Last Updated: November 1, 2025
We are committed to protecting the privacy and security of our clients, their employees, and all users of our Services.
Fari, Inc. ("Fari," "we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, share, store, and protect information in connection with our services, including Fari AI (our intelligent automation platform), Fari Lens (our computer vision-based inventory management system), Fari Analytics (our unified intelligence platform), and associated mobile applications, web-based dashboards, and application programming interfaces (collectively, the "Services").
This Privacy Policy applies to information we collect from our business customers ("Customers," "you," or "your"), their authorized users, employees who use the Services on behalf of our Customers, and visitors to our website. Our Services are designed for use by hospitality businesses, primarily hotels, and are not intended for personal, family, or household purposes.
By accessing or using the Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you should not access or use the Services. This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Services.
For purposes of applicable data protection laws, Fari acts as a data controller with respect to certain personal information (such as Customer account information and user contact details), and as a data processor with respect to other personal information that Customers submit through the Services (such as employee data and operational information). Where we process personal data on behalf of our Customers, our Customers are the data controllers and are responsible for ensuring they have appropriate legal bases for processing and for providing required notices to their employees and other individuals.
We collect various types of information to provide, maintain, improve, and protect our Services. The information we collect falls into several categories:
When you create an account or subscribe to our Services, we collect business and contact information including:
Company Information: Legal business name, trade names, business address, business phone number, business email address, tax identification numbers, business type and industry classification, number of employees, and number of properties or locations.
Account Holder Information: Name, work email address, job title, department, work phone number, and preferred language for communications. This information is collected from the individual who registers for the Services or is designated as the primary account administrator.
Billing Information: Credit card information (processed by third-party payment processors), billing address, purchase order information, and transaction history. We do not directly store complete credit card numbers; this information is securely processed and stored by our PCI-compliant payment service providers.
Property Information: Details about hotel properties including property names, addresses, contact information, property types, number of rooms, facility details, and operational characteristics relevant to our Services.
Our Customers create user accounts for their employees and authorized personnel who will access the Services. For each user account, we collect:
Profile Information: User's full name, work email address, job title, department or team, employee identification number (if provided), work phone number, and profile photo (optional).
Authentication Data: Username, password (stored in hashed and encrypted form), security questions and answers, multi-factor authentication settings and verification codes, session tokens, and authentication logs including timestamps and IP addresses of login attempts.
Permissions and Roles: User role assignments (e.g., administrator, manager, staff), access permissions for different areas of the Services, department or location access restrictions, and approval authority levels.
Activity Information: User activity logs including actions performed, features accessed, timestamps of activities, records of data created, modified, or deleted, system events triggered by the user, and workflow executions initiated by the user.
Through your use of the Services, particularly Fari AI and Fari Lens, we collect extensive operational data:
Inventory Images and Visual Data: Images and videos captured through the Fari Lens mobile application, including photographs of hotel rooms, minibars, stockrooms, supply closets, and other operational areas. These images may incidentally capture background details, furnishings, and other elements within the photographed space. Images are tagged with metadata including capture timestamp, device identifier, user who captured the image, location/room number, image quality metrics, and processing status.
Computer Vision Processing Results: Analyzed data from images including item identifications, quantity counts, product categories, brand recognition results, item conditions, discrepancy flags, confidence scores for each detection, comparison data from previous inspections, and patterns or trends in inventory levels.
Inventory Records: Historical inventory data, consumption patterns, replenishment schedules, stock levels, par levels, reorder points, supplier information, product specifications, pricing data, and cost information.
Operational Workflows: Workflow configurations created in Fari AI, automation rules and triggers, integration settings with third-party systems, task assignments and completions, approval chains and decisions, performance metrics and analytics, exception reports, and system-generated recommendations.
Integration Data: Data synchronized from connected systems including Property Management Systems (PMS), Point of Sale (POS) systems, financial systems, and other third-party platforms, which may include guest information (processed in accordance with applicable laws), transaction records, accounting data, and operational metrics.
When you access the Services, we automatically collect certain technical information:
Device Information: Device type and model, operating system and version, mobile carrier, device identifiers (such as device ID, advertising ID where applicable), screen resolution, device settings including language and time zone, and hardware capabilities including camera specifications.
Network and Connection Data: IP address, internet service provider, connection type and quality, network performance metrics, and geographic location derived from IP address.
Browser and Application Information: Browser type and version, browser language settings, referring and exit pages, pages visited within our Services, time spent on pages, links clicked, web beacons and pixel tags, application version, application performance metrics, crash reports, and error logs.
Location Information: With your permission, we may collect precise location data from mobile devices to associate captured images with specific locations or rooms. Location data includes GPS coordinates, WiFi access points, and Bluetooth beacon information. You can control location permissions through your device settings.
When you communicate with us or request support, we collect:
Support Tickets and Inquiries: Content of your communications with our support team, including emails, chat messages, phone call recordings (where permitted by law and with notice), attachments and screenshots you provide, support ticket history and resolutions, and satisfaction ratings or feedback.
Feedback and Surveys: Responses to surveys, feedback forms, user research sessions, feature requests, product reviews, and any other voluntary communications you provide.
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. This is described in more detail in the "Cookies and Tracking Technologies" section below.
We use the information we collect for various purposes related to providing, maintaining, improving, and protecting our Services. The legal bases for our processing of personal data include: (a) performance of our contract with you; (b) our legitimate business interests; (c) compliance with legal obligations; and (d) consent where required by applicable law.
We use your information to deliver the core functionality of our Services:
Creating and managing your account; authenticating users and maintaining account security; processing inventory images through our computer vision system; analyzing images to identify items, count quantities, and detect discrepancies; generating inventory reports and analytics; executing automated workflows configured in Fari AI; synchronizing data with integrated third-party systems; storing and retrieving your data; providing access to dashboard interfaces and mobile applications; facilitating team collaboration and task management; sending transactional communications such as confirmations, receipts, technical notices, updates, security alerts, and support messages; and providing customer support and responding to your inquiries.
A key component of our Services involves training and improving artificial intelligence and machine learning models, particularly for computer vision applications:
Property-Specific Model Training: Images captured through Fari Lens at your property are used to create and refine custom computer vision models tailored to your specific inventory items, room configurations, product brands, and operational environment. This property-specific training improves recognition accuracy for your unique setup. These custom models and their associated training data remain segregated within your account and are not shared with other customers. The property-specific models are used exclusively to process images from your property.
General Model Improvement: We also use aggregated and anonymized image data across our customer base to train and improve our general computer vision models. This involves combining data from multiple sources to create more robust recognition capabilities that benefit all customers. For example, images of common hospitality products (such as minibar items, toiletries, linens, or room amenities) from multiple hotels may be used to improve the system's ability to recognize those product categories universally. However, we take steps to protect customer privacy in this process:
• Property-identifying information, unique branding, custom labels, and other distinctive elements are removed or anonymized before images are included in general training datasets.
• Your specific inventory counts, pricing data, consumption patterns, and property-specific operational data remain private and are never included in general model training.
• Images are processed to focus on product recognition rather than contextual details that might identify your property.
• We employ differential privacy techniques and other privacy-preserving methods in our training processes.
• Where images may contain incidental personal information or identifiable details, we employ automated detection and redaction technologies.
Ongoing Improvement: Machine learning models require continuous training and refinement to maintain and improve accuracy. As new products enter the market, as hotel environments evolve, and as we identify edge cases or recognition errors, we use operational data to update and enhance our models. This ongoing training is essential to providing reliable and accurate inventory recognition services.
Quality Assurance: We may use a subset of images for quality assurance purposes, including manual review by trained personnel to verify the accuracy of automated recognition, identify systematic errors, evaluate model performance, and validate improvements. Personnel conducting manual review are bound by confidentiality obligations and access only the minimum data necessary for quality assurance purposes.
We analyze usage patterns and operational data to improve existing features and develop new capabilities:
Understanding how customers use the Services; identifying features that are most valuable and those that need improvement; detecting bugs, errors, and performance issues; optimizing system performance and response times; developing new features and functionalities; conducting research and development for future products; testing new features with select customers; measuring the effectiveness of improvements and updates; analyzing user workflows to identify automation opportunities; and understanding common challenges faced by hospitality operations to inform product roadmap decisions.
We use information to operate and manage our business:
Processing payments and managing billing; maintaining accurate financial records; managing subscriptions, renewals, and account changes; providing customer support and responding to inquiries; onboarding new customers and providing training; communicating with you about your account, including service updates, new features, and important notices; conducting customer satisfaction surveys and gathering feedback; managing vendor and partner relationships; performing internal administrative functions including accounting, legal compliance, and business planning; and evaluating and improving our business processes.
We use information to protect the Services and our users:
Monitoring for security threats and unauthorized access; detecting and preventing fraud, abuse, and violations of our Terms of Service; investigating suspected illegal activity or security breaches; maintaining audit logs for security and compliance purposes; verifying identity and authentication; implementing and enforcing our policies; responding to legal requests and court orders; complying with applicable laws, regulations, and legal processes; protecting our rights, property, and safety and the rights, property, and safety of our users and third parties; enforcing our agreements; resolving disputes; and conducting internal investigations.
We create aggregated, anonymized, and de-identified data from the information we collect:
Generating industry benchmarks and trends; producing statistical reports about hospitality operations; understanding market dynamics and customer needs; informing business strategy and product decisions; conducting research on hospitality technology and operations; and sharing non-identifiable insights with partners, investors, or the public. These aggregated datasets do not identify any specific customer or property and cannot be used to reverse-engineer individual customer data.
With your consent where required by law, we may use your contact information to:
Send you information about new features, products, or services; provide educational content, tips, and best practices; invite you to webinars, events, or training sessions; share case studies and success stories; conduct market research; and send newsletters or promotional communications. You may opt out of marketing communications at any time by following the unsubscribe link in emails or by contacting us. Opting out of marketing communications will not affect transactional or service-related communications.
We store data using enterprise-grade cloud infrastructure provided by leading cloud service providers. Our infrastructure is designed for high availability, reliability, and security. Data is stored in geographically distributed data centers with redundancy to ensure business continuity.
Data Segregation: Customer data is logically segregated using multi-tenant architecture with strong isolation controls. Each customer's data is kept separate and cannot be accessed by other customers. Database-level and application-level controls ensure that queries and operations can only access data belonging to the authenticated customer account.
Data Location: Customer data is primarily stored in data centers located in the United States. Backup copies and redundant systems may be located in other geographic regions to ensure availability and disaster recovery capabilities. We ensure that all storage locations meet our security and privacy standards.
Backups: We perform regular automated backups of customer data to prevent data loss and facilitate disaster recovery. Backups are encrypted and stored securely in geographically separate locations. We maintain backups for a defined retention period to enable data recovery in case of system failures or data corruption.
We implement comprehensive technical and organizational security measures to protect your data:
Encryption: Data is encrypted in transit using Transport Layer Security (TLS) 1.2 or higher with strong cipher suites. All communications between clients and our servers, between our internal services, and with third-party integrations are encrypted. Data at rest is encrypted using AES-256 encryption or equivalent standards. This includes database encryption, file storage encryption, and backup encryption. Encryption keys are managed using industry-standard key management practices and are regularly rotated.
Access Controls: We implement strict access controls including role-based access control (RBAC) that ensures users can only access data and functionality appropriate to their job role; principle of least privilege, granting the minimum access necessary for each user; multi-factor authentication (MFA) requirements for administrative access and optionally for all users; session management with automatic timeouts; IP address restrictions and geographical access controls where appropriate; and comprehensive audit logging of all access to sensitive data and administrative actions.
Network Security: Our infrastructure includes firewalls to control inbound and outbound traffic; intrusion detection and prevention systems (IDS/IPS); distributed denial-of-service (DDoS) protection; network segmentation to isolate different system components; virtual private networks (VPNs) for secure remote access by our personnel; and regular network security assessments.
Application Security: We employ secure coding practices and conduct regular code reviews; perform automated and manual security testing; conduct vulnerability scanning and penetration testing; implement protection against common vulnerabilities (OWASP Top 10); use secure authentication and session management; implement rate limiting and abuse prevention mechanisms; and maintain a coordinated vulnerability disclosure program.
Physical Security: Our cloud infrastructure providers maintain physical security controls including 24/7 monitoring and surveillance; biometric access controls; environmental controls (fire suppression, climate control); redundant power and network connectivity; and regular security audits and certifications.
Monitoring and Incident Response: We maintain continuous security monitoring; real-time threat detection and alerting; security information and event management (SIEM) systems; automated anomaly detection; an incident response plan and team; regular security drills and tabletop exercises; and procedures for notifying affected parties in case of security incidents.
Personnel Security: Background checks for employees with access to sensitive data; security awareness training for all personnel; confidentiality and non-disclosure agreements; defined roles and responsibilities for data protection; and immediate revocation of access upon termination of employment.
Security Updates: We regularly apply security patches and updates to all systems; maintain an inventory of system components and their versions; monitor security advisories and vulnerability databases; have processes for emergency patching of critical vulnerabilities; and conduct regular security assessments of our software and infrastructure.
While we implement robust security measures, no system can be completely secure. We cannot guarantee absolute security of your data. You acknowledge that you provide information at your own risk. You are responsible for maintaining the security of your account credentials, configuring appropriate user permissions, implementing security controls within your organization, and promptly reporting any suspected security incidents.
In the event of a data breach affecting your personal data, we will notify you and applicable regulatory authorities in accordance with applicable data breach notification laws. Notification will be made without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Our notification will include information about the nature of the breach, the data affected, potential consequences, and measures taken to address the breach and mitigate harm.
We do not sell your personal data to third parties. We do not share your specific operational data, inventory counts, property-identifying information, or customer-specific details with other customers or unaffiliated third parties except as described in this Privacy Policy or with your explicit consent.
Customer Data Segregation: Each hotel's or property's data is strictly segregated from other customers' data. Your inventory records, images, operational metrics, and business information are kept confidential and are accessible only to authorized users within your organization and to Fari personnel who require access to provide the Services, maintain security, or comply with legal obligations.
We may share information in the following circumstances:
We engage third-party service providers to perform functions on our behalf. These service providers have access to personal data only to the extent necessary to perform their functions and are contractually obligated to maintain confidentiality and security. Our service providers include:
Cloud Infrastructure Providers: We use cloud infrastructure services for hosting, data storage, computing resources, and content delivery. These providers maintain physical and technical security controls and are certified under industry security standards.
Payment Processors: Credit card and payment information is processed by PCI-DSS compliant payment service providers. We do not store complete credit card numbers on our servers.
Customer Support Tools: We use customer support and help desk platforms to manage support tickets, communications, and customer inquiries. Support interactions may be logged in these systems.
Communication Services: Email service providers, SMS/text messaging services, and push notification services are used to send communications to users.
Analytics and Monitoring: We use analytics services to understand usage patterns, performance monitoring tools to ensure system health, and error tracking services to identify and resolve issues. These services process technical and usage data.
Security Services: Third-party security vendors assist with security monitoring, penetration testing, vulnerability scanning, and incident response.
All service providers are carefully vetted and selected based on their security practices, privacy commitments, and compliance with applicable laws. We maintain data processing agreements with service providers that process personal data on our behalf, which include obligations regarding data protection, security, confidentiality, and compliance with applicable data protection laws.
If Fari is involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. In such cases:
We will provide notice before your personal data is transferred and becomes subject to a different privacy policy; the acquiring entity will be bound by the commitments made in this Privacy Policy or will seek your consent for material changes; you may have rights to object to the transfer under applicable data protection laws; and we will take reasonable steps to ensure the acquiring entity maintains appropriate security and privacy protections.
During due diligence for potential business transactions, we may share information with prospective buyers or investors under strict confidentiality agreements that limit their use and disclosure of the information.
We may disclose your information when we believe in good faith that disclosure is necessary to:
Comply with applicable laws, regulations, legal processes, or enforceable governmental requests; respond to valid subpoenas, court orders, or other legal demands; enforce our Terms of Service or other agreements; detect, prevent, or address fraud, security issues, or technical problems; protect against harm to the rights, property, or safety of Fari, our users, or the public as required or permitted by law; investigate potential violations of our policies; respond to claims that content violates the rights of third parties; or fulfill any other purpose for which you provide consent.
Where possible and legally permissible, we will notify you before disclosing your information in response to legal requests. However, we may be prohibited from providing notice in certain circumstances, such as when disclosure is required by court order with a non-disclosure provision or when notice would impede a law enforcement investigation.
We may share your information with third parties when you explicitly consent to such sharing. For example, if you authorize us to integrate with a third-party service or share data with a specific partner, we will do so only to the extent authorized by you. You may revoke such consent by disconnecting the integration or contacting us.
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you or your property. This may include industry statistics, benchmarking data, market trends, and research insights. Such data does not constitute personal data under applicable data protection laws and is not subject to the restrictions in this Privacy Policy.
We may share information with our parent company, subsidiaries, affiliates, or related entities for business operations, service provision, support, and internal administration. All entities are required to maintain the security and confidentiality of personal data in accordance with this Privacy Policy.
You have certain rights regarding your personal data. The specific rights available to you may depend on your location and the applicable data protection laws. If you are located in the European Economic Area (EEA), United Kingdom, or California, you have additional rights described in specific sections below.
Access: You can access your account information and operational data through the Services dashboard. You may request a copy of the personal data we hold about you by contacting us.
Correction: You can update your account information, user profiles, and business details through the Services. If you believe we have inaccurate information about you, please contact us and we will correct it.
Deletion: You may request deletion of your account and associated data by contacting us. Upon receiving a valid deletion request, we will delete your personal data unless retention is required by law or necessary for legitimate business purposes. Some data may be retained in backups for a limited period.
Data Portability: You may export your operational data, inventory records, and reports through the Services. For other data portability requests, please contact us.
Marketing Opt-Out: You may opt out of marketing communications by clicking the unsubscribe link in emails or by adjusting your communication preferences in your account settings. Note that you cannot opt out of transactional or service-related communications.
Account Closure: You may close your account at any time through account settings or by contacting us. Closing your account will terminate your access to the Services and may result in deletion of your data subject to our retention policies.
To exercise your rights, please contact us using the contact information provided in this Privacy Policy. We will respond to your request within the timeframes required by applicable law (generally within 30-45 days). We may need to verify your identity before processing your request. We may request additional information to confirm your identity and ensure we are providing data to the correct individual.
In some cases, we may be unable to fulfill your request due to legal obligations, ongoing investigations, or other legitimate reasons. We will explain why we cannot fulfill your request if this occurs.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws:
Right to Access: You have the right to obtain confirmation of whether we process your personal data and to receive a copy of your personal data along with certain information about the processing.
Right to Rectification: You have the right to require us to correct inaccurate personal data and to complete incomplete personal data.
Right to Erasure: You have the right to require us to delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to Restriction: You have the right to require us to restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object: You have the right to object to processing based on legitimate interests, direct marketing, and processing for research or statistical purposes.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights under GDPR.
Given the nature of Fari Lens, which involves capturing images of hotel rooms and operational spaces, we provide specific information about how we handle these images:
Purpose and Use: Images are captured for the specific purpose of inventory management, item counting, and operational oversight. The computer vision system analyzes images to identify products, count quantities, and detect discrepancies. Images are not used for surveillance of individuals or for purposes unrelated to inventory management.
Incidental Information: While the primary subject of images is inventory items and operational spaces, images may incidentally capture background details such as room furnishings, decor, facility conditions, and occasionally personal items left in photographed areas. We implement technical measures to focus processing on relevant inventory items rather than incidental details.
Privacy Protections: We employ automated detection mechanisms to identify and handle potential privacy concerns in images. Where feasible, our system detects faces, identification documents, or other sensitive personal information that may be incidentally captured and excludes these elements from processing or training datasets. However, automated detection cannot guarantee perfect accuracy, and we recommend that staff capturing images follow best practices to avoid photographing sensitive information.
Access Controls: Access to captured images is restricted based on role-based permissions configured by your account administrators. Only authorized users within your organization can view images from your property through the Services. Fari personnel may access images for technical support, quality assurance, system maintenance, or when required by law, but such access is logged and limited to legitimate business purposes.
Retention: Images are retained as long as they serve operational purposes for your business, typically aligned with your subscription term. Historical images may be retained for trend analysis, comparison purposes, and audit trails. You may configure retention policies within the Services or contact us to discuss custom retention periods. Upon termination of your subscription, images are deleted in accordance with our data retention schedule unless longer retention is required by law or you have requested extended retention.
Your Responsibilities: As the customer using Fari Lens, you are responsible for: ensuring you have appropriate legal bases for capturing images in hotel rooms and operational areas; providing necessary notices to guests about the use of image capture technology for operational purposes; training staff on appropriate image capture practices to minimize capture of sensitive information; complying with applicable laws regarding workplace monitoring, employee privacy, and guest privacy; and implementing your own policies governing when and where image capture is appropriate.
Notice to Guests and Employees: We recommend that hotels using Fari Lens provide appropriate notice to guests (such as through privacy policies, room information, or signage) and employees about the use of computer vision technology for inventory management purposes. While the primary purpose is not surveillance, transparency about operational technology helps maintain trust.
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and the purposes for which it is used:
Account Data: Account information is retained for the duration of your subscription and for a reasonable period after termination to facilitate potential reactivation and to comply with legal obligations. Account data is typically deleted within 90 days of subscription termination unless longer retention is required.
Operational Data: Inventory records, images, and workflow data are retained as long as they serve business purposes for your operations. Historical data may be retained to support trend analysis and operational insights. Upon subscription termination, operational data is deleted in accordance with our standard retention schedule (typically within 30-90 days) unless you request an extended retention period or expedited deletion.
Financial Records: Billing and payment information is retained for the period required by tax and accounting regulations, typically 7 years from the date of the transaction.
Support Communications: Support tickets, emails, and other communications are typically retained for 2-3 years to provide continuity of support and to reference historical issues.
Security Logs: Access logs, authentication logs, and security event logs are retained for 1-2 years for security monitoring, incident investigation, and compliance purposes.
Training Data: Once data has been incorporated into machine learning models through training processes, the trained models themselves may be retained indefinitely as they constitute our intellectual property. However, the underlying training data may be deleted according to the retention schedules described above.
Backups: Data in backups may persist for an additional period beyond the primary retention schedule. Backups are typically retained for 30-90 days and are eventually overwritten or deleted. Data in backups is not accessible for ordinary business purposes.
Legal Holds: If data becomes subject to a legal hold, court order, investigation, or pending litigation, we will preserve the relevant data until the legal matter is resolved, even if this exceeds our normal retention periods.
When we delete data, we take reasonable steps to ensure it cannot be recovered, including overwriting data, destroying physical media, and deleting data from backup systems within the normal backup retention cycle.
Fari is based in the United States, and our primary data processing and storage facilities are located in the United States. If you are located outside the United States, your personal data will be transferred to, processed, and stored in the United States.
The United States and other countries where we operate may have data protection laws that differ from those in your country. However, we implement appropriate safeguards to protect your personal data in accordance with this Privacy Policy and applicable laws, regardless of where it is processed.
For European Users: When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries, we ensure adequate protection through one or more of the following mechanisms:
• Standard Contractual Clauses (SCCs) approved by the European Commission, which provide contractual guarantees for the protection of personal data transferred outside the EEA.
• Adequacy decisions issued by the European Commission recognizing that certain countries provide adequate data protection.
• Other legally approved transfer mechanisms such as Binding Corporate Rules or certifications under approved frameworks.
• In the absence of an adequacy decision or appropriate safeguards, we may transfer data based on derogations provided in Article 49 of the GDPR, such as your explicit consent or when necessary for the performance of a contract.
Service Provider Transfers: Our service providers who process personal data on our behalf are also located in various countries. We ensure that data transfer mechanisms are in place with these providers through contractual agreements that require appropriate data protection standards.
By using the Services, you acknowledge and agree to the international transfer and processing of your personal data as described in this Privacy Policy. If you have questions about our data transfer practices or would like more information about the safeguards we have in place, please contact us.
The Services are not intended for use by individuals under the age of 18, and we do not knowingly collect personal information from children under 18. The Services are designed for use by businesses in a professional context and are meant to be accessed by employees and authorized personnel of our business customers.
If you are under 18 years of age, you may not create an account or use the Services. If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately so we can delete such information.
If we learn that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as soon as possible. Our customers are responsible for ensuring that only authorized adult employees access and use the Services.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information. Note that we do not sell personal information in the traditional sense, but we may share information in ways that could be considered a "sale" under California law. You can opt out by contacting us.
Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information. We only use sensitive personal information for permitted business purposes.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights. We will not discriminate against you for exercising your rights, including by denying you goods or services, charging different prices, or providing a different level of quality.
Authorized Agents: You may designate an authorized agent to make requests on your behalf. We may require verification of both your and your agent's identity and proof of authorization.
To exercise these rights, please contact us using the information provided in this Privacy Policy. We will respond within 45 days, though we may extend the response period by an additional 45 days if necessary.
Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have similar rights to those described for California residents, including rights to access, delete, correct, and opt out of certain data processing activities. The specific rights and procedures may vary by state. To exercise your rights under applicable state privacy laws, please contact us.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons. When we make material changes to this Privacy Policy, we will notify you by:
• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending an email notification to the email address associated with your account
• Displaying an in-app notification when you next access the Services
• For material changes that significantly affect your rights, providing at least 30 days advance notice
We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated Privacy Policy, you should discontinue use of the Services.
For material changes that require consent under applicable law, we will obtain your consent before applying the changes to your personal data. The date at the top of this Privacy Policy indicates when it was last updated.
If you have questions, concerns, comments, or requests related to this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us:
Fari, Inc.
Attn: Privacy Team / Data Protection Officer
251 Little Falls Dr
Wilmington, DE 19808, USA
Email: vincent@getfari.com
We will respond to your inquiry within a reasonable timeframe, typically within 30-45 days depending on the nature of your request and applicable legal requirements. For urgent privacy concerns, please indicate this in your communication.
For European Users: If you are located in the European Economic Area, United Kingdom, or Switzerland and have concerns about our data practices that we have not adequately addressed, you have the right to lodge a complaint with your local data protection authority.