FaiData.
Sign inStart free

Legal

Privacy Policy

Last updated April 28, 2026. Plain-language summary first; the full text follows.

1. Summary

FaiData provides a virtual data room that streams files from your own cloud storage (Google Drive, Dropbox, OneDrive). We do not host your documents. We process the minimum data needed to operate the service — accounts, room metadata, audit events — and give you full control over what's shared and with whom.

2. Data we collect

From you (account holders)

  • Name, email, organisation, and password hash.
  • OAuth tokens for connected cloud drives, encrypted at rest.
  • Billing details (handled by our payment processor).

From viewers (people you invite to a room)

  • Email address (for verification and audit).
  • IP address (only the verified cf-connecting-ip header).
  • NDA signature evidence: timestamp, IP, document hash, intent.
  • Page-view events for analytics and audit.

Files

Files remain on your storage. We fetch them on demand to render watermarked views — we do not persist them.

3. How we use data

  • To operate rooms, NDAs, sharing, and analytics.
  • To produce audit-ready event logs you can export.
  • To detect abuse and protect the service.
  • To bill you for the plan you chose.

We do not sell your data, and we do not use the contents of your documents to train AI models.

4. Where data lives

Application data is hosted in the EU on managed Postgres infrastructure. Edge requests are served via Cloudflare's global network.

5. Sub-processors

  • Cloudflare — edge delivery and DDoS protection.
  • Supabase — managed database and auth.
  • Google AI / Gemini — AI Q&A inference (no training on your data).
  • Stripe — payment processing.

6. Your rights

You may access, export, correct, or delete your personal data at any time. Email privacy@faidata.io. EU residents have additional rights under GDPR; UK residents under the UK GDPR; California residents under the CCPA.

7. Security

TLS 1.3 in transit, AES-256 at rest, scrypt-hashed passwords, encrypted OAuth tokens, append-only signature ledgers. Detailed practices on our Security page.

8. Retention

Account data is retained while your account is active and for 30 days after deletion (for billing reconciliation). Audit logs are retained for the duration you configure per workspace, up to 7 years.

9. Contact

Privacy questions: privacy@faidata.io.
Data Protection Officer: dpo@faidata.io.