​
​
Privacy Policy
Version 1.1
Last updated: 18 November 2025
Fendr Ltd (Company No. 16625357)
Office 205, 60 Tottenham Court Road, Fitzrovia, London, W1T 2EW
Fendr Ltd (“Fendr”, “we”, “us”, “our”) provides browser-based AI-risk and data-loss prevention tooling that helps organisations use AI securely.
This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, contact us, or use our products. It also describes how we process data on behalf of our customers inside the Fendr platform.
If you have any questions, contact us at: info@fendr.tech
1. Who We Are
For website visitors, sales prospects, and marketing interactions, Fendr Ltd is the Data Controller.
For data processed through the Fendr browser extension and platform, your organisation (the customer) is the Data Controller, and Fendr acts as the Data Processor.
We comply with:
-
UK GDPR
-
EU GDPR (where applicable)
-
Data Protection Act 2018
-
Other privacy laws relevant to our customers, including international transfer rules.
2. Personal Data We Collect
2.1 Website, Marketing & Sales (Controller)
We collect:
-
Contact details (name, email, role, company)
-
Website analytics (page views, clicks, referring URLs)
-
Device & browser information
-
Product interest or form submissions
-
Marketing preferences
-
Communication history
Sources include direct forms, website cookies, third-party analytics, and marketing tools.
2.2 Product Usage Data (Processor)
When your organisation installs the Fendr extension, we process:
AI-related activity metadata
-
URLs of AI tools visited
-
Timestamps, feature usage
-
High-level interaction metadata
-
Document upload or paste attempts
-
Sensitive-content detection triggers (based on customer policy)
Security-relevant data
-
Policy violations
-
Blocked actions
-
Risk flags
-
Customer-specific classification matches
Device / environment
-
Browser & OS
-
Device identifier (pseudonymised where possible)
-
Organisation ID and user seat ID
Important
We do not store AI prompt content by default, unless explicitly enabled by the customer for audit purposes.
Customers must ensure that employees receive appropriate privacy notices describing that Fendr will process AI-related interaction data for compliance and security.
3. How We Use Personal Data
3.1 Controller (Website / Marketing / Sales)
We use personal data to:
-
Provide information about Fendr
-
Respond to enquiries
-
Manage demos and onboarding
-
Send marketing communications (with opt-out options)
-
Improve our website and product
-
Secure our systems
-
Comply with legal obligations
3.2 Processor (Product Extension)
We use customer end-user data only to:
-
Provide the Fendr service
-
Detect risky uploads, pastes, or actions
-
Generate audit logs
-
Enforce customer-defined policy controls
-
Maintain service reliability & security
-
Provide support and troubleshooting
-
Improve product reliability (aggregated/anonymised only)
We do not sell or monetise customer data.
4. Lawful Bases for Processing
Website, Marketing & Sales
Processing is based on:
-
Contract – providing demos, onboarding, support
-
Legitimate Interests – analytics, B2B communications, product improvement
-
Consent – non-essential cookies, where required
-
Legal Obligation – regulatory compliance
Customer Platform Data (Processor)
Processing is carried out under a Data Processing Agreement (DPA) with each customer.
5. How We Share Data
We share personal data with trusted third-party providers that support our operations, such as:
-
Cloud hosting
-
Error monitoring
-
Analytics
-
Support tools
-
CRM & marketing systems
All sub-processors are bound by agreements requiring confidentiality and security safeguards.
A list of sub-processors is available at:
fendr.tech/subprocessors (placeholder)
We do not sell personal data.
6. International Data Transfers
Fendr operates in multiple jurisdictions. Data may be processed in:
-
UK
-
EU/EEA
-
US
-
Other permitted regions where providers operate
We use recognised safeguards for international transfers, including:
-
UK IDTA
-
EU Standard Contractual Clauses (SCCs)
-
UK Addendum to SCCs
-
Encryption and access controls
-
Vendor security vetting
We monitor regulatory developments to maintain compliance.
7. Data Retention
We retain data only as long as needed for the purposes outlined.
Examples:
-
Marketing data: 24 months inactivity
-
Support records: up to 3 years
-
Platform metadata: per customer retention settings (typically 30–180 days)
-
Backups: encrypted, automatically deleted on a rolling basis
Where feasible, we anonymise or pseudonymise data.
8. Data Subject Rights
Individuals may have rights to:
-
Access their data
-
Correct inaccurate data
-
Request deletion
-
Restrict or object to processing
-
Port their data
-
Withdraw consent
Requests can be made to: privacy@fendr.tech or info@fendr.tech
We respond within 30 days.
Complaints can be escalated to:
Information Commissioner’s Office (ICO) – ico.org.uk
9. Security
We implement security measures including:
-
Encryption in transit & at rest
-
Access controls and audits
-
Device-ID pseudonymisation
-
Continuous monitoring
-
Penetration testing
-
Incident response processes
-
Sub-processor due diligence
While no system is infallible, we work continually to enhance our security posture.
10. Cookies & Tracking
We use cookies for:
-
Website analytics
-
Performance measurement
-
Marketing attribution
-
Security monitoring
Non-essential cookies require consent where required by law.
See our Cookie Policy for more information.
11. Children’s Data
Fendr is not intended for anyone under 16, and we do not knowingly collect data from minors.
12. Changes to This Policy
We may update this Policy occasionally. Updates will be posted on this page with a revised “Last updated” date.
Material changes may also be notified directly.
13. Contact Us
​
Fendr Ltd
Office 205, 60 Tottenham Court Road
Fitzrovia, London
W1T 2EW
​
​
​