Privacy Policy: how we protect & handle your data

Introduction

FidForward, Inc. (“FidForward”, “we”, “us”, or “our”) provides an AI-powered prospect discovery and automated outreach platform to help organizations find and connect with talent and business prospects. We are committed to protecting your privacy and handling your personal data responsibly and transparently.

This Privacy Policy applies to our website at https://fidforward.com, our talent sourcing platform at https://talent.fidforward.com, browser extensions, and related applications (collectively, the “Services”). We encourage you to read this Privacy Policy carefully before using any of the Services.

Important Note: This Privacy Policy applies when FidForward acts as a data controller determining the purposes and means of processing personal information. When you use our Services to collect and process prospect or candidate data, you are the data controller and FidForward acts as a data processor following your instructions. Your responsibilities as a controller are outlined in our Terms of Service.

By using FidForward, you agree to the collection, use, and processing of information in accordance with this policy.

Scope of This Policy

This Privacy Policy covers:

• Personal information we collect directly from you
• Information we collect automatically through your use of our Services
• How we use, disclose, and protect this information
• Your rights and choices regarding your personal information

Excluded from this Policy:

• Personal information processed on behalf of customers (prospects, candidates) where our customers are the controllers
• Anonymous, de-identified, or aggregated data that cannot identify individuals
• Information governed by separate agreements with enterprise customers

Interpretation and Definitions

Interpretation

Words with capitalized initial letters have defined meanings under the following conditions. These definitions have the same meaning regardless of whether they appear in singular or plural forms.

Definitions

For the purposes of this Privacy Policy:

• FidForward (referred to as either “FidForward”, “We”, “Us”, or “Our” in this Agreement) refers to FidForward, Inc.
• Account means a unique account created for you to access our Services.
• Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authority.
• Cookies are small files placed on your device (computer, mobile device, or any other device) by a website, containing details of your browsing history on that website.
• Country refers to the United States.
• Data Controller means the entity that determines the purposes and means of processing personal data.
• Data Processor means an entity that processes personal data on behalf of the data controller.
• Device means any device that can access the Services such as a computer, mobile phone, or digital tablet.
• Personal Data or Personal Information is any information that relates to an identified or identifiable individual.
• Sensitive Personal Information includes special categories of data such as health information, biometric data, precise geolocation, racial/ethnic origin, religious beliefs, or other legally protected categories.
• Service refers to the website, platform, and applications.
• Service Provider means any natural or legal person who processes data on behalf of FidForward to facilitate the Services, provide services on behalf of FidForward, perform services related to the Services, or assist FidForward in analyzing how the Services are used.
• Usage Data refers to data collected automatically, generated by the use of the Services or from the service infrastructure (e.g., duration of a page visit).
• Website refers to fidforward.com and talent.fidforward.com, accessible from these domains.
• You means the individual accessing or using the Services, or the company or other legal entity on behalf of which such individual is accessing or using the Services.

Personal Information We Collect

Information We Collect About Users (Customers)

When you create an account, use our Services, or interact with our website, we collect the following personal information:

Account Information:

• Email address
• First and last name
• Company name and role
• Profile image (if provided)
• Organization membership details
• Account credentials and authentication data (managed by Clerk)
• Billing information and payment details

Professional Information:

• Job searches and recruitment criteria
• Outreach campaigns and sequences
• Search filters and preferences
• Email templates and messaging content
• Notes and communications you create

Integration Data:

• LinkedIn authentication and session data (when you connect LinkedIn)
• Gmail/Microsoft email integration data (when you connect email accounts)
• Email account configuration for outreach infrastructure
• OAuth tokens and access credentials

Usage and Analytics Data:

• Website pages visited and interaction patterns
• Search queries and platform usage
• Feature usage statistics and performance metrics
• IP address and general location (city/region)
• Browser type, version, and language settings
• Operating system and device identifiers
• Click patterns and navigation behavior

Information We Collect About Prospects and Candidates

When You Act as Controller: When you use our Services to discover and engage prospects or candidates, you are the data controller and we process this data on your behalf according to our Data Processing Agreement. This includes:

• Names and professional titles
• Work experience and employment history
• Educational background
• LinkedIn profile data
• Contact information (emails, phone numbers)
• Skills, industries, and expertise areas
• Your notes, tags, and communications with prospects

From Public Sources: We maintain a database of publicly available professional information collected from:

• Public LinkedIn profiles and professional networks
• Publicly available professional directories and websites
• Third-party contact data providers
• Company websites displaying team member information

This public data includes:

• First and last name
• Professional experience and job titles
• Educational background
• LinkedIn profile URLs
• Contact information from verified sources
• Skills, industries, and career history

Data We Do NOT Collect: We do not collect sensitive personal data such as health information, biometric data, political affiliations, religious beliefs, sexual orientation, trade union membership, or other protected characteristics from any sources.

Collection Methods

Direct Collection:

• Account registration forms
• Service configuration and settings
• Customer support interactions
• Billing and payment processing
• Email communications

Automatic Collection:

• Cookies and similar tracking technologies
• Log files and server logs
• Analytics platforms (Google Analytics, PostHog)
• Performance monitoring tools

Third-Party Sources:

• Data providers for contact information
• Public professional profiles and directories
• Marketing partners (with consent)
• Service providers assisting with our operations

Our Use of AI-Powered Technology

FidForward uses artificial intelligence and machine learning to provide effective prospect discovery and matching capabilities:

AI-Powered Matching: We use AI algorithms to match your search requirements with prospect profiles, analyze suitability scores, and generate insights about talent pools and market trends.

Automated Message Generation: Our platform can generate outreach messages and email sequences using AI. All AI-generated content requires your review and approval before sending.

Search Enhancement: AI helps improve search accuracy by analyzing job descriptions and search criteria to extract relevant keywords, skills, and requirements.

Third-Party AI Providers: We may use third-party AI services (such as OpenAI, Anthropic, or others) to power certain features. We require these providers to:

• Not use your data to train their AI models
• Delete your data within 30 days unless otherwise required by law
• Operate under strict data processing agreements

Opt-Out Options: As a customer, you may request to opt out of AI-powered features by contacting privacy [at] fidforward.com. Note that opting out may limit platform functionality.

Automatic Data Collection and Cookies

We automatically collect certain information when you use our Services through cookies and similar tracking technologies:

Essential Cookies (Always Active):

• Authentication and session management
• Security and fraud prevention
• Platform functionality and performance
• Load balancing and system stability

Analytics Cookies (With Your Consent):

• Google Analytics for website usage statistics
• PostHog for product analytics and feature usage
• Performance monitoring and error tracking

Cookie Management: You can manage your cookie preferences through:

• Our cookie consent banner (appears on first visit)
• Browser settings to block or delete cookies
• Opt-out links in our cookie policy

Note: Disabling essential cookies may prevent proper functioning of the Services. Disabling analytics or marketing cookies will not affect core platform features.

How We Use Personal Information

Legal Bases for Processing

Under GDPR and similar data protection laws, we process personal information based on the following legal grounds:

1. Contract Performance We process your personal information to fulfill our obligations under our Terms of Service and provide the Services you’ve requested, including:

• Creating and managing your account
• Processing searches and generating prospect matches
• Facilitating outreach campaigns
• Providing customer support
• Processing billing and payments

2. Legitimate Interests We process personal information where necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms:

• Improving and personalizing our Services
• Analyzing usage patterns to enhance features
• Preventing fraud and ensuring security
• Conducting research and development
• Marketing our Services to prospects (balanced against your privacy)

Before processing based on legitimate interests, we conduct balancing tests to ensure our interests do not override your fundamental rights.

3. Consent We obtain your consent for:

• Non-essential analytics cookies
• Marketing communications
• Optional integrations and data sharing
• Marketing cookies and advertising tracking

You may withdraw consent at any time through your account settings or by contacting us.

4. Legal Compliance We process personal information to comply with:

• Legal obligations and regulatory requirements
• Court orders and law enforcement requests
• Tax and financial reporting requirements
• Record-keeping obligations

Use of Customer Information

We use personal information about our customers (you) for the following purposes:

To Provide Our Services:

• Create and manage user accounts
• Authenticate and authorize access
• Process searches and generate prospect matches
• Discover and verify contact information
• Facilitate email campaigns and multi-channel outreach
• Provide customer support and troubleshooting
• Process billing, subscriptions, and payments
• Send transactional emails and service notifications

To Improve and Personalize Services:

• Analyze usage patterns to enhance platform features
• Customize search results and recommendations
• Develop new features and functionality
• Troubleshoot technical issues and optimize performance
• Conduct research and development
• Train and improve AI algorithms using aggregated data

For Communication:

• Send service-related notifications and updates
• Respond to support inquiries and provide assistance
• Send marketing communications (with consent or where permitted)
• Notify you of important policy or service changes
• Request feedback and conduct surveys

For Security and Compliance:

• Prevent fraud, abuse, and unauthorized access
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with legal obligations and regulatory requirements
• Protect our rights and interests

Use of Prospect and Candidate Information

When You Are the Controller: When you use our Services to process prospect or candidate data, we act as your data processor. We only process this data according to your instructions and our Data Processing Agreement. You are responsible for:

• Having a legal basis to collect and process this data
• Providing required privacy notices to prospects/candidates
• Responding to data subject rights requests
• Complying with GDPR, CCPA, and other privacy laws

When We Are the Controller: For publicly sourced prospect profiles in our database, we process this information to:

• Enable searchability for our customers’ legitimate recruiting and business development needs
• Provide contact information discovery services
• Generate market insights and analytics
• Improve search accuracy and matching algorithms

We rely on our legitimate business interest in operating a professional discovery platform, balanced against individuals’ privacy rights. You may request removal from our database as described in the “Your Privacy Rights” section.

Sensitive Personal Information

We collect and process sensitive personal information (as defined by GDPR Article 9 or similar laws) solely for business purposes where we have a lawful basis. We do not use sensitive information for advertising, marketing, or profiling purposes.

If we need to process sensitive personal information, we will:

• Obtain your explicit consent where required
• Ensure we have a valid legal basis under applicable law
• Implement enhanced security measures
• Limit access to authorized personnel only

How We Disclose Personal Information

We Do Not Sell Personal Information. FidForward does not sell, rent, or share personal information to third parties for their own marketing purposes. We do not participate in data brokerage or data selling activities.

We may disclose personal information to the following categories of recipients:

Service Providers and Processors

We engage trusted service providers who process personal information on our behalf under strict contractual obligations:

Authentication and Infrastructure:

• Clerk.dev: User authentication and account management
• Cloud hosting providers: Data storage and infrastructure
• CDN providers: Content delivery and performance

Analytics and Monitoring: With your consent, we share usage data with:

• Google Analytics: Website analytics
• PostHog: Product analytics and feature usage tracking
• Error monitoring services: Performance and bug tracking

AI and Technology Providers: We share limited data with AI service providers (such as OpenAI, Anthropic) to power platform features. These providers:

• Are contractually prohibited from using your data to train their models
• Must delete your data within 30 days unless legally required to retain it
• Operate under strict data processing agreements
• Cannot use data for their own purposes

Contact Data Providers: We work with third-party data providers (such as Apollo, ZoomInfo, Clearbit) to obtain publicly available professional contact information. Contact data is:

• Retained for a maximum of 2 years
• Automatically deleted after the retention period
• Processed under data processing agreements

Communication Services:

• Email service providers (Resend): Platform notifications and marketing (with consent)
• SMS providers: Text message delivery (when applicable)
• Customer support tools (Chatwoot): Support ticket management

All service providers are contractually required to:

• Process data only according to our instructions
• Implement appropriate security measures
• Not use data for their own purposes
• Comply with applicable data protection laws

Customers and Business Sharing

Within Your Organization: Authorized team members in your organization can access:

• Shared searches and campaigns
• Prospect and candidate data your organization has collected
• Organization-wide analytics and insights

Prospect Data to Customers: When customers use our platform, they can access:

• Publicly sourced professional profiles
• Contact information they’ve purchased credits to reveal
• Search results matching their criteria

This sharing is based on our legitimate interest in operating a professional discovery platform.

Legal and Compliance Requirements

Legal Obligations: We may disclose information to law enforcement, government authorities, or private parties when:

• Required by law, subpoena, or court order
• Necessary to protect legal rights or safety
• Required to enforce our Terms of Service
• Necessary to prevent fraud or abuse

Business Transfers: In connection with any merger, acquisition, financing, sale of assets, or bankruptcy proceeding, personal information may be transferred to the acquiring or successor entity. We will provide notice and obtain consent if required.

Professional Advisors: We may share information with lawyers, auditors, accountants, insurance providers, and other professional service providers as needed for business operations, legal compliance, or risk management.

With Your Consent

We may share personal information with third parties when you explicitly consent to such sharing, including:

• Social media platforms when you share content
• Integration partners you authorize
• Third-party applications you connect

International Data Transfers

Personal information may be transferred to, stored in, and processed in the United States and other jurisdictions where we or our service providers operate. These jurisdictions may not provide the same level of data protection as your home country.

When we transfer personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to other countries, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the EU Commission for transfers to countries without adequacy decisions. These provide contractual guarantees that transferred data will be protected according to EU standards.

Adequacy Decisions: Where available, we rely on EU Commission adequacy decisions recognizing that certain countries provide adequate data protection.

Data Processing Agreements: Our contracts with international service providers include:

• Commitments to comply with applicable data protection laws
• Technical and organizational security measures
• Procedures for handling data subject rights requests
• Notification requirements for data breaches

Your Rights: You may request information about safeguards in place for international transfers by contacting privacy [at] fidforward.com.

Retention of Personal Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, in accordance with our legitimate business needs and applicable laws.

Retention Criteria

We determine retention periods based on:

• The amount, nature, and sensitivity of personal information
• The purposes for which we process the information
• Whether we can achieve those purposes through other means
• Applicable legal and regulatory requirements
• The potential risk of harm from unauthorized use or disclosure
• User expectations and relationship with the Services

Retention Periods by Data Category

Customer Account Data:

• Active accounts: Retained while your account is active
• Deleted accounts: Personal data deleted within 30 days of account deletion
• Authentication data: Deleted immediately upon account deletion
• Backups: May persist for up to 90 days in backup systems

Organization Data (Survives Individual User Deletion):

• Searches and campaigns: Retained while organization account is active
• Prospect lists and notes: Retained while organization account is active
• Contact reveals: Retained for 2 years, then automatically deleted
• Billing records: Retained for 7 years for tax and financial compliance
• Contracts and agreements: Retained for legal requirement periods (typically 7 years)

Integration Data:

• OAuth tokens: Deleted immediately upon disconnection or account deletion
• LinkedIn activity logs: Deleted within 30 days of account deletion
• Email integration data: Deleted immediately upon disconnection
• Platform usage analytics: Anonymized after 2 years or upon account deletion

Prospect and Candidate Profile Data:

• Public profiles: Retained while commercially useful for legitimate recruiting purposes
• Customer-specific data: Controlled by customer retention policies; deleted when customer deletes their organization account
• Contact information: Maximum 2 years from collection, then automatically deleted
• Removal requests: Processed within 48 hours; data deleted immediately

Analytics and Log Data:

• Usage analytics: Anonymized after 2 years
• Server logs: Retained for 90 days for security and troubleshooting
• Cookie data: Retained per cookie-specific retention periods (typically 13 months)

Data Deletion

When we no longer need personal information, we either:

• Permanently delete it from our active systems
• Anonymize it so it can no longer identify individuals
• Archive it securely with restricted access where required by law

Deleted data may persist in backup systems for up to 90 days before permanent deletion.

Your Privacy Rights and Choices

We provide comprehensive privacy rights to all users, regardless of location. Depending on your jurisdiction, you may have additional statutory rights under GDPR, CCPA, or other privacy laws.

Universal Privacy Rights

All users have the following rights:

Right to Access (Right to Know) You may request:

• Confirmation of whether we process your personal information
• Copies of your personal information in a readable format
• Information about categories, sources, purposes, and recipients
• Details about data processing activities

Right to Rectification (Correction) You may request correction of:

• Inaccurate personal information
• Incomplete personal information
• Out-of-date information

Right to Deletion (Erasure) You may request deletion of your personal information, subject to legal exceptions for:

• Completing transactions or providing requested services
• Detecting and preventing security incidents or fraud
• Complying with legal obligations
• Exercising free speech or research rights
• Internal uses reasonably aligned with your expectations

Right to Data Portability You may request a copy of your personal information in:

• A structured, commonly used format
• A machine-readable format suitable for transmission to another service

Right to Object You may object to processing based on:

• Legitimate interests (we will stop unless we demonstrate compelling grounds)
• Direct marketing (we will stop immediately upon request)
• Profiling and automated decision-making

Right to Restrict Processing You may request that we limit how we use your personal information when:

• You contest the accuracy of the data
• Processing is unlawful but you prefer restriction over deletion
• We no longer need the data but you need it for legal claims
• You’ve objected and we’re verifying whether our grounds override yours

Right to Withdraw Consent Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint You may file a complaint with your local data protection authority about our collection and use of personal information.

Right to Appeal If we deny your privacy request, you may appeal our decision by contacting privacy [at] fidforward.com with “Privacy Rights Appeal” in the subject line.

How to Exercise Your Rights

To Make a Request:

1. Email us: privacy [at] fidforward.com
2. Subject line: Specify your request type (e.g., “Data Access Request”, “Deletion Request”)
3. Include: Your name, email address, and specific request details
4. Verification: We may ask for additional information to verify your identity

Using an Authorized Agent: You may designate an authorized agent to make requests on your behalf by:

• Providing written authorization signed by you
• Having your agent submit proof of their authority
• Verifying your identity separately

Response Timeline:

• We will acknowledge your request within 5 business days
• We will respond substantively within 30 days (or as required by applicable law)
• If we need an extension, we will notify you and explain why
• We will explain our decision if we deny any request

Verification Process: To protect your privacy, we will verify your identity before processing requests by:

• Matching information you provide to information we have on file
• Requesting additional documentation if needed
• Confirming via your registered email address

Account Deletion Process

When you delete your FidForward account:

1. Immediate Actions:

   • Account access is revoked immediately
   • Authentication credentials are deleted
   • Personal profile information is removed

2. Data Removal Timeline:

   • Active database records deleted within 30 days
   • Integration data (LinkedIn, email) deleted immediately
   • Personal information anonymized in analytics

3. Organization Data:

   • If you’re the sole member, organization data is deleted
   • If other members remain, your personal data is removed but organization data (searches, campaigns) remains accessible to other members

4. Third-Party Cleanup:

   • We remove your data from marketing lists
   • OAuth tokens and API keys are revoked
   • Third-party integrations are disconnected

5. Backup Retention:

   • Data may persist in backups for up to 90 days
   • Backups are securely deleted after retention period

6. Confirmation:

   • You receive email confirmation once deletion is complete

Opt-Out Options

Marketing Communications:

• Click “unsubscribe” in any marketing email
• Email privacy [at] fidforward.com
• Update preferences in account settings

Analytics Cookies:

• Manage preferences through our cookie consent banner
• Configure browser settings to block cookies
• Use browser “Do Not Track” signals (we honor DNT)

Data Collection:

• Opt out of non-essential data collection via privacy [at] fidforward.com
• Disable integrations in account settings
• Request restriction of processing

Prospect/Candidate Database: If you’re a job candidate or prospect and want removal from our searchable database:

1. Email privacy [at] fidforward.com with “Remove My Profile”
2. Provide your name and LinkedIn URL (if applicable)
3. We will manually remove your data within 48 hours
4. You’ll receive confirmation once removed

California Residents (CCPA/CPRA Rights)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

CCPA-Specific Rights:

• Right to Know Categories: Request categories of personal information we collect, use, disclose, and sell
• Right to Know Specific Pieces: Request specific pieces of personal information we’ve collected about you
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Sensitive PI Use: Limit use of sensitive personal information (we don’t use it for marketing)
• Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights

CCPA Categories of Personal Information We Collect:

• Identifiers: Name, email, IP address, account credentials
• Professional Information: Job history, skills, LinkedIn data, employment information
• Internet Activity: Usage data, search queries, browsing history
• Commercial Information: Subscription details, billing records, purchase history
• Geolocation Data: Approximate location (city/region) from IP address
• Inferences: Profile preferences, characteristics, behavior patterns

Do Not Sell My Personal Information: We do not sell personal information to third parties. We do not participate in data brokerage. We share information with service providers for business purposes as described in this Privacy Policy, but these relationships do not constitute “sales” under CCPA.

How to Exercise CCPA Rights: Email privacy [at] fidforward.com with your request. Include “CCPA Request” in the subject line. We will respond within 45 days and may request identity verification.

European Economic Area, UK, and Swiss Residents (GDPR Rights)

If you’re located in the EEA, UK, or Switzerland, you have additional rights under GDPR and equivalent laws:

GDPR-Specific Provisions:

• Legal Basis Transparency: We’ve identified our legal basis for each processing activity in this policy
• Data Protection Officer: Contact privacy [at] fidforward.com for DPO inquiries
• Supervisory Authority: You may lodge complaints with your national data protection authority
• Right to Object to Profiling: You may object to automated decision-making and profiling

Cross-Border Transfer Safeguards:

• We use Standard Contractual Clauses for transfers outside the EEA/UK
• You may request copies of these safeguards by contacting privacy [at] fidforward.com

Data Protection Authorities:

• EU: Find your authority at https://edpb.europa.eu/about-edpb/board/members_en
• UK: Information Commissioner’s Office (ICO) at https://ico.org.uk
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

Data Security

We implement comprehensive technical, organizational, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction.

Technical Safeguards

Encryption:

• Data encrypted in transit using TLS 1.2+ protocols
• Data encrypted at rest using AES-256 encryption
• Database encryption with automatic key rotation
• Encrypted backups stored in secure locations

Access Controls:

• Multi-factor authentication (MFA) for user accounts
• Role-based access control (RBAC) for internal systems
• Principle of least privilege for data access
• Regular access reviews and credential rotation

Security Monitoring:

• 24/7 automated security monitoring
• Intrusion detection and prevention systems
• Real-time threat intelligence and analysis
• Regular vulnerability scanning and penetration testing

Application Security:

• Secure coding practices and code reviews
• Input validation and sanitization
• Protection against OWASP Top 10 vulnerabilities
• Regular security updates and patches

Organizational Measures

Policies and Procedures:

• Comprehensive information security policies
• Data classification and handling standards
• Incident response and breach notification procedures
• Business continuity and disaster recovery plans

Employee Training:

• Mandatory security awareness training
• Privacy and data protection education
• Phishing and social engineering prevention
• Regular security updates and briefings

Vendor Management:

• Security assessments of all service providers
• Data processing agreements with vendors
• Regular vendor security reviews
• Contractual security requirements

Access Management:

• Background checks for employees with data access
• Confidentiality agreements for all personnel
• Immediate access revocation upon termination
• Regular access audits and reviews

Physical Security

Data Centers:

• Tier III or higher certified facilities
• 24/7 physical security and monitoring
• Biometric access controls
• Environmental controls (fire, flood, temperature)

Equipment Security:

• Encrypted devices for employee access
• Secure disposal of hardware and media
• Asset tracking and inventory management
• Physical security for office locations

Incident Response

Breach Notification: If we discover a data breach affecting your personal information:

• We will notify you without undue delay (within 72 hours for GDPR, as required by state law for US)
• We will describe the nature of the breach and affected data
• We will explain steps we’re taking to address the breach
• We will provide recommendations to protect yourself

Incident Investigation:

• Immediate containment and remediation
• Forensic investigation and root cause analysis
• Coordination with law enforcement if required
• Implementation of corrective measures

Limitations

While we implement industry-leading security measures, no system is completely secure. We cannot guarantee absolute security of personal information. You acknowledge the inherent security risks of internet transmission and electronic storage.

Your Responsibilities:

• Keep your password confidential and strong
• Enable multi-factor authentication
• Review account activity regularly
• Report suspicious activity immediately
• Use secure networks when accessing the Services

Children’s Privacy

Our Services are not intended for, designed for, or directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18 without proper parental consent.

If We Learn of Child Data: If we discover we have inadvertently collected personal information from a child under 18:

• We will delete the information as quickly as possible
• We will not use the information for any purpose
• We will not disclose the information to third parties

Parent/Guardian Rights: If you believe we may have collected information from a child under 18, please contact privacy [at] fidforward.com immediately with:

• The child’s name and age
• Your relationship to the child
• Description of the information collected

We will investigate and take appropriate action within 10 business days.

Third-Party Services and Links

Our Services may contain links to websites, applications, and online services operated by third parties. This Privacy Policy does not apply to third-party services, and we are not responsible for their privacy practices.

Third-Party Privacy:

• Review privacy policies of third-party services before providing information
• We do not control third-party data practices
• Third-party services may have different privacy standards
• Links do not constitute endorsement of third-party privacy practices

Third-Party Integrations: When you connect third-party services (LinkedIn, Gmail, etc.):

• You authorize us to access specified data from those services
• Third-party privacy policies govern their handling of your data
• You can revoke access at any time through integration settings
• We are not responsible for third-party service practices

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or service offerings.

How We Notify You:

• Minor Changes: Updated “Last Updated” date at the top of this policy
• Material Changes:
  • Prominent notice on our website for 30 days
  • Email notification to registered users
  • In-app notification for active users
  • Option to review changes before they take effect

Your Choices:

• Continued Use: Continued use of Services after the effective date constitutes acceptance
• Objection: If you disagree with changes, discontinue use before the effective date
• Account Deletion: You may delete your account if you don’t accept changes

Change History: We maintain a record of significant policy changes. Contact privacy [at] fidforward.com to request previous versions.

Effective Date: Changes become effective 30 days after posting or notification (whichever is earlier), unless otherwise specified. For material changes affecting your rights, we may require affirmative consent.

Legal Compliance and Regulatory Information

Data Controller

FidForward, Inc. is the data controller responsible for personal information described in this Privacy Policy when we determine the purposes and means of processing.

Contact Information: FidForward, Inc. Attn: Data Protection Officer Email: privacy [at] fidforward.com

Regional Representatives

European Economic Area: For GDPR matters and complaints, you may contact your national data protection authority. Find your authority at https://edpb.europa.eu/about-edpb/board/members_en

United Kingdom: Information Commissioner’s Office (ICO) Website: https://ico.org.uk Phone: 0303 123 1113

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) Website: https://www.edoeb.admin.ch

Regulatory Frameworks

We comply with:

• GDPR: General Data Protection Regulation (EU)
• UK GDPR: UK General Data Protection Regulation
• CCPA/CPRA: California Consumer Privacy Act and Privacy Rights Act
• CAN-SPAM: Controlling the Assault of Non-Solicited Pornography And Marketing Act
• CASL: Canadian Anti-Spam Legislation (when applicable)
• Other State Laws: Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and other state privacy laws

Contact Information

General Privacy Inquiries

Email: privacy [at] fidforward.com

Data Protection Officer

For specific questions about your personal data or to exercise your privacy rights:

Email: privacy [at] fidforward.com Subject Line: Include “Data Protection” or your specific request type

Customer Support

For account or service-related questions:

Email: privacy [at] fidforward.com Website: Use the support widget on any page Response Time: Within 2 business days for general inquiries

Privacy Rights Requests

To exercise your privacy rights (access, deletion, correction, etc.):

Email: privacy [at] fidforward.com Subject Line: Specify request type (e.g., “Access Request”, “Deletion Request”, “CCPA Request”) Response Time: Within 30 days (or as required by applicable law)

Appeals Process

If you are not satisfied with our response to your privacy request:

Email: privacy [at] fidforward.com Subject Line: “Privacy Rights Appeal” Include:

• Your original request details
• Our response that you’re appealing
• Reasons for your appeal
• Your desired resolution

We will review your appeal and respond within 30 days.

Complaints to Authorities

You have the right to lodge a complaint with a data protection authority about our collection and use of personal information. Contact your local data protection authority in your country of residence, place of work, or location of alleged violation.

---

Acknowledgment: By using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy and our data practices as described herein.