Data Residency, Privacy & Trust
Fibr adheres to international data protection frameworks and operates regionally hosted clusters. All data is encrypted, anonymized, and processed in compliance with GDPR, CCPA, and SOC 2 requirements.
Regions & Data Residency
Fibr automatically stores and processes your data in the region closest to your organization or as defined by your workspace configuration. All clusters are isolated, compliant, and fully managed on AWS with region-specific encryption, monitoring, and backup policies.
When you use Fibr, you're trusting us with your website data and visitor information. This page explains exactly what we collect, how we protect it, and where it's stored.
What Data Does Fibr Collect?
Visitor data (collected automatically):
Page URLs visited on your site
Device type, browser, and operating system
Geographic location (country and region level, not precise location)
Referral source and UTM parameters
Timestamp of visits
Experiment variant assignments
Interaction data (based on your configuration):
Click events on elements you've set up for tracking
Form submissions (if you configure conversion tracking on forms)
Custom events you define
What Fibr does NOT collect:
Names, email addresses, or personal contact information (unless you explicitly configure form tracking)
Payment or credit card details
Passwords or login credentials
Keystroke data or session recordings
Browsing behavior outside your website
How We Protect Your Data
Encryption
All data in transit is encrypted using TLS 1.2 or higher
All data at rest is encrypted using AES-256 encryption
Access controls
Internal access to customer data is strictly limited to authorized personnel
All access is logged and auditable
We follow the principle of least privilege
Infrastructure security
Fibr runs on enterprise-grade cloud infrastructure
Our providers maintain SOC 2 Type II certification
We use multiple availability zones for redundancy
Regular security assessments and penetration testing
Secure authentication
OAuth 2.0 for Google and Microsoft sign-in
Encrypted password storage for email sign-up
SSO support for enterprise customers
Session timeouts for inactive users
Where Is Data Stored?
🇺🇸 United States
Default for customers based in North & South America
🇪🇺 Europe (EU)
Default for EU, UK, and EEA customers
🇮🇳 India (APAC)
Default for customers in India and nearby APAC regions
🌍 Others
For specific data residency requirements, reach out to [email protected] to discuss your needs.
Data Retention
Default retention period: 12 months
Visitor data and experiment results are retained for 12 months from collection. After this period, data is automatically deleted.
Custom retention: Available for Enterprise customers
Need shorter retention for compliance reasons, or longer retention for historical analysis? Enterprise plans support custom data retention policies.
Account deletion:
If you close your Fibr account, all associated data is permanently deleted within 30 days. To request account deletion, contact [email protected].
GDPR Compliance
Fibr is designed to support GDPR compliance for organizations serving visitors in the European Union.
How Fibr supports your compliance:
Data minimization: We collect only what's necessary for experiments and personalization
Consent integration: Fibr can wait for visitor consent before activating (integrate with your consent management platform)
Right to erasure: You can request deletion of visitor data
Data portability: Export your data at any time from the dashboard
Data Processing Agreement: Available for customers who need a formal DPA
Your responsibilities:
Disclose your use of Fibr in your privacy policy
Implement appropriate consent collection for visitors in regulated regions
Configure Fibr to respect consent signals where required
Need a DPA? Contact [email protected] and we'll send one over.
Cookie Usage
Fibr uses first-party cookies to:
Identify returning visitors
Maintain consistent experiment assignments (so visitors see the same variant across sessions)
Track conversions accurately
Cookie details:
fibr_visitor_id
Identifies unique visitors
12 months
fibr_experiments
Stores variant assignments
12 months
These cookies are:
First-party only (set on your domain)
Not used for cross-site tracking
Not shared with third parties
Consent integration:
If you use a consent management platform, you can configure Fibr to load only after visitors consent to functional or analytics cookies. Contact us for implementation guidance.
Third-Party Sharing
We do not sell your data. Ever.
Your visitor data and experiment results are never:
Sold to third parties
Shared for advertising purposes
Used to build profiles for other customers
Combined with data from other Fibr customers
We use your data solely to provide Fibr's services to you.
Subprocessors:
Fibr uses a limited number of trusted subprocessors for infrastructure and services. A list is available upon request for customers completing vendor assessments.
Need compliance documentation for a security review or procurement process? Contact [email protected] and we'll provide what you need.
Last updated