DRAFT — for legal review. Not yet legal advice. Counsel to finalize before publishing. Effective date: TBD.

Fae Intelligence · Root Cause Analyzer

Privacy Policy

1. Scope and our roles

The Root Cause Analyzer is a business tool offered by Fae Intelligence. We handle data in two distinct roles:

Processor — for investigation content (problem descriptions, answers, uploaded documents) that you or your organization submit. You control this data; we process it only to provide the service and on your instructions.
Controller — for account, contact, and usage data (e.g., your email address, session activity, basic logs) that we collect to operate, secure, and improve the service.

2. Information we collect

Investigation content you provide: problem descriptions, answers, and uploaded documents.
Contact information you provide, such as your email address.
Usage data needed to operate and secure the service: session activity, basic logs, and device/browser information in those logs.

3. How we use information

To run your root cause investigation, generate guidance and 8D reports, and save your sessions so you can return to them.
To operate, secure, support, and improve the service. "Improve" means using account and aggregated usage data (e.g., feature usage, error rates) — we do not use your investigation content or uploaded documents to improve the service or to train AI models.
To communicate with you about the service.

4. Legal bases (where GDPR or similar laws apply)

Where applicable: performance of a contract (providing the service), legitimate interests (security, service operation and improvement), legal obligation (compliance with law), and consent where we ask for it.

5. Sharing

We share data only:

With sub-processors required to deliver the service: Anthropic (Claude AI model, via its commercial API, which does not use submitted data to train models) and Google Cloud / Firebase (hosting and storage). Sub-processors are bound by data protection obligations. We will update this list if sub-processors change; organizations with a DPA will be notified of changes.
When required by law — to comply with a valid legal obligation, court order, or governmental request, or to protect rights, safety, or the service. Where lawful and practical, we will notify you before disclosing investigation content in response to a legal request.
In a business transfer — if we are involved in a merger, acquisition, or sale of assets, data may transfer as part of that transaction subject to this policy.

We do not sell your data, share it for advertising, or share it with anyone else.

6. Data location and international transfers

Data is stored in the United States on Google Cloud infrastructure and processed in the United States by Anthropic's Claude API. The service is offered only to business users located in the United States and is not intended for use from outside the United States (see the Terms of Service). If you nonetheless access the service from elsewhere, you understand your data will be transferred to and processed in the United States.

7. Retention

Data	Retention
Investigation content and documents	Until you delete them or request deletion; deleted within 30 days of a verified request (up to 90 days for backup copies)
Account and contact information	While your account is active, then deleted or anonymized within 90 days
Usage data and logs	Up to 12 months, then deleted or aggregated

We may retain data longer where required by law or to resolve disputes.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict or object to processing of, or receive a portable copy of your personal data, and to lodge a complaint with a supervisory authority. To exercise any right, contact us at the address below. We will verify your identity and respond within 30 days (or the timeline required by your jurisdiction; e.g., 45 days under California law). For investigation content processed on behalf of your organization, we may refer your request to that organization as the controller of that data.

9. Security

Data is encrypted in transit (HTTPS) and at rest (provided by Google Cloud). Access to stored data is limited to authorized personnel and systems that need it to operate and support the service. If we become aware of a personal data breach affecting your data, we will notify you without undue delay and in accordance with applicable law.

10. Cookies

We use only the session cookies necessary for the tool to function. We do not use advertising or third-party tracking cookies.

11. Children

The service is intended for business use and is not directed to children under 18. We do not knowingly collect data from children.

12. Changes

We may update this policy. Material changes will be posted here with a new effective date, and we will provide notice (e.g., email or in-product) before they take effect.

13. Contact

rsnyder@faeintelligence.com