Privacy Policy | Fyboard

1. Privacy Overview

Our commitment to protecting your personal information

Fyboard is operated by Fybyte Technology Private Limited in India. This Privacy Policy applies to Fyboard, FyTools, FyServices, public website visitors, registered users, customer administrators, invited workspace users, and integrations connected to the Fyboard product suite.

Core Privacy Principles

Data Minimization

We collect only what is needed to run Fyboard, FyTools, FyServices, billing, security, support, and product improvement

Purpose limitation: Data collected only for specified, legitimate purposes
Storage limitation: Retained only as long as necessary
Review of forms, uploads, logs, and AI workflow inputs before expanding collection

Security by Design

Security controls are built around encrypted transport, controlled production access, and India-first infrastructure

TLS for data in transit and encryption at rest where supported
Role-based access and least-privilege production access
Operational reviews for logs, backups, files, and workers

User Control

Customers and users keep control over workspace content, export requests, deletion requests, and privacy choices

Account and workspace controls where available
Email-supported export and deletion requests during launch
Essential cookies by default; consent for non-essential tracking where required

Transparency

Clear, honest communication about our data practices and privacy commitments

Plain-language privacy policies and notices
Notice when material processing, vendors, or regions change
Clear communication about confirmed security incidents when notification is required

Our Privacy Commitments

Never Sell Your Data

We will never sell, rent, or trade your personal information to third parties for monetary gain or any other consideration.

Consent-Based Processing

We process your data when needed to provide the product, comply with law, protect the platform, support customers, or where you consent.

India-First Launch

Our current default production setup is designed around Indian operations and AWS Mumbai hosting, with future regional hosting considered for eligible customers.

Processor Accountability

We maintain a vendor and sub-processor inventory for infrastructure, payments, communications, AI, analytics, monitoring, and support tools.

Privacy by Default

The most privacy-friendly settings are applied by default, with options to customize based on your preferences.

Privacy by the Numbers

ap-south-1

Default Region

AWS Mumbai

EC2 + RDS

Core Hosting

Mumbai

< 30 days

Target Response

Privacy rights

Email-led

Privacy Support

Launch phase

Key Points to Remember

We never sell your personal data to third parties
You can request export or deletion of personal data through our launch support process

Current default application hosting is in AWS Mumbai for India-first operations
GDPR may apply if EU personal data is processed or EU users/customers are targeted

2. Information We Collect

Types of data we gather to provide our services

Account & Profile Information

We collect personal information that you provide when creating an account, joining a workspace, using Fyboard, FyTools, or FyServices, or contacting us by email. This information helps us operate accounts, permissions, billing, security, and support.

Required Information

• Full name and account display name
• Email address (primary contact)
• Password (encrypted and secure)
• Account, workspace, and role information
• Product, tool, service, and plan preferences

Optional Information

• Profile picture, avatar, or bio
• Secondary email and security preferences
• Organization and job title
• Workspace display preferences
• Communication preferences

Data Accuracy

You are responsible for keeping your personal information accurate. Incorrect information may affect service delivery and security.

Identity Verification & Security

For business accounts, paid plans, invoicing, fraud prevention, or legal compliance, we may collect additional verification information. We do not require this for every user.

Security

• 2FA data
• Recovery and verification signals
• Login and session identifiers
• Authentication tokens

Business

• Company registration
• Tax identification
• Business address
• Authorized representative

Compliance

• KYC documentation, if legally or commercially required
• Government ID copies only where required for a transaction or verification workflow
• Address verification
• Compliance records

Payment & Billing Information

When you subscribe or buy a module, tool, service, add-on, usage pack, AI credit pack, storage pack, or other entitlement, we collect payment information needed to process transactions through Stripe or Razorpay.

Billing Details

• Billing name and address
• Payment method type and gateway
• Last 4 digits where provided by the gateway
• Transaction history

Security

• Stripe or Razorpay customer/order/payment IDs
• Fraud prevention and risk signals
• UPI, card, bank, or wallet status returned by the gateway
• Refund and dispute references

We do not intentionally store full card numbers, CVV, UPI PINs, or netbanking credentials on Fyboard servers. Stripe and Razorpay collect payment credentials under their own security and privacy practices.

"We prioritize transparency in our collection practices. Your data is used exclusively to enhance your Fyboard experience."

3. How We Use Information

Transparent processing for legitimate business purposes

We use personal data only for defined product, security, billing, support, compliance, and improvement purposes. For customer workspace content, Fyboard will often act as a processor on behalf of the customer organization; for account, billing, security, marketing, and website data, Fyboard may act as controller.

Primary Processing Purposes

We process personal information for these launch categories. Retention depends on account status, workspace settings, legal requirements, payment records, backups, and the type of module, tool, service, add-on, or usage pack involved.

Service Delivery

Core Fyboard, FyTools, FyServices, storage, workflow, extraction, AI-assisted, and collaboration functionality.

BasisContractual Necessity

RetentionAccount or workspace life + deletion window

AuthenticationDocument storageTool runsWorkspace permissions

Security & Fraud

Security monitoring to protect users, workspaces, payments, files, APIs, and the platform from abuse.

BasisLegitimate Interest

RetentionAs needed for security and legal compliance

Anomaly detectionUnauthorized access preventionFraud checks

Analytics & Improvement

Improving reliability, usability, workflow quality, and performance.

BasisLegitimate Interest/Consent

RetentionAggregated or minimized where practical

Feature usage analyticsPerformance diagnosticsBug detection

Communication

Keeping users informed about updates, security, and billing.

BasisContractual/Consent

RetentionAccount life + operational/legal period

Service alertsPolicy changesMarketing if opted in

Legal Compliance

Required to meet tax, accounting, privacy, corporate, payment, and legal obligations.

BasisLegal Obligation

RetentionAs required by law

Tax recordsKYC if requiredLegal process compliance

Business Operations

Supporting customer onboarding, account administration, vendor management, and internal launch operations.

BasisLegitimate Interest

RetentionRelationship life + legal/accounting period

Email supportOnboardingUsage reporting

4. Information Sharing

How we share your data with trusted partners

We never sell your personal information. Data sharing is limited to service providers, sub-processors, customer-directed integrations, legal requirements, security needs, billing, and support.

Trusted Service Provider Partners

We maintain an inventory of providers and sub-processors that may store or process data for infrastructure, payments, email, AI/extraction, analytics, monitoring, support, and security. The exact provider set may vary by feature, plan, region, and customer configuration.

Cloud Infrastructure

Hosting, database, file storage, backups, logs, and operational infrastructure.

AWS Mumbai

Primary EC2, RDS, and related India-first hosting

Shared: App data, workspace content, operational logs

AWS storage/logging

Files, backups, snapshots, logs, and monitoring where configured

Shared: Files, backups, logs, metadata

Payment Processing

Secure payment processing and financial services.

Razorpay

India checkout, UPI, cards, wallets, netbanking, refunds

Shared: Billing details, payment IDs, fraud signals

Stripe

Supported non-INR checkout, cards, customer portal, refunds

Shared: Billing details, customer IDs, payment references

Communication Services

Transactional email, account notices, invoices, security alerts, and email-led support.

Email provider

Transactional and support email delivery

Shared: Email addresses, message content, delivery metadata

Support inbox/tooling

Manage support and privacy requests

Shared: Request details, attachments, account references

AI, OCR & Processing

Document extraction, AI-assisted workflows, OCR, embedding, or automation workers where enabled.

Fyboard workers

Run parsing, queues, automation, and extraction

Shared: Files, text, metadata, Tool Output

AI or OCR providers

Model or extraction processing when a feature uses them

Shared: Selected prompts, files, snippets, AI Output

Analytics & Monitoring

Error tracking, performance monitoring, consent-based analytics, and security tooling.

Monitoring tools

Reliability, error, and security operations

Shared: Logs, stack traces, device and request metadata

Analytics tools

Product analytics where enabled or consented

Shared: Feature events, device info, approximate region

5. Cookies & Tracking

How we use cookies and tracking technologies

Essential cookies keep Fyboard working. Non-essential analytics or marketing cookies are disabled unless enabled by consent or by an applicable customer configuration.

Essential Cookies

Required

Necessary for basic website functionality and security.

Technical IDs

auth_sessioncsrf_tokensecurity_flags

Impact: Breaking core functionality if disabled.

Functional Cookies

Enhance user experience with personalized features.

Technical IDs

user_preferencesworkspace_statefeature_flags

Impact: May affect convenience features.

Analytics Cookies

Help us understand product usage and reliability where enabled or consented.

Technical IDs

analytics_idfeature_event_idconsent_state

Impact: Helps product improvement only.

Marketing Cookies

May support advertising or campaign attribution if we introduce it later and obtain required consent.

Technical IDs

campaign_idreferrer_idutm_state

Impact: Not required for the product to function.

6. Data Security

How we protect your information

Security is foundational for Fyboard because the product may process files, contracts, emails, invoices, workflow records, and AI-assisted outputs.

Multi-Layered Security Architecture

Encryption Standards

Encryption and transport protections for application traffic, databases, files, and secrets.

TLS in transitRDS/S3 encryption where configuredSecrets access controls

Infrastructure Security

India-first AWS Mumbai deployment for current launch operations.

EC2 MumbaiRDS MumbaiRegion-controlled storage/backups

Application Controls

Product controls for accounts, workspaces, tools, APIs, and admin access.

RBACWorkspace permissionsMFA/SSO where available

7. Data Retention

How long we keep your information

We retain data only as long as needed for product operation, workspace administration, billing, security, legal compliance, backups, disputes, or customer instructions.

User Account Data

Personal info, account settings, and workspace membership records.

Standard

Account life + deletion/recovery window

Profile InfoAuth CredentialsWorkspace Roles

Business Data

Workspace content, files, contracts, emails, invoices, forms, Tool Output, and AI Output.

Standard

Customer plan, workspace settings, and legal requirements

FilesWorkflow RecordsVersion History

Usage Analytics

Platform metrics and performance data.

Standard

Minimized or aggregated where practical

Activity LogsPerformance MetricsFeature Analytics

Security & Legal

Audit trails and compliance records.

Standard

As needed for security, accounting, tax, and legal obligations

Security LogsAudit TrailsBilling Records

8. Your Privacy Rights

Understanding and exercising your choices

You may request access, correction, deletion, export, restriction, objection, or complaint review depending on your location, role, customer contract, and applicable law. During launch, requests are handled primarily by email.

Access

View and understand personal data we process about you.

Copy of Data

Sources

Processors

Rectification

Correct inaccurate or incomplete information.

Self-service edits

Factual corrections

Verification

Erasure

Request deletion or anonymization of personal data where legally and technically possible.

Account Deletion

Selective removal

Backup limits

Restriction

Limit how we process your personal data.

Processing freeze

Dispute protection

Consent overrides

Portability

Receive data in reasonable portable formats where required and available.

JSON/CSV exports

Workspace exports

Metadata

Object

Object to processing based on legitimate interests or direct marketing where applicable.

Marketing Opt-out

Profiling limits

Human review

9. International Transfers

Global data protection and cross-border transfers

Fyboard's current default production setup is India-first: EC2 and RDS in AWS Mumbai. Mumbai hosting does not automatically exempt us from GDPR if EU personal data is processed or if Fyboard later targets EU users or customers.

Our Global Transfer Principles

We are launching with India-focused operations and initially expect India/internal/RCL users. If a customer uploads personal data about EU/EEA individuals, or if Fyboard later offers services to EU/EEA users or customers, storing that data in Mumbai may be treated as a transfer outside the EEA and must be handled with appropriate safeguards.

India Default

Core application and database in AWS Mumbai for launch.

Region Inventory

We track where infrastructure, logs, files, backups, and vendors process data.

Future Regions

EU or US tenant hosting may be added later for eligible customers.

10. Children's Privacy

Special protections for our younger users

We are committed to children's safety. We do not knowingly collect data from children under 13 without verifiable parental consent.

Comprehensive Child Protection

We recognize that our platform may be used in educational or family contexts. We are committed to the highest level of protection for any users under 18.

Children Under 13

We do not knowingly collect personal info from children under 13 without verifiable parental consent. Any inadvertently gathered data is purged immediately.

COPPA Compliant

Teens 13-17

Additional privacy protections and content filtering are automatically applied. Features are limited to educational and professional focus.

Enhanced Privacy

Safety Contact

If you believe we have inadvertently collected data from a child, contact us immediately.

[email protected]

1-800-FYBOARD-SAFE

11. Policy Updates

How we manage and communicate changes

Privacy is dynamic. We update this policy when Fyboard adds modules, tools, services, payment flows, processors, AI workflows, regions, or legal requirements.

Our Update Philosophy

We are committed to practical, transparent policy updates as Fyboard moves from India/internal launch to broader public and paid B2B use.

Transparency First

Plain-language summaries for material changes.

Advance Notice

Reasonable notice before material changes where practical.

User Choice

Consent or controls for new non-essential processing where required.

Material Changes

Significant modifications affecting user rights, data regions, processors, AI processing, or data sharing.

Advance notice where practical

Administrative

Clarifications, contact info, formatting, or minor operational changes.

Posted update

Legal Compliance

Changes required by new laws, regulator guidance, payment rules, or court orders.

As required

Security

Updates to improve security, safety, or data protection.

Immediate with user education

12. Contact us

Questions, concerns, or rights requests

Privacy and data-rights requests are handled by email during launch. We verify requester identity and workspace authority before disclosing, exporting, changing, or deleting data.