1. Overview
YASH JAYESHKUMAR CHAUHAN ("Fact0", "we", "us") provides audit and observability infrastructure for AI agents. This Privacy Policy explains how we handle personal data when you visit https://fact0.io, use https://app.fact0.io, integrate with our API, or interact with us.
We build for security reviews: we collect only what we need to operate the Service, document subprocessors, and support data subject requests.
2. Roles: controller vs processor
For account, billing, and website data, Fact0 is the data controller.
For Customer Data you submit through the SDK or API (including personal data inside agent audit events), Fact0 generally acts as a data processor on your instructions. You are responsible for lawful bases, notices, and data subject rights for that content.
Enterprise customers may execute a Data Processing Agreement (DPA) on request at yash@fact0.io.
3. Data we collect
Depending on how you use Fact0, we may process:
- Account data: name, email, profile image from Google sign-in, organization membership, and session identifiers.
- Workspace data: API key metadata (hashed secrets), settings, billing plan, usage quotas, and audit configuration.
- Customer Data: audit events, execution traces, telemetry spans, share-link access logs, and exports you generate.
- Support and communications: messages you send to us and transactional email delivery metadata.
- Technical data: IP address, browser type, device identifiers, and request logs for security and reliability.
- Product analytics: aggregated usage signals to improve performance and features (see our Cookie Policy).
4. How we use data
We use personal data to:
- Provide, secure, and troubleshoot the Service.
- Authenticate users and enforce workspace access controls.
- Send transactional email (invites, alerts, reports, welcome messages).
- Bill accounts, prevent abuse, and comply with legal obligations.
- Improve the product through aggregated analytics where permitted.
5. Legal bases (EEA/UK)
Where GDPR applies, we rely on contract performance (providing the Service), legitimate interests (security, product improvement, B2B communication), consent where required (non-essential cookies), and legal obligation.
7. Retention
We retain account and billing records while your account is active and for a reasonable period afterward for legal and accounting purposes.
Customer Data retention follows your plan and workspace settings. Audit logs are append-only by design; deletion policies for telemetry and exports are described in our documentation and dashboard controls.
8. Security
We use encryption in transit, tenant isolation, scoped API keys, and hash-chain integrity checks. No system is perfectly secure; report concerns to yash@fact0.io.
Security practices and compliance posture are summarized at docs.fact0.io/guides/security.
9. International transfers
We may process data in the United States and other countries where we or our subprocessors operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses.
10. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port personal data, and to object to certain processing.
Contact yash@fact0.io to exercise rights. We may verify your identity before responding. If we process data on behalf of your organization, we may direct you to your workspace administrator.
11. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from children.
12. Changes
We may update this Privacy Policy. We will post the revised version with an updated date and provide additional notice for material changes where appropriate.
13. Contact
Privacy inquiries: yash@fact0.io
General contact: yash@fact0.io
YASH JAYESHKUMAR CHAUHAN · https://fact0.io