Privacy Policy

Feanor Services LLC respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have. It applies to our website at feanorservices.com and to the Feanor service ("the Service").

1. Who we are

The data controller for personal information processed about visitors to our website and individuals who contact us is Feanor Services LLC, a limited liability company organised under the laws of the State of New Mexico, United States ("Feanor", "we", "us", "our"). When we process personal data on behalf of a Feanor customer (for example, data extracted from that customer's connected systems), the customer is the controller and Feanor acts as a processor under our Data Processing Addendum.

You can contact us about privacy at [email protected].

2. Scope of this policy

This policy covers:

• People who visit our website or read our marketing materials.
• People who contact us, request access to the alpha, or sign up for updates.
• Authorised users of customer accounts when they log in or use the Service.
• Job applicants and prospective partners.

It does not change how Feanor processes data on behalf of a customer under a signed customer agreement and Data Processing Addendum. In that case, the customer's privacy notice governs.

3. Information we collect

3.1 Information you give us

• Identifiers and contact details: name, work email, company, role, phone number when you provide them.
• Account credentials: when authorised users sign in to the Service.
• Communications: messages, support tickets, calls, demo notes.
• Commercial information: billing address, purchase records, contract details (when applicable).
• Recruiting information: CV, work history, portfolio when you apply for a role.

3.2 Information collected automatically

• Device and usage data: IP address, user-agent, referring URL, pages viewed, timestamps, approximate location derived from IP.
• Logs and telemetry: Service request logs, error reports, security events.
• Cookies and similar technologies: see Cookies and tracking.

3.3 Information from third parties

• Identity and login providers (such as Google or Microsoft) when an authorised user chooses to sign in via single sign-on.
• Customer-connected systems (such as Slack, Gmail, Notion, Zendesk) when a customer authorises Feanor to read content from those systems. We process this data as a processor on the customer's instructions.
• Public sources for company research and outbound communication, where permitted by law.

3.4 Sensitive categories

We do not seek to collect special-category data under GDPR (for example, health, racial or ethnic origin, political opinions, religion, biometric data) or sensitive personal information under US state laws (for example, government IDs, precise geolocation, contents of mail or messages where treated as sensitive). If such data appears in customer-connected sources, we provide controls so customers can redact or exclude it.

4. How we use information

We use personal information to:

• Provide, operate and improve the Service.
• Communicate with you about your account, the alpha, security, billing, and support.
• Personalise content and remember your preferences.
• Measure and analyse usage to debug issues and improve performance.
• Detect, investigate and prevent fraud, abuse, security incidents and illegal activity.
• Comply with legal and regulatory obligations and enforce our terms.
• Recruit and evaluate candidates for open roles.

5. Legal basis for processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom or Switzerland, we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)): to provide the Service to you or to take steps at your request before entering into a contract.
• Legitimate interests (Art. 6(1)(f)): to operate, secure and improve our website and Service, prevent abuse, communicate with prospective customers, and pursue our reasonable business interests where they are not overridden by your rights.
• Consent (Art. 6(1)(a)): for marketing emails where required by law and for non-essential cookies. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws.

You can ask us about the legitimate interest analysis we have performed for a particular processing operation by writing to [email protected].

6. When we share information

We do not sell your personal information. We share it only as follows:

• Service providers (sub-processors) who help us run the Service, such as cloud hosting, error monitoring, customer-support tooling, payment processors and analytics. They are bound by written contracts and process personal data only on our instructions.
• Affiliates under common control with Feanor, where applicable, on terms consistent with this policy.
• Customers whose accounts an authorised user is part of, with respect to that user's activity in the account.
• Legal and safety disclosures: to comply with law, lawful requests from authorities, to enforce our terms, or to protect the rights, property or safety of Feanor, our users or others.
• Corporate transactions: in connection with a merger, acquisition, financing, reorganisation or sale of assets, subject to standard confidentiality protections.

An up-to-date list of sub-processors is available on request from [email protected] and in Annex III of our Data Processing Addendum.

7. International data transfers

Feanor is based in the United States and may process personal data in the United States and other countries where our service providers operate. When we transfer personal data out of the EEA, the UK or Switzerland to a country that has not been recognised as providing an adequate level of protection, we use appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable), supplemented by additional measures as necessary. You can request a copy of the safeguards we use by writing to [email protected].

8. Retention

We keep personal information only for as long as necessary for the purposes described in this policy, to comply with our legal obligations, to resolve disputes and to enforce our agreements. Specific retention periods depend on the type of data, the nature of the relationship, and applicable legal requirements. When personal data is no longer needed, we delete it or de-identify it.

9. Security

We use administrative, technical and organisational measures designed to protect personal information against unauthorised access, alteration, disclosure or destruction. These include encryption in transit, access controls, audit logging, security monitoring, regular reviews and employee training. No system is perfectly secure: if you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

10. Your rights (EU, UK, EEA, Switzerland)

Subject to applicable law, you have the right to:

• Access the personal data we hold about you and receive information about how it is processed.
• Rectify inaccurate or incomplete personal data.
• Erase your personal data in certain circumstances ("right to be forgotten").
• Restrict processing of your personal data in certain circumstances.
• Object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
• Receive your personal data in a portable format and have it transmitted to another controller, where technically feasible.
• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
• Lodge a complaint with your local supervisory authority. A list of EU authorities is available at edpb.europa.eu; in the UK, the ICO at ico.org.uk; in Switzerland, the FDPIC at edoeb.admin.ch.

To exercise any of these rights, write to [email protected]. We respond within one month and, where required, will verify your identity before acting on a request.

11. Your rights (United States)

Depending on the US state where you reside, you may have specific rights under laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and similar state laws. These rights may include:

• Right to know what personal information we collect about you, the sources, the purposes and the categories of recipients.
• Right of access to a copy of the specific pieces of personal information we have collected about you.
• Right to delete personal information we have collected from you, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information and of certain targeted advertising and profiling.
• Right to limit the use and disclosure of sensitive personal information to what is necessary to provide the service.
• Right to non-discrimination for exercising your rights.
• Right to appeal a refusal of a rights request, where applicable.

To exercise these rights, write to [email protected]. You may use an authorised agent; we will require proof of authorisation. We do not discriminate against you for exercising your privacy rights.

12. Sale and sharing of personal information

13. Cookies and tracking

Our website uses a small number of cookies and similar technologies to operate the site, remember your preferences, and measure how the site is used in aggregate. We do not use third-party advertising cookies. Where required by law, we ask for your consent before setting non-essential cookies. You can control cookies through your browser settings; disabling cookies may impair some features of our site.

We honour the Global Privacy Control (GPC) signal from your browser as a request to opt out of the sale or sharing of personal information for residents of states that recognise it.

14. Children

Feanor is a business-to-business service. It is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

15. Automated decision-making

We do not use personal information to make decisions that produce legal or similarly significant effects on individuals based solely on automated processing, except as expressly permitted by law and with appropriate safeguards. AI-generated outputs of the Service are reviewed and governed by our customers in accordance with their own policies and our Service controls.

16. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. If the changes are material, we will provide notice that is reasonable under the circumstances, including by posting on our website or by email where appropriate.

17. Contact us

For privacy questions, requests or complaints:

• Email: [email protected]
• Mail: Feanor Services LLC, Privacy, New Mexico, United States. (We will provide a registered office address on request.)

If we cannot resolve your concern, you may also contact your data protection or consumer-protection authority.