. We ensure that all storage solutions comply with relevant data protection regulations, including GDPR.
• Security Measures: We implement industry-standard security measures including encryption, access control, and regular security audits to protect your personal data.

Right to Request Deletion

You have the right to request the deletion of your personal data at any time. Upon your request, we will delete your data unless we are legally required to retain it. You can follow the below procedure to request your data deletion:

1. Request Submission: Users can request data deletion through their account settings or by contacting our Data Protection Officer at [email protected].
2. Verification: We will verify the identity of the requester to ensure the legitimacy of the deletion request.
3. Processing: Upon verification, we will delete the user’s personal data from our active databases within 30 days. Data stored in backups will be deleted within 90 days.
4. Confirmation: A confirmation email will be sent to the user once their data has been successfully deleted.

Data Security

The security of your Personal Data is important to us. We strive to use commercially acceptable means to protect your Personal Data but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We implement a variety of security measures including encryption, access control, and regular security audits to ensure the safety of your personal data.

We ensure that adequate technical, physical, electronic, and organizational security measures are in place to protect your personal data from unauthorized access. We follow industry-accepted standards to protect personal information sent to us, both during transmission and once we receive it.

Compliance with Local and International Laws

This Privacy Policy is also designed to comply with local data protection laws in Spain and the European Union’s General Data Protection Regulation (GDPR). You have the right to be informed about the processing of your personal data (e.g., for what purposes, what type of data, to whom it is communicated, retention periods, and any third-party sources from which it was obtained). We undertake to respect the confidentiality of your Personal Data and to guarantee your rights. You may exercise your rights by contacting us.

As per the General Data Protection Regulation (GDPR) and the Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights, FidForward is the data controller responsible for your personal data. Our strategic decisions regarding the purposes and means of processing personal data are made by our team in Spain. You can contact our Data Protection Officer (DPO) at [email protected].

Children’s Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and become aware that your child under the age of 13 has provided us with Personal Data, please contact us.

Links to Other Websites

While we try to include only links to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites. A link does not constitute an endorsement of their website.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. If significant, updates to our Privacy Policy will be communicated through a direct notification to users via email.

Contact Us

For general inquiries about this Privacy Policy, please contact us at [email protected]. For specific queries related to your personal data or to exercise your rights, please contact our Data Protection Officer at [email protected].