Phinite Privacy Policy
AI Agent Orchestration Platform for Enterprise
Effective Date: February 28, 2026
This Privacy Policy explains how Fastr Tech Inc. d/b/a Phinite ("Phinite", "we", "us", or "our") collects, uses, shares, and protects information about you when you access or use our AI agent orchestration platform, including the Phinite Aura copilot, Developer Studio, and all related services (collectively, the "Services").
Phinite holds a SOC 2 Type II certification and applies GDPR principles to all users. This Policy also addresses CCPA/CPRA and the EU AI Act where relevant to our platform.
1. Who We Are and How to Contact Us
Phinite is an AI agent orchestration platform built for enterprise teams.
Legal Entity: Fastr Tech Inc. d/b/a Phinite
State of Incorporation: Delaware, United States
Privacy Lead Contact: privacy@phinite.ai
Website: https://phinite.ai
For privacy or data subject requests:
Response timelines:
30 days for GDPR-aligned requests
45 days for CCPA requests
2. Scope of This Policy
This Policy applies to:
Visitors to phinite.ai and subdomains (app.phinite.ai, docs.phinite.ai)
Registered users and account holders
Enterprise customers and their authorized users
Beta program participants
Partners, vendors, and third parties interacting with Phinite
This Policy Does NOT Apply To
Data processed on behalf of enterprise customers (covered by the DPA)
Third-party services integrated with the platform
Phinite employees and contractors
Enterprise Customer Note
When enterprises build AI agent workflows, Phinite acts as a data processor, while the customer is the data controller.
Phinite:
Processes data only under customer instructions
Does not use this data to train AI models
3. Information We Collect
We collect information in three ways:
Information you provide
Information collected automatically
Information from third parties
3.1 Information You Provide Directly
Account and Identity Information
Full name
Job title and role
Work email and password (hashed)
Phinite organization name
LinkedIn profile URL
GitHub or portfolio URL (beta vetting)
Organization and Professional Information
Company name, size, industry
Country
Position and seniority
Use case description
Automation tool preferences
Billing information (handled by Stripe)
Platform Content and Workflow Data
Agent workflow configurations
Prompts and orchestration logic
Phinite Aura copilot conversations
API credentials and integration configs
Files and documents uploaded
Support communications
3.2 Information Collected Automatically
Usage and Analytics Data
IP address
Browser type
Operating system
Pages visited
Feature usage
Workflow execution counts
API call volumes
Performance metrics
Session identifiers
Device and Technical Information
Device type
Screen resolution
OS version
Browser fingerprinting for security
Timezone and locale
Cookies and Tracking Technologies
Types used:
Strictly Necessary Cookies
Authentication and securityFunctional Cookies
Preferences and settingsAnalytics Cookies
Usage insights
Phinite does not use advertising cookies.
3.3 Information From Third Parties
Data may be received from:
SSO providers
Google
Microsoft
Okta
LinkedIn public profile data
Stripe payment confirmation data
4. How We Use Your Information
4.1 Providing and Operating the Services
We use your information to:
Create and manage accounts
Authenticate users
Execute AI agent workflows
Operate Phinite Aura copilot
Deliver Developer Studio features
Provide support
Lawful Basis
Contract performance
Legitimate interest
4.2 Beta Program Management
Used for:
Reviewing beta applications
Verifying identity
Managing waitlists
Communicating onboarding
Lawful Basis
Legitimate interest
Pre-contractual steps
4.3 Compliance, Security, and Fraud Prevention
Includes:
Monitoring for unauthorized access
Maintaining SOC 2 audit logs
Detecting prompt injection attacks
Enforcing Terms of Service
Responding to legal requests
Lawful Basis
Legal obligation
Legitimate interest
4.4 Platform Improvement
Used for:
Aggregated analytics
Product improvement
Reliability research
Important commitment:
Phinite does NOT use workflow data, prompts, or agent outputs to train AI models.
4.5 Communications
Includes:
Account emails
Security alerts
Product announcements
Research invitations
Email provider:
Google SMTP
5. How We Share Your Information
Phinite does not sell personal data.
5.1 Within Phinite
Access is limited to employees who need it, under role-based access control.
5.2 Service Providers (Sub-Processors)
Current sub-processors include:
Category | Provider |
|---|---|
Cloud Infrastructure | Google Cloud Platform |
Secrets Management | HashiCorp Vault |
Monitoring | Grafana / Tempo / Loki |
Payment Processing | Stripe |
Email Delivery | Google SMTP |
Data Storage | MongoDB |
All are prohibited from using data for their own purposes.
5.3 AI Model Providers
If your workflows call external models:
OpenAI
Anthropic
Google Gemini
Your prompts may be sent to those APIs.
This happens only based on your configuration.
5.4 Enterprise Customers
Enterprise administrators may access:
Account activity
Workflow configurations
Usage data
5.5 Business Transfers
If Phinite undergoes:
Merger
Acquisition
Asset sale
Data may transfer to the acquiring company.
Users will be notified beforehand.
5.6 Legal Requirements
Information may be disclosed to:
Comply with laws
Enforce terms
Protect user safety
Respond to emergencies
6. Data Retention
Data Type | Retention |
|---|---|
Account Data | Active subscription + 90 days |
Audit Logs | 12 months (standard) / 36 months (enterprise) |
Beta Applications | 12 months |
Billing Records | 7 years |
Support Tickets | 24 months |
Marketing Data | Until opt-out |
Users may request a data export upon account termination.
7. Data Security
Phinite maintains SOC 2 Type II certified infrastructure on Google Cloud Platform.
7.1 Technical Safeguards
TLS 1.2+ encryption in transit
AES-256 encryption at rest
Secrets stored in HashiCorp Vault
Zero-trust access controls
VPC isolation
WAF and DDoS protection
Rate limiting
Continuous security scanning
7.2 Organizational Safeguards
Role-based access controls
Employee security training
Third-party security audits
Vendor risk management
7.3 AI-Specific Security
Includes:
Prompt injection detection
AI API rate limiting
Agent iteration limits
Dev/UAT/Prod isolation
Agent execution audit logs
8. Your Privacy Rights
Phinite applies GDPR-style rights to all users.
8.1 Rights for All Users
Users may request:
Access to their data
Correction of data
Deletion of data
Restriction of processing
Data portability
Objection to processing
Withdrawal of consent
Requests can be sent to:
8.2 CCPA / CPRA Rights
California residents have rights including:
Right to know
Right to delete
Right to correct
Right to opt out of data sale
Non-discrimination
Phinite does not sell personal data.
8.3 Other US State Laws
Residents of states such as:
Virginia
Colorado
Connecticut
Texas
have similar rights.
8.4 Exercising Your Rights
Requests handled by:
Response time:
30 days standard
9. International Data Transfers
Phinite infrastructure is hosted in the United States (GCP US-Central-1).
9.1 EU and UK Beta Users
EU/UK users agree that their data may be processed in the US.
Transfers rely on:
EU Standard Contractual Clauses (SCCs)
Future roadmap includes EU data residency options.
9.2 Transfer Mechanisms
Transfers rely on:
EU SCCs
UK International Data Transfer Agreements
Enterprise customers may request custom arrangements.
10. Children's Privacy
Phinite services are not intended for individuals under 16.
If a minor's data is discovered, it will be deleted.
11. AI-Specific Privacy Provisions
11.1 Agent Workflow Data
Agent workflows process:
Prompts
Retrieved tool data
AI outputs
Execution logs
Execution logs retained 90 days.
11.2 Phinite Aura Copilot
Aura interactions:
May send prompts to LLM providers
Stored in MongoDB
Not used for model training
11.3 No AI Training on Customer Data
Phinite never trains AI models on customer data.
If this policy ever changes:
Users receive 90 days notice
Explicit opt-in consent required
11.5 Automated Decision Making
Phinite does not make automated decisions affecting individuals without human oversight.
Enterprise customers remain responsible for compliance.
11.6 EU AI Act
Phinite supports:
Audit logging
Documentation
Human oversight
Compliance updates will follow EU AI Act implementation (Aug 2026).
12. Cookies
Cookie categories used:
Type | Purpose |
|---|---|
Strictly Necessary | Authentication and session management |
Functional | Preferences and workspace settings |
Analytics | Platform usage insights |
Phinite does not use advertising cookies.
13. Third-Party Integrations
Users may connect tools such as:
Slack
GitHub
Salesforce
Notion
Asana
PostgreSQL
When enabled:
Phinite interacts with those services
Data flows depend on user configuration
Third-party privacy policies apply
14. Data Processing Agreements
Enterprise customers may request a Data Processing Agreement (DPA) covering:
Processor obligations
Security measures
Breach notification
Data deletion
Request via:
15. Changes to This Privacy Policy
Phinite may update this policy periodically.
For major changes:
30 days advance notice
Notification via email or product UI
16. Contact Us
Privacy inquiries:
Legal inquiries:
Security reporting:
EU users may contact their local Data Protection Authority if issues remain unresolved.
Phinite Privacy Policy
https://phinite.ai/legal/privacy
Monday, 16 March 2026