# Data Residency, Privacy & Trust Fibr adheres to international data protection frameworks and operates regionally hosted clusters. All data is encrypted, anonymized, and processed in compliance with GDPR, CCPA, and SOC 2 requirements. ### Regions & Data Residency Fibr automatically stores and processes your data in the region closest to your organization or as defined by your workspace configuration. All clusters are isolated, compliant, and fully managed on AWS with region-specific encryption, monitoring, and backup policies. When you use Fibr, you're trusting us with your website data and visitor information. This page explains exactly what we collect, how we protect it, and where it's stored. *** #### What Data Does Fibr Collect? {% columns %} {% column %} **Visitor data (collected automatically):** {% endcolumn %} {% column %} * Page URLs visited on your site * Device type, browser, and operating system * Geographic location (country and region level, not precise location) * Referral source and UTM parameters * Timestamp of visits * Experiment variant assignments {% endcolumn %} {% endcolumns %} {% columns %} {% column %} **Interaction data (based on your configuration):** {% endcolumn %} {% column %} * Click events on elements you've set up for tracking * Form submissions (if you configure conversion tracking on forms) * Custom events you define {% endcolumn %} {% endcolumns %} {% columns %} {% column %} **What Fibr does NOT collect:** {% endcolumn %} {% column %} * Names, email addresses, or personal contact information (unless you explicitly configure form tracking) * Payment or credit card details * Passwords or login credentials * Keystroke data or session recordings * Browsing behavior outside your website {% endcolumn %} {% endcolumns %} *** #### **How We Protect Your Data** **Encryption** * All data in transit is encrypted using TLS 1.2 or higher * All data at rest is encrypted using AES-256 encryption **Access controls** * Internal access to customer data is strictly limited to authorized personnel * All access is logged and auditable * We follow the principle of least privilege **Infrastructure security** * Fibr runs on enterprise-grade cloud infrastructure * Our providers maintain SOC 2 Type II certification * We use multiple availability zones for redundancy * Regular security assessments and penetration testing **Secure authentication** * OAuth 2.0 for Google and Microsoft sign-in * Encrypted password storage for email sign-up * SSO support for enterprise customers * Session timeouts for inactive users *** #### Where Is Data Stored?
RegionData Processing & Storage
🇺🇸 United StatesDefault for customers based in North & South America
🇪🇺 Europe (EU)Default for EU, UK, and EEA customers
🇮🇳 India (APAC)Default for customers in India and nearby APAC regions
🌍 OthersFor specific data residency requirements, reach out to support@fibr.ai to discuss your needs.
*** #### **Data Retention** **Default retention period:** 12 months Visitor data and experiment results are retained for 12 months from collection. After this period, data is automatically deleted. **Custom retention:** Available for Enterprise customers Need shorter retention for compliance reasons, or longer retention for historical analysis? Enterprise plans support custom data retention policies. **Account deletion:** If you close your Fibr account, all associated data is permanently deleted within 30 days. To request account deletion, contact . *** #### **GDPR Compliance** Fibr is designed to support GDPR compliance for organizations serving visitors in the European Union. **How Fibr supports your compliance:** * **Data minimization:** We collect only what's necessary for experiments and personalization * **Consent integration:** Fibr can wait for visitor consent before activating (integrate with your consent management platform) * **Right to erasure:** You can request deletion of visitor data * **Data portability:** Export your data at any time from the dashboard * **Data Processing Agreement:** Available for customers who need a formal DPA **Your responsibilities:** * Disclose your use of Fibr in your privacy policy * Implement appropriate consent collection for visitors in regulated regions * Configure Fibr to respect consent signals where required **Need a DPA?** Contact and we'll send one over. *** #### **Cookie Usage** Fibr uses first-party cookies to: * Identify returning visitors * Maintain consistent experiment assignments (so visitors see the same variant across sessions) * Track conversions accurately **Cookie details:** | Cookie | Purpose | Duration | | ------------------ | -------------------------- | --------- | | `fibr_visitor_id` | Identifies unique visitors | 12 months | | `fibr_experiments` | Stores variant assignments | 12 months | **These cookies are:** * First-party only (set on your domain) * Not used for cross-site tracking * Not shared with third parties **Consent integration:** If you use a consent management platform, you can configure Fibr to load only after visitors consent to functional or analytics cookies. Contact us for implementation guidance. *** #### **Third-Party Sharing** **We do not sell your data. Ever.** Your visitor data and experiment results are never: * Sold to third parties * Shared for advertising purposes * Used to build profiles for other customers * Combined with data from other Fibr customers We use your data solely to provide Fibr's services to you. **Subprocessors:** Fibr uses a limited number of trusted subprocessors for infrastructure and services. A list is available upon request for customers completing vendor assessments. *** Need compliance documentation for a security review or procurement process? Contact and we'll provide what you need.