Fractic Website - Privacy Policy

This policy applies to the public fractic.io website and related web pages (not the mobile apps).

Effective date: August 14, 2025.

1) Who We Are (Data Controller)

Fractic Inc.
WeWork c/o Fractic Inc., 10F, 373, Gangnam-daero, Seocho-gu, Seoul, 06621 (Korea)
Email: legal@fractic.io

Chief Privacy Officer (개인정보 보호책임자):
Mart Adriaan van Buren (CEO)
Email: mart@fractic.io

2) What We Collect

We take only what’s needed to run the site, measure usage if you allow it, and — if you opt in — send a newsletter.

A) Required to load and use the website (no consent needed).

Anonymous/pseudonymous data stored in your browser (cookies/local storage):

• Language preference.
• Cookie consent choice.
• Basic UI state (e.g., session-only scroll/expand state).

Personal data: none (although IP address, user-agent, request metadata, etc., may of course appear in temporary server logs).

Sensitive personal data: none.

Why: keep the site working and remember preferences.

B) With additional, explicit consent.

• Analytics cookies + browser info + IP address — page views, referrers, device/OS, and other usage stats. Tool: Google Analytics.

• Email address — only if you subscribe to the newsletter, to send it and handle subscription notices.

Sensitive personal data: none.

C) Special cases.

• Support emails/feedback. If you email us, we store your message and address on email servers in Ireland. Retention: 1 year (follow-up, support quality, business continuity). To exercise rights for this mailbox: legal@fractic.io.

3) How We Collect Consent

• Analytics: shown in a banner where you can Accept or Decline. We do not run analytics unless you Accept. If you later want to withdraw, clear your cookies (or block cookies for this site in your browser).
• Newsletter: you submit your email and confirm subscription. Unsubscribe any time via the link in a newsletter; we delete the subscription record (subject to short operational delays).
• Essentials: the site sets strictly necessary cookies/local storage without consent; blocking them may break basic functionality.

Withdrawal does not affect prior lawful processing.

4) Why We Process Data (Purposes & Legal Bases)

Mapped to GDPR (EU) and PIPA (Korea).

• Core website functionality. Minimal preferences and UI state. Legal basis: performance of a contract (provide the site you asked for).

• Analytics (optional). If you consent, measure usage to improve content/performance. Legal basis: consent.

• Newsletter (optional). Use your email to deliver the newsletter and subscription-related notices. Legal basis: consent (marketing), performance of a contract (operational notices).

We do not do automated decision-making or profiling with legal/similarly significant effects.

5) Third Parties (Processors)

• Google Analytics — website analytics as our processor for measurement. We do not permit use for Google’s own advertising.
• Amazon Web Services (AWS) — hosting/back-end as our processor.

We do not sell personal data. We do not run third-party advertising trackers.

6) International Data Transfers

• Fractic-collected website data is stored in Korea and may be replicated to AWS in Ireland for reliability/low latency. Deletions/updates propagate across regions.
• Google Analytics data is processed under Google’s terms and may be stored or processed outside your country to provide the service. Google applies transfer safeguards required by law.

Your GDPR/PIPA rights apply regardless of region.

7) Retention

• Newsletter email: kept while subscribed (deleted on unsubscribe, with short operational delays).
• Analytics: may be retained indefinitely in aggregated/anonymized form.
• Support emails: 1 year.
• Cookie preferences/language: until you clear them or they expire.

When retention ends, we delete or irreversibly anonymize the data.

8) Your Rights and Controls (GDPR & PIPA)

• Access, rectify, erase, or restrict certain processing.

• Object to processing where applicable (e.g., analytics).

• Data portability (for data you provided, like your email).

• Withdraw consent at any time:

  • Analytics: clear your cookies or block cookies for this site in your browser.
  • Newsletter: click unsubscribe in any newsletter email.

• Complain to your local authority (EU Data Protection Authority or Korea PIPC).

To exercise rights or ask questions: legal@fractic.io. We’ll authenticate and respond within legal timelines.

9) Security

We use AWS controls and standard technical/organizational measures (TLS, access control, logging). If a breach meets legal notification thresholds, we’ll notify you and regulators as required.

10) Children

This site isn’t directed to children (including under 14 in Korea and up to 16 in parts of the EU). If a child’s personal data reaches us (e.g., via email), contact legal@fractic.io so we can delete it or obtain required consent.

11) What We Don’t Do

• No sensitive personal data collection.
• No sale of personal data.
• No third-party advertising cookies or cross-site tracking beacons.
• No analytics without explicit consent.

12) Changes to This Policy

If we change this policy or add new optional processing, we’ll update this page. If there are substantial changes, we will show the consent banner again.

13) How to Contact Us

Controller: Fractic Inc. — legal@fractic.io
CPO: Mart Adriaan van Buren — mart@fractic.io
Address: WeWork c/o Fractic Inc., 10F, 373, Gangnam-daero, Seocho-gu, Seoul, 06621 (Korea)

If anything here conflicts with local law, the law controls. Otherwise, this is the full statement of how we handle data on our website.