Fyve Labs Privacy and Data Retention Policy

[Quick Navigation: TL;DR | Definitions | Services | Products | Security Measures | Data Rights | Contact | Version History]

TL;DR

Here's what you need to know:

What We Do

  • We're Fyve Labs. We do two things:
    1. Help companies with tech consulting (Services)
    2. Create software and AI products (Products)

Your Data

  • For Services: We keep client information to do our job and store it safely, we are obligated to keep your data safe.
  • For Products: We collect data to make our products work and improve them, but we don't sell your data.

Your Rights

  • You can ask what data we have about you
  • You can ask us to delete your data
  • You can opt out of certain data collection
  • We protect your data using strong security in US-based locations

Important Points

  • We don't sell your personal data
  • We keep data only as needed
  • We follow US and European privacy laws
  • You can email legal@fyve.dev at any time

Back to Top

Definitions

The definitions section establishes clear terminology used throughout this policy to avoid ambiguity. Users and clients should focus on understanding the distinction between Services (our consulting work) and Products (our software solutions). This section is particularly important for organizations that engage with us in multiple capacities since different privacy rules may apply.

  • Services: Professional consulting, technical advisory, implementation assistance, and other professional services provided by Fyve Labs to its clients.
  • Products: Software, AI models, applications, platforms, or other technical solutions developed and maintained by Fyve Labs.
  • Client: An organization or individual engaging Fyve Labs for Services.
  • End User: An individual using Fyve Labs Products.

Back to Top

Services

This outlines how we handle data when providing consulting and professional services to clients. We prioritize client confidentiality and maintain strict data access controls during project engagements. Client data is retained only as long as necessary for service delivery and legal compliance. Special attention should be paid to retention periods and access credential management after project completion such that they align to overriding needs of a client.

Data Collection

  • Client business information
  • Employee contact information
  • Project documentation
  • Client systems access credentials
  • Meeting recordings and transcripts
  • Work products and deliverables

Technical Implementation

Collection Points

  • Secure document repositories
  • Project management systems
  • Communication platforms
  • Access management systems

Retention Periods

  • Active Project Data: Duration of engagement plus 2 years
  • Client Communications: 5 years
  • Contract Documentation: 7 years
  • Work Products: As specified in client agreements

Back to Top

Products

This describes how we collect and process data when users interact with our software and AI solutions. We emphasize transparency in data collection and minimize data retention to only what's necessary for product functionality and improvement. Users should particularly note the retention periods for different types of data and how their usage information contributes to product development.

Data Collection

  • User account information
  • Usage telemetry
  • Performance metrics
  • AI training data
  • User-generated content

Technical Implementation

Processing Systems

  • Real-time analytics pipeline
  • Batch processing systems
  • Anomaly detection
  • Performance monitoring
  • Security analysis

Retention Periods

  • Active Account Data: Account duration plus 90 days
  • System Logs: 30 days
  • Performance Metrics: 12 months
  • Training Data: 24 months

Back to Top

Security Measures

Our security infrastructure uses industry-standard encryption and access controls to protect all data we handle. We maintain compliance with major security frameworks and regularly update our security protocols to address emerging threats.

Technical Controls

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Role-based access control
  • Multi-factor authentication
  • Regular security scanning
  • Automated compliance monitoring

Compliance Frameworks

Frameworks may be utilized by different services provided within Fyve. At this time, we do not guarantee full adherence to these coimpliance standards, but if that is a critical need, we are happy to talk about implementations.

  • SOC 2 Type II
  • GDPR
  • CCPA/CPRA
  • Industry-specific regulations

Back to Top

Data Rights

Your privacy rights are protected under both US and EU frameworks, giving you control over how your data is collected, used, and deleted. While Fyve Labs maintains strong security standards with industry-standard encryption and controls, our specific compliance certifications vary by service and can be enhanced based on project requirements.

US Rights

  • Right to Know
  • Right to Delete
  • Right to Opt-Out
  • Right to Non-Discrimination

GDPR Rights

  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object

Back to Top

Contact Information

We provide clear channels for all privacy-related communications and concerns. We commit to prompt responses for privacy inquiries and maintain separate channels for general privacy questions, data rights requests, and security incidents.

Privacy Inquiries

Data Rights Requests

  • Submit requests to: legal@fyve.dev
  • Required Information: Name, email, relationship to Fyve Labs
  • Verification process will be initiated within one business week

Other Contact

Back to Top

Version History

This section helps users understand when and how our privacy practices evolve, with clear documentation of reviews and updates. Users should periodically check this section to stay informed of any changes that might affect their data rights or our handling of their information.

Current Version

  • Version: 1.0
  • Last Updated: December 16, 2024
  • Effective Date: December 16, 2024

Change Log

v1.0 - Initial Release

  • Consolidated Services and Products policies
  • Added GDPR compliance measures
  • Implemented technical controls documentation

This policy is maintained by Fyve Labs Legal and Privacy Team. For questions or concerns, please see the Contact Information section.

Back to Top