Findrix

Privacy Policy

1. Who we are

Findrix ("we", "us") is the data controller for information you provide directly. For data we process on behalf of our customers (e.g. their site content, their LLM probe results), our customers are the controllers and Findrix is a processor. A Data Processing Agreement (DPA) applies on Pro and Business tiers (available Phase 2).

2. Data we collect

2.1 Account data

2.2 Audit data

2.3 Usage data

3. Why we process this data

Lawful bases under GDPR Article 6:

4. Where data is stored

Primary database: Supabase Postgres in eu-west-1 (Ireland). Hosting and edge: Vercel fra1 (Frankfurt). Analytics: PostHog EU instance (eu.i.posthog.com) and, with your consent, Google Analytics 4 (Google LLC, United States — see international transfers below). Sub-processors are listed in full in our sub-processor list.

Some sub-processors (LLM providers like OpenAI and Anthropic, and — with your consent — Google Analytics) operate primarily in the US. When we send data to them, we rely on Standard Contractual Clauses (SCCs) for the international transfer. We never send raw customer billing or auth data to LLM providers — only the prompts and (where relevant) site content needed for the probe.

5. How long we keep data

Deleting your account. You can close your account at any time from your account settings. Closing it starts a 30-day grace period (cancellable any time before it ends); after that, your login and email are permanently removed. Audit data may be retained in anonymized form, no longer linked to you or any login. To erase all data we hold about you — including anonymized history — email privacy@findrix.ai and we will complete the erasure within 30 days.

6. Who we share data with

We share data only with the sub-processors listed in our sub-processor list, and only as necessary to deliver the service. We never sell personal data to third parties. We never train AI models on customer confidential data.

We disclose data to law enforcement only when required by valid legal process. We publish a yearly transparency report on these requests (Phase 6).

7. Your rights (GDPR / CCPA)

You have the right to:

For California residents: equivalent rights under CCPA. We do not sell personal data — "Do Not Sell" requests are honored automatically as part of our default policy.

To exercise any right, email privacy@findrix.ai. We respond within 30 days.

8. Security

Technical and organizational measures:

9. Children

Findrix is a B2B product, not directed at children. We do not knowingly collect data from anyone under 16. If you believe we have received such data, contact privacy@findrix.ai and we will delete it.

10. Changes to this policy

We post material changes here at least 30 days before they take effect. We notify account holders by email. The full revision history is available on request.

11. Contact

Privacy questions: privacy@findrix.ai
Data Protection Officer: dpo@findrix.ai
EU representative: TBD (Phase 1 — to be appointed before paid tier launch)

12. Sub-processors snapshot

Current sub-processors (full list with regions and data types at /legal/sub-processors):