For privacy questions or to exercise your rights, contact our Data Protection Officer at privacy@fsckmsft.org.
1. Who we are
fsckmsft, Inc. (“fsckmsft”, “we”, “us”) operates the SaaS platform available at fsckmsft.org. For the purposes of EU/UK GDPR, fsckmsft acts as the data controller for personal data collected directly from users (account data, usage data), and as a data processor for customer data uploaded or created within the platform.2. Data we collect
2.1 Account data
When you create an account, we collect:- Name and email address
- Password (stored as a salted hash — never in plaintext)
- Profile photo (optional)
- Organisation name and job title (optional)
- Billing information (name, address, payment method details — see Payment Data below)
2.2 Usage data
When you use the Service, we automatically collect:- Log data: IP address, browser type and version, operating system, referring URL, pages visited, timestamps
- Device identifiers and session tokens
- Feature usage events (e.g. documents created, automations run, exports requested)
- Performance and error telemetry (crash reports, API response times)
2.3 Payment data
Payment card details are collected and processed by Stripe, our payment processor. fsckmsft never stores full card numbers or CVVs. We retain billing metadata: plan tier, billing address, transaction history, and invoice records.2.4 Communications data
If you contact support or communicate with our team, we retain records of those communications (emails, chat transcripts) to provide support and improve the Service.2.5 Customer data
Content you create within fsckmsft — projects, tasks, documents, automation workflows — is your data. We process it solely to provide the Service and do not use it for our own commercial purposes.3. How we use your data
We use your personal data for the following purposes:| Purpose | Legal basis (EU GDPR) |
|---|---|
| Providing and maintaining the Service | Contract performance |
| Authenticating your identity and securing your account | Contract performance / Legitimate interests |
| Processing payments and managing your subscription | Contract performance |
| Sending transactional emails (invoices, password resets, export notifications) | Contract performance |
| Providing customer support | Contract performance / Legitimate interests |
| Monitoring service performance and diagnosing errors | Legitimate interests |
| Improving the platform through aggregate usage analytics | Legitimate interests |
| Sending product updates and marketing communications | Consent (opt-out available at any time) |
| Complying with legal obligations | Legal obligation |
Marketing communications
If you opt in to marketing emails, we may send you product news, feature announcements, and tips. You can opt out at any time by clicking the unsubscribe link in any marketing email or going to Account Settings → Notifications → Marketing Emails.4. Data sharing
We do not sell your personal data. We share data only in the following circumstances:4.1 Subprocessors
We engage trusted third-party subprocessors to operate the Service. See our complete Subprocessors list for details. All subprocessors are contractually bound to process data only on our instruction and to maintain appropriate security standards.4.2 Legal requirements
We may disclose your data if required to do so by law, regulation, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of fsckmsft, our users, or the public.4.3 Business transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you via email and in-app notice before your data is transferred and becomes subject to a different privacy policy.4.4 With your consent
We may share your data with third parties when you explicitly consent to such sharing.5. Data retention
We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:| Data type | Retention period |
|---|---|
| Account data | Duration of account + 30-day grace period post-deletion |
| Usage logs | 90 days rolling |
| Payment and billing records | 7 years (legal/tax compliance) |
| Support communications | 3 years from last interaction |
| Audit logs | 1 year |
| Backups containing personal data | Cycled out within 90 days of account deletion |
6. Your rights
Depending on your location, you may have the following rights over your personal data:Right of access
Right of access
Request a copy of the personal data we hold about you. We will respond within 30 days. Submit requests to privacy@fsckmsft.org or use the data export feature in Settings → Data & Privacy.
Right to correction
Right to correction
Request that we correct inaccurate or incomplete personal data. You can update most account data directly in Account Settings. Contact privacy@fsckmsft.org for data you cannot update yourself.
Right to deletion (right to be forgotten)
Right to deletion (right to be forgotten)
Request that we delete your personal data. See Delete Your Account for the self-service process, or email privacy@fsckmsft.org for targeted deletion requests. Some data may be retained to comply with legal obligations.
Right to data portability
Right to data portability
Request your personal data in a structured, machine-readable format. Use the Export Data feature to export your workspace data in JSON format at any time.
Right to restrict processing
Right to restrict processing
Request that we restrict processing of your data in certain circumstances, such as while you contest its accuracy. Email privacy@fsckmsft.org with your request.
Right to object
Right to object
Object to processing based on legitimate interests, including for direct marketing purposes. You can unsubscribe from marketing at any time. For other objections, email privacy@fsckmsft.org.
Right to withdraw consent
Right to withdraw consent
Where processing is based on consent (e.g. marketing emails), you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
EU/UK residents: You have the right to lodge a complaint with your national Data Protection Authority (DPA) if you believe we have processed your data unlawfully. Find your local DPA at edpb.europa.eu.
7. Cookies
fsckmsft uses cookies and similar tracking technologies to operate the Service and understand how it’s used.| Cookie type | Purpose | Can be disabled? |
|---|---|---|
| Essential cookies | Authentication, session management, security | No — required for the Service to function |
| Preference cookies | Remember your UI settings and language | Yes — clearing cookies resets preferences |
| Analytics cookies | Aggregate usage analytics (no personal ad tracking) | Yes — via the cookie preference centre |
| Third-party cookies | Set by embedded third-party services (e.g. support widget) | Yes — via the cookie preference centre |
8. Data transfers
fsckmsft stores data on AWS infrastructure in the United States by default. For customers who require data residency in the EU or APAC, see Regional Data Residency. When transferring personal data from the EU/EEA or UK to the United States, we rely on Standard Contractual Clauses (SCCs) as the legal transfer mechanism. A copy of our SCCs is available upon request from legal@fsckmsft.org.9. Security
fsckmsft implements industry-standard technical and organisational security measures to protect your personal data, including:- Encryption of data at rest (AES-256) and in transit (TLS 1.2+)
- Role-based access controls for internal staff
- Multi-factor authentication required for all employees with access to production systems
- Annual third-party penetration testing
- SOC 2 Type II compliance (report available on request)