Privacy Policy

No data sold

We never sell your data to advertisers or brokers

No ad cookies

Only session cookies needed for login

Right to delete

Request deletion of your personal data anytime

No spam

Only transactional and essential emails

1. Who We Are

This Privacy Policy applies to the Fontiex platform operated by Grandfleet, a limited liability partnership registered in Kasargod, Kerala, India (DPIIT Startup Recognised). References to "we", "us", or "our" mean Grandfleet. Our data controller contact is: privacy@fontiex.com.

2. Data We Collect

We collect information you provide directly: name, email address, CBAN identifier, and payment details when you register or top up. We collect data generated by your use of the Platform: FNX credit balance and transaction history, bookings and service usage, login timestamps and session data, and device/browser information for security purposes. We do not collect sensitive personal data such as biometric data, health information, or political opinions.

3. How We Use Your Data

We use your personal data to: create and manage your CBAN account; process FNX credit top-ups and bookings; send transactional emails (booking confirmations, payment receipts, account alerts); comply with legal obligations including anti-money laundering (AML) and know-your-customer (KYC) requirements where applicable; improve the Platform through aggregated, anonymised analytics; and communicate material changes to these terms or our services. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

4. Legal Basis for Processing

For members in the European Union or European Economic Area, we process your data under the following lawful bases (GDPR Art. 6): Contract performance — to deliver the membership services you signed up for; Legal obligation — KYC, AML, and tax record-keeping requirements; Legitimate interests — platform security, fraud prevention, and service improvement; Consent — for marketing communications, which you may withdraw at any time.

5. Data Sharing

We share your data with: Supabase (database and authentication infrastructure, hosted in the EU); Stripe (payment processing, governed by Stripe's own privacy policy); Wise / TransferWise (international payment processing where applicable); service partners only to the extent necessary to fulfil your booking (e.g., sharing your name with a co-working venue). We do not sell your personal data to third parties. We do not share your data with advertisers. We may disclose data where required by law or court order.

6. Data Retention

We retain your account data for the duration of your membership and for the applicable refund window of your plan tier (6 months for Free; 2 years for Starter; 5 years for Pro; 10 years for Enterprise) after account closure, to process potential refund requests. Financial transaction records are retained for 7 years to meet statutory accounting and tax obligations. You may request earlier deletion of non-financial personal data by contacting privacy@fontiex.com, subject to our legal retention obligations.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data: Access — request a copy of the personal data we hold about you; Rectification — request correction of inaccurate data; Erasure — request deletion of your personal data (subject to legal retention requirements); Portability — receive your data in a structured, machine-readable format; Objection — object to processing based on legitimate interests; Restriction — request that we limit how we use your data. To exercise any of these rights, email privacy@fontiex.com with "Data Rights Request" in the subject line. We will respond within 30 days.

8. Cookies & Tracking

We use strictly necessary cookies to maintain your session after login. We do not use advertising cookies or third-party tracking pixels. Our analytics (if any) use anonymised, aggregated data only. You may disable cookies in your browser settings, but doing so will prevent you from staying logged in to the Platform.

9. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted storage of credentials via Supabase Auth (bcrypt), row-level security (RLS) on all database tables, and automatic session timeout after 5 minutes of inactivity. No system is completely secure. If you believe your account has been compromised, contact security@fontiex.com immediately. We will notify you of any data breach affecting your personal data within 72 hours of becoming aware, as required by applicable law.

10. International Transfers

Your data may be processed in countries outside India, including the European Union (Supabase infrastructure) and the United States (Stripe). Where data is transferred outside India, we ensure appropriate safeguards are in place, including Standard Contractual Clauses where required by EU law. By using the Platform, you acknowledge and consent to these transfers as necessary to provide the service.

11. Children

The Fontiex Platform is not directed at persons under the age of 18. We do not knowingly collect personal data from children under 18. If you believe a child has registered on our platform, please contact us at privacy@fontiex.com and we will delete the account promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email and by notice on the Platform at least 14 days before material changes take effect. The effective date at the top of this page will always reflect the latest version.

13. Contact & Complaints

For any privacy-related questions or to exercise your data rights, contact: privacy@fontiex.com. If you are based in the EU/EEA and believe we have not handled your data lawfully, you have the right to lodge a complaint with your local data protection authority (e.g., the Dutch Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl).