Privacy Policy

Effective Date: February 1, 2026

This Privacy Policy describes how Farnaus Technologies LLC ("Farnaus," "we," "us," or "our") collects, uses, discloses, and safeguards information when you access or use farn-tech.com and any subdomains, applications, APIs, portals, dashboards, beta/pre-release offerings, and related services we own or operate (collectively, the "Services").

1) Scope: Public Apps + Business/MSP Services

This Policy applies to:

  • Marketing site(s) and informational pages on farn-tech.com
  • Public applications (no separate MSA) where users accept our Terms when using the software
  • Beta/preview/dev environments and production applications
  • Support channels (tickets, email, chat, phone) and troubleshooting artifacts
  • Professional services / managed services (MSP) delivered to business clients

If you are a business client and we provide Professional Services under a signed agreement (e.g., MSA/SOW/Service Order), that agreement may include additional privacy, security, and data-handling terms. If there is a conflict between that agreement and this Policy, the signed agreement controls for that business relationship.

2) Important Role Clarification (Controller vs. Processor)

Depending on context, Farnaus Technologies may act as:

  • Controller for data collected to run our marketing site, operate our public apps, manage accounts, billing inquiries, and our own business operations.
  • Processor / Service Provider for Customer Data when we provide Services to a business client (including MSP work) under client instructions.

These role concepts are used in many privacy laws (including GDPR). Under GDPR, a controller determines the purposes/means of processing and a processor processes on behalf of the controller. We reflect those concepts here.

3) Information We Collect

3.1 Information you provide directly

  • Contact & account information: name, email, phone, company, role/title, username, profile info.
  • Authentication data: SSO identifiers, MFA status, access logs related to sign-in (we do not want your passwords; if passwords exist, they are stored as salted hashes).
  • Support communications: tickets, emails, chat transcripts, call notes, attachments, screenshots, and logs you provide.
  • Application data you submit: data, text, files, configurations, and other content stored privately within your account or organization ("User Content").

3.2 Information collected automatically (website/app telemetry)

  • Identifiers & device data: IP address, browser type, device type, OS version, language, approximate location derived from IP.
  • Usage data: pages/screens viewed, feature usage, clicks/events, timestamps, referring URLs.
  • Security & audit logs: login events, administrative actions, API calls, error logs, performance metrics.

3.3 MSP / Professional Services data (business clients)

When you engage us for Professional Services (including MSP work), we may access systems and data as reasonably necessary to deliver the requested scope, including:

  • Endpoint/system data: device names, hardware/software inventory, patch status, configuration state, security telemetry, event logs.
  • Identity/admin data: tenant configuration, directory metadata, administrative audit logs, access policy settings.
  • Email system metadata: message trace metadata, mail flow/security settings, headers/logs, and anti-spam/security events as needed for troubleshooting.
  • Remote support artifacts: session metadata, actions performed, scripts, configuration changes, and troubleshooting outputs.

Note: Troubleshooting may incidentally expose content visible on-screen or present in logs (including email content or file names). We minimize access and use such information only as needed to provide the services or as required by law.

3.4 Information from third parties

  • Infrastructure providers: hosting, storage, backups, monitoring.
  • Analytics providers: site/app usage measurement (where enabled).
  • Identity providers: if you use SSO (e.g., Microsoft/Google/Okta), we receive identifiers and authentication signals.
  • Security providers: alerting, logging, endpoint/security tooling used to secure the Services.

4) How We Use Information

We use information to:

  • Provide, operate, maintain, and improve the Services
  • Authenticate users, manage accounts, and enforce access controls
  • Provide support and respond to requests
  • Perform security monitoring, fraud prevention, abuse detection, and incident response
  • Measure performance and reliability; debug and fix issues
  • Communicate with you about updates, security notices, and policy changes
  • Send marketing communications where permitted (you can opt out)
  • Comply with legal obligations and enforce agreements

5) Cookies and Similar Technologies

We use cookies/local storage/SDKs and similar technologies for essential functionality, security, preferences, and (if enabled) analytics. You can control cookies via browser settings. Disabling cookies may impact functionality.

6) How We Disclose (Share) Information

We disclose information only as needed:

  • Service providers (processors): hosting, storage, logging/monitoring, analytics, support tooling, communications.
  • Business client instructions: when we process Customer Data on behalf of a business client as part of Professional Services.
  • Integrations you enable: if you connect third-party services, we share data as configured by you.
  • Legal/safety: to comply with law, lawful requests, court orders, or to protect rights/safety and investigate fraud or security incidents.
  • Business transfers: in a merger, acquisition, financing, reorganization, or sale of assets (with appropriate safeguards).

No "sale" of personal information: We do not sell your personal information in the ordinary sense. Some jurisdictions define "sale" or "share" broadly (e.g., certain targeted advertising). If we ever engage in such practices, we will provide any required opt-out mechanisms.

7) Sensitive Data and Special Notices

  • No public posting: Our apps are designed for private, account-scoped interaction. Do not submit data you do not have the right to submit.
  • Biometrics (Illinois BIPA): We do not intentionally collect biometric identifiers (e.g., fingerprints, face scans) unless a Service explicitly says it does. If we ever do, we will provide the notices/consents required under applicable law, including Illinois BIPA.
  • Health data: Do not submit Protected Health Information (PHI) unless we have a signed Business Associate Agreement (BAA). Separately, certain "health apps" and similar technologies may be subject to FTC breach notification requirements even outside HIPAA contexts.
  • Payment data: If/when we accept payments, payment card data is typically handled by a PCI-compliant payment processor; we do not intend to store full card numbers.

8) Data Retention

We retain information for as long as reasonably necessary to provide the Services, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type (support logs vs. account data vs. MSP artifacts). We may retain aggregated or de-identified information longer.

9) Security

We implement reasonable administrative, technical, and physical safeguards designed to protect information (access controls, least privilege, logging/monitoring, and encryption in transit where feasible). No method of transmission or storage is 100% secure.

10) Your Privacy Rights (U.S. States + Global)

Privacy laws vary by location and continue to expand across U.S. states. Depending on your jurisdiction, you may have rights to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Delete personal information (subject to exceptions)
  • Obtain a copy of personal information (data portability)
  • Opt out of certain processing (e.g., targeted advertising in some jurisdictions)
  • Limit certain uses/disclosures of sensitive personal information where applicable

We will not discriminate against you for exercising applicable rights. If you are using the Services through a business client (MSP context), please direct requests to that business client first; we will assist them as required.

10.1 How to submit a request

Email privacy@farn-tech.com with your request. We may need to verify identity/authority before processing.

11) International Users (Including EEA/UK)

If you access the Services from outside the United States, your information may be processed in the United States and other locations where we or our providers operate. Where required (e.g., GDPR), we use appropriate safeguards for cross-border transfers and processor arrangements for Customer Data.

12) Children's Privacy

The Services are not intended for children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

13) Changes to this Policy

We may update this Policy from time to time. We will revise the Effective Date above and may provide additional notice if changes are material. Your continued use of the Services after the Effective Date means you accept the updated Policy.

14) Contact

Farnaus Technologies LLC
Privacy: privacy@farn-tech.com
Support: support@farn-tech.com