Skip to main content

Data Privacy

Fanfare is committed to protecting consumer privacy and helping you comply with data protection regulations.

Privacy by Design

Fanfare implements privacy by design principles:
  • Data minimization: We collect only what’s necessary
  • Purpose limitation: Data used only for stated purposes
  • Storage limitation: Automatic data retention policies
  • Transparency: Clear documentation of data practices

Data Collection

Consumer Data

DataPurposeRetention
Email addressAuthentication, notificationsAccount lifetime
Phone number (optional)OTP authenticationAccount lifetime
Device fingerprint hashFraud preventionSession + 30 days
Queue activityService delivery90 days
Purchase historyOrder managementAs required by law

What We Don’t Collect

  • Precise geolocation
  • Browsing history
  • Social media profiles
  • Financial information (handled by payment providers)
  • Detailed device specifications

SDK Data Collection

The Fanfare SDK collects minimal data: 
// Data included in SDK requests
{
  sessionId: "sess_...",        // Anonymous session
  fingerprint: "hash...",       // Device hash (not specifications)
  timestamp: "2024-...",        // Request timing
  userAgent: "Mozilla/...",     // Browser identification
}
To minimize collection further: 
const client = new FanfareClient({
  publishableKey: "pk_live_...",
  privacy: {
    collectFingerprint: true, // Set to false if not needed
    collectUserAgent: true, // Set to false if not needed
  },
});

GDPR Compliance

Lawful Basis

Fanfare processes data under these lawful bases:
Processing ActivityLawful Basis
Account managementContract performance
Queue participationContract performance
Fraud preventionLegitimate interest
Marketing (opt-in)Consent
AnalyticsLegitimate interest

Consumer Rights

Fanfare supports all GDPR consumer rights:

Right to Access

Consumers can request their data

Right to Rectification

Consumers can correct their data

Right to Erasure

Consumers can request deletion

Right to Portability

Consumers can export their data

Implementing Consumer Rights

Data Access Requests

// Retrieve consumer data
const response = await fetch(`https://admin.fanfare.io/api/consumers/${consumerId}/data`, {
  headers: {
    Authorization: `Bearer ${secretKey}`,
  },
});

const consumerData = await response.json();
// Returns all data associated with the consumer

Data Deletion Requests

// Delete consumer data (GDPR right to erasure)
const response = await fetch(`https://admin.fanfare.io/api/consumers/${consumerId}`, {
  method: "DELETE",
  headers: {
    Authorization: `Bearer ${secretKey}`,
  },
});

// Consumer data is queued for deletion
// Some data may be retained for legal requirements
Deletion requests are processed within 30 days. Some data may be retained longer for legal compliance (e.g., transaction records for tax purposes).

Data Processing Agreement

Fanfare provides a Data Processing Agreement (DPA) for EU customers:
  1. Download the DPA from your dashboard
  2. Sign and return to [email protected]
  3. We’ll countersign and return a copy

CCPA Compliance

California Consumer Rights

Fanfare supports CCPA requirements:
  • Right to Know: What data is collected
  • Right to Delete: Request data deletion
  • Right to Opt-Out: No sale of personal information
  • Non-Discrimination: Equal service regardless of privacy choices

Do Not Sell

Fanfare does not sell personal information. Our business model is subscription-based, not data-driven.

Privacy Controls

Organization-Level Settings

Configure privacy settings for your organization: 
// Dashboard settings or API configuration
const privacySettings = {
  dataRetention: {
    consumerActivity: 90, // days
    auditLogs: 365, // days
    deletedData: 30, // days before permanent deletion
  },
  collection: {
    deviceFingerprint: true,
    ipAddress: false, // Disable IP logging
  },
  marketing: {
    requireExplicitConsent: true,
    doubleOptIn: true,
  },
};

Consumer-Level Controls

Allow consumers to manage their privacy: 
// Consumer privacy preferences
const preferences = {
  marketingEmails: false,
  activityTracking: true,
  dataSharing: false,
};

await client.consumers.updatePreferences(consumerId, preferences);

SDK Cookies

The Fanfare SDK uses cookies for session management:
CookiePurposeDurationType
fanfare_sessionSession IDSessionEssential
fanfare_consentConsent state1 yearEssential
Implement cookie consent for your integration: 
// Check consent before initializing SDK
if (hasConsentForEssentialCookies()) {
  const client = new FanfareClient({
    publishableKey: "pk_live_...",
  });
}

Data Transfers

International Transfers

Fanfare processes data in the United States. For EU data:
  • Standard Contractual Clauses: Included in our DPA
  • Data localization: EU-only processing available for Enterprise
  • Adequacy decisions: We follow applicable frameworks

Sub-Processors

Fanfare uses these sub-processors:
ProviderServiceLocation
AWSInfrastructureUS/EU
CloudflareCDN, SecurityGlobal
ResendEmail deliveryUS
TwilioSMS deliveryUS
Current sub-processor list available in your dashboard.

Security Measures

Technical Measures

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Access controls: Role-based, audit logged
  • Anonymization: PII hashed where possible
  • Pseudonymization: Consumer IDs instead of direct identifiers

Organizational Measures

  • Employee training on data protection
  • Background checks for data handlers
  • Incident response procedures
  • Regular security audits

Data Breach Response

Our Commitment

In case of a data breach affecting your consumers:
  1. Detection: Continuous monitoring
  2. Assessment: Within 24 hours
  3. Notification: Within 72 hours if required
  4. Remediation: Immediate action
  5. Documentation: Full incident report

Your Responsibilities

As a data controller, you should:
  • Notify affected consumers if required
  • Report to supervisory authorities if required
  • Document the breach and response
  • Update security measures as needed

Privacy Resources

Documentation

Support

For privacy-related inquiries: