Skip to main content
Data Protection

Privacy Policy

At Fyboard, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our platform and services.

Effective: January 14, 2026
Version 2.1
~12 min read
Quick Navigation12 sections

1. Privacy Overview

Our commitment to protecting your personal information

At Fyboard, privacy isn't an afterthought—it's a fundamental principle woven into every aspect of our platform. This Privacy Policy applies to all users of the Fyboard ecosystem, including website visitors, registered users, enterprise customers, and third-party integrations.

Core Privacy Principles

Data Minimization

We only collect data that's essential for providing our services and enhancing your experience

  • Purpose limitation: Data collected only for specified, legitimate purposes
  • Storage limitation: Retained only as long as necessary
  • Regular audits to ensure minimal data collection

Security by Design

Enterprise-grade security measures protect your data throughout its entire lifecycle

  • End-to-end encryption for data in transit and at rest
  • Zero-trust architecture with multi-layered security
  • Regular penetration testing and security audits

User Control

You maintain complete ownership and control over your personal data and privacy settings

  • Granular privacy controls and preferences
  • Easy data export and deletion options
  • Transparent consent management

Transparency

Clear, honest communication about our data practices and privacy commitments

  • Plain-language privacy policies and notices
  • Regular transparency reports and updates
  • Open communication about data breaches or incidents

Our Privacy Commitments

Never Sell Your Data

We will never sell, rent, or trade your personal information to third parties for monetary gain or any other consideration.

Consent-Based Processing

We process your data only with your explicit consent or when necessary to provide our services.

Global Privacy Standards

We comply with international privacy laws including GDPR, CCPA, PIPEDA, and other regional regulations.

Third-Party Verified

Our privacy practices are independently audited and certified by recognized security organizations.

Privacy by Default

The most privacy-friendly settings are applied by default, with options to customize based on your preferences.

Privacy by the Numbers

256-bit
AES Encryption
Military-grade
99.9%
Uptime SLA
Reliability
< 30 days
Response
Privacy rights
24/7
Monitoring
Security

Key Points to Remember

  • We never sell your personal data to third parties
  • You can export or delete your data at any time
  • Military-grade encryption for all stored information
  • Regular independent security and privacy audits

2. Information We Collect

Types of data we gather to provide our services

Account & Profile Information

We collect personal information that you provide when creating an account, updating your profile, or using our services. This information helps us personalize your experience and provide customer support.

Required Information

  • • Full name and username
  • • Email address (primary contact)
  • • Password (encrypted and secure)
  • • Account type and preferences
  • • Basic profile information

Optional Information

  • • Profile picture and bio
  • • Phone number for security
  • • Organization and job title
  • • Social media profiles
  • • Communication preferences

Data Accuracy

You are responsible for keeping your personal information accurate. Incorrect information may affect service delivery and security.

Identity Verification & Security

For enhanced security and compliance, we may collect additional verification information for business accounts and premium features.

Security

  • • 2FA data
  • • Security questions
  • • Biometric data (if enabled)
  • • Authentication tokens

Business

  • • Company registration
  • • Tax identification
  • • Business address
  • • Authorized representative

Compliance

  • • KYC documentation
  • • Gov-issued ID copies
  • • Address verification
  • • Compliance records

Payment & Billing Information

When you subscribe, we collect payment information necessary to process transactions securely through certified processors.

Billing Details
  • • Billing name and address
  • • Payment method type
  • • Last 4 digits of cards
  • • Transaction history
Security
  • • Encrypted tokens
  • • Fraud prevention data
  • • Bank verification
  • • Processor identifiers

We never store full card numbers on our servers. All processing is PCI DSS compliant.

"We prioritize transparency in our collection practices. Your data is used exclusively to enhance your Fyboard experience."

3. How We Use Information

Transparent processing for legitimate business purposes

Every piece of data we collect serves a specific, legitimate purpose. We process your information transparently and proportionally.

Primary Processing Purposes

We process your personal information for six primary categories of purposes, each with specific legal bases and retention periods.

Service Delivery

Core platform functionality and service provision to meet contractual obligations.

BasisContractual Necessity
RetentionDuration of account + 90 days
AuthenticationDocument storageReal-time syncTeam messaging

Security & Fraud

Comprehensive monitoring to protect users and the platform from threats.

BasisLegitimate Interest
Retention7 years (audit compliance)
Anomaly detectionUnauthorized access preventionIdentity verification

Analytics & Improvement

Optimizing user experience and platform performance.

BasisLegitimate Interest
Retention3 years (trend analysis)
Feature usage analyticsA/B testingBug detection

Communication

Keeping users informed about updates, security, and billing.

BasisContractual/Consent
RetentionDuration of account + 2 years
Service alertsPolicy changesMarketing (opt-in)

Legal Compliance

Required to meet tax, regulatory, and financial obligations.

BasisLegal Obligation
RetentionAs required by law
Tax reportingKYC verificationLegal process compliance

Business Operations

Supporting customer relationships and operational excellence.

BasisLegitimate Interest
RetentionDuration of relationship + 5y
Customer supportOnboardingUsage reporting

4. Information Sharing

How we share your data with trusted partners

We never sell your personal information. Data sharing is limited to what's necessary for service provision or legal compliance.

Trusted Service Provider Partners

All partners are bound by strict data protection agreements and undergo regular security assessments.

Cloud Infrastructure

Hosting and data storage infrastructure partners.

AWS

Primary cloud hosting & storage

Shared: App data, User content
Google Cloud

Secondary infrastructure & analytics

Shared: Usage metrics, Error logs

Payment Processing

Secure payment processing and financial services.

Stripe

Credit card & payment processing

Shared: Billing details, Auth tokens
Razorpay

Indian payment gateway & UPI

Shared: Bank info, KYC docs

Communication Services

Email, messaging, and notification delivery.

SendGrid

Transactional email delivery

Shared: Email addresses, Message content
Twilio

SMS & 2FA notifications

Shared: Phone numbers, Delivery status

Analytics & Monitoring

Performance monitoring and UX analytics.

Google Analytics

Usage and behavior analysis

Shared: Device info, Geographic data
Mixpanel

Product & conversion analytics

Shared: Feature usage, Interactions

5. Cookies & Tracking

How we use cookies and tracking technologies

We use cookies to improve your experience. You have full control over non-essential cookies.

Essential Cookies

Required

Necessary for basic website functionality and security.

Technical IDs

auth_sessioncsrf_tokensecurity_flags

Impact: Breaking core functionality if disabled.

Functional Cookies

Enhance user experience with personalized features.

Technical IDs

user_preferencesworkspace_statefeature_flags

Impact: May affect convenience features.

Analytics Cookies

Help us understand how users interact with our platform.

Technical IDs

_ga (Google)mixpanel_distinct_idhotjar

Impact: Helps item improvement only.

Marketing Cookies

Enable targeted advertising and campaign management.

Technical IDs

facebook_pixelgoogle_adslinkedin_insight

Impact: Affects ad personalization only.

6. Data Security

How we protect your information

Security is our foundation. We use enterprise-grade encryption and zero-trust protocols.

Multi-Layered Security Architecture

Encryption Standards

Advanced cryptography for data at rest and in transit.

TLS 1.3 (Transit)AES-256 (Rest)HSM Key Storage

Infrastructure Security

Robust protection across all system components.

DDoS MitigationWAF ProtectionSOC 2 Type II

Application Controls

Security-first development lifecycle (SSDLC).

OWASP Top 10Dependency ScanningMFA/SSO

7. Data Retention

How long we keep your information

We retain data only as long as necessary for service delivery, compliance, or fraud prevention.

User Account Data

Personal info and account settings retention.

Standard

Active duration + 2yr inactivity

Profile InfoAuth CredentialsComm Preferences

Business Data

Workspace content and collaboration records.

Standard

Subscription + 30-day grace

Project ContentCollab HistoryVersion History

Usage Analytics

Platform metrics and performance data.

Standard

13-18 months (then anonymized)

Activity LogsPerformance MetricsFeature Analytics

Security & Legal

Audit trails and compliance records.

Standard

7-10 years (Regulatory)

Security LogsAudit TrailsBackup Data

8. Your Privacy Rights

Understanding and exercising your choices

You have the right to access, correct, or delete your personal data. We provide tools to make this easy.

Access

View and understand all personal data we have.

Copy of Data
Sources
Third Parties

Rectification

Correct inaccurate or incomplete information.

Self-service edits
Factual corrections
Verification

Erasure

Request deletion of your personal data.

Account Deletion
Selective removal
Certificates

Restriction

Limit how we process your personal data.

Processing freeze
Dispute protection
Consent overrides

Portability

Receive data in portable, machine-readable formats.

JSON/CSV exports
Transfer support
Metadata

Object

Object to processing based on legitimate interests.

Marketing Opt-out
Profiling freeze
DPO direct line

9. International Transfers

Global data protection and cross-border transfers

Your data is protected worldwide. We use Standard Contractual Clauses (SCCs) and only partner with verified providers.

Our Global Transfer Principles

We transfer personal data internationally only when necessary for service provision and with appropriate safeguards to protect your privacy rights. Every transfer is governed by strict legal frameworks and security controls.

Service Delivery

Global cloud infrastructure for performance.

Business Ops

HR and finance systems for global workforce.

Redundancy

Multi-region backups for disaster recovery.

10. Children's Privacy

Special protections for our younger users

We are committed to children's safety. We do not knowingly collect data from children under 13 without verifiable parental consent.

Comprehensive Child Protection

We recognize that our platform may be used in educational or family contexts. We are committed to the highest level of protection for any users under 18.

Children Under 13

We do not knowingly collect personal info from children under 13 without verifiable parental consent. Any inadvertently gathered data is purged immediately.

COPPA Compliant

Teens 13-17

Additional privacy protections and content filtering are automatically applied. Features are limited to educational and professional focus.

Enhanced Privacy

Safety Contact

If you believe we have inadvertently collected data from a child, contact us immediately.

childsafety@fyboard.com
1-800-FYBOARD-SAFE

11. Policy Updates

How we manage and communicate changes

Privacy is dynamic. We update our policies to reflect new features and legal requirements, ensuring you stay informed.

Our Update Philosophy

We are committed to maintaining transparent, timely, and user-centric policy updates that respect your privacy rights while adapting to evolving legal requirements and technological advances.

Transparency First

Before/after comparison views for all changes.

Advance Notice

30-day warning for material updates.

User Choice

Granular consent options for new processing.

Material Changes

Significant modifications affecting user rights or data processing.

30-day notice + explicit consent

Administrative

Clarifications, contact info, and minor operational changes.

7-day notice via standard channels

Legal Compliance

Changes required by new laws (GDPR, CCPA) or court orders.

Immediate with explanation

Security

Updates to improve security, safety, or data protection.

Immediate with user education

12. Contact us

Questions, concerns, or rights requests

Our dedicated privacy team is available to assist you. We aim to respond to all inquiries within 48 hours.

Privacy Team

General privacy questions and policy clarifications.

privacy@fyboard.com

Data Rights

Access, deletion, and portability requests.

data-requests@fyboard.com

Complaints

Privacy violations and formal concerns.

privacy-complaints@fyboard.com

DPO (EU/EEA)

GDPR compliance and data protection matters.

dpo@fyboard.com

Office Location

HQ Address

Fybyte Technology Private Limited

Sector Sigma-01, Greater Noida

Uttar Pradesh, India 201305

Details

IST (UTC+5:30)

Mon - Fri, 9 AM - 6 PM

By using Fyboard, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. Your privacy is our priority.

© 2026 Fybyte Technology Private Limited

TermsCookiesContact