• Terms of Use
• Privacy Policy
• FAQ
• Partnership

Fract Privacy Policy

Effective Date: February 19, 2026

Welcome to Fract’s Privacy Policy. Fract, Inc. ("Fract," "we," or "us") is a Delaware‑based B2B software‑as‑a‑service (SaaS) company providing an analytics and territory planning platform for businesses. We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (California Privacy Rights Act). This Privacy Policy explains what information we collect, how we use and share it, and your rights regarding your information. It replaces our legacy 2014 Privacy Policy to reflect modern data practices and legal requirements.

By using Fract’s services (the “Services”), you acknowledge that you have read and understood this Privacy Policy. We have written it in plain language for clarity and structured it with clear headings so you can easily find the information you need. We prioritize transparency and trust in how we handle data.

Information We Collect

We collect both personal and business information necessary to provide and improve our Services. Even information in a business context (e.g. work email or job title) is considered personal data under privacy laws. Below we explain the categories of information we collect:

Account and Contact Information

When you sign up or are given access to Fract, we collect information such as your name, work email address, phone number, job title, company/organization name and other business contact details. This includes identifiers like your name and email, which are considered personal information under many privacy laws. If you register on behalf of a company, we also record the company’s details (e.g. company name, industry).

Credentials

We collect account login credentials such as your username and password to secure your access to the Services. Your account login information (together with any required security authentication) may be considered "sensitive personal information" under certain laws. We use this information only to authenticate you and protect your account, and not for any secondary purposes.

Billing Information

If you purchase a subscription or conduct transactions, we (or our payment processor) collect payment and billing details. This may include your business billing address, and payment method information (such as credit card number or banking information). Financial information (like payment details) is classified as commercial information under California law. Note: For security, Fract uses accredited third‑party payment processors to handle sensitive payment data, and we generally do not store full payment card numbers.

Business Data You Provide

You and your authorized users may upload or input data into our platform as part of using our analytics and territory planning tools (for example, sales data, territory maps, customer or prospect lists, addresses or other business metrics). This data ("Customer Data") may include personal information relating to your business’s employees or customers (e.g. names, contact details or location information of individuals within sales territories). Fract processes Customer Data on your behalf to provide the Services and for no other purposes. You are responsible for ensuring you have a legal right to collect and share any personal information included in Customer Data with us. In GDPR terms, you act as the data controller for Customer Data, and Fract is a data processor handling that information under your instructions (per our contracts and Data Processing Addendum). We do not access or use Customer Data except as necessary to deliver and support the Services, to comply with law, or as instructed by you.

Usage Data

We automatically collect information about how you and your users interact with our Services. This includes usage logs and analytics data such as the features you use, pages or screens you visit, the date and time of access, actions taken (e.g. territory maps created or reports generated), and performance logs. We also collect event information like error reports and clickstream data to troubleshoot and improve the user experience.

Device and Technical Data

When you use Fract, we collect information about your device and browser, such as your device type, operating system, browser type, device identifiers and screen resolution. We also record your Internet Protocol (IP) address and derive general location information from it (e.g. city or region). This helps with service localization, security (for example, detecting unusual login locations) and analytics. Other technical data like your referral source (how you reached our site) and session identifiers may be collected as well.

Cookies and Tracking Technologies

Like most online services, we use cookies and similar technologies (such as web beacons and pixels) to collect information automatically when you interact with our website or platform.

• Necessary Cookies: Used to log you into your account, maintain your session and remember preferences.
• Analytics Cookies: Used to understand usage of our Services, such as which features are most popular, and to improve our platform. We use third‑party analytics tools (e.g. Google Analytics) that set cookies and similar identifiers to collect usage data and device info on our behalf. We configure these tools to avoid collecting more data than necessary, and where required, we obtain your consent for analytics cookies.
• Functional Cookies: Used to remember your settings and enhance your experience (for instance, remembering a default territory or language selection).
• Advertising/Marketing Cookies: Fract’s platform is primarily B2B and we do not show third‑party ads on our site. However, we may use cookies or pixels in our marketing website or emails to measure the effectiveness of our own marketing campaigns. For example, if you visit our public website, we might later show you an ad about Fract on LinkedIn or other platforms (this is known as retargeting). Any such cookies will only be used in compliance with applicable law (e.g. with prior consent where required).
• Managing Cookies: You can control or delete cookies via your browser settings at any time. Please note that if you disable certain cookies, parts of our Service (especially the web application) may not function properly, such as maintaining your login session. For more details, see our Cookie Policy (if available) or contact us.

Communications with Us

If you contact us with an inquiry, request support, or otherwise correspond with Fract (via email, chat, phone or through social media), we collect the information you provide. This may include your name, contact info, the contents of your message, attachments and any other information you choose to share. We use this to respond to you and improve our services (for example, fixing issues you report).

Information from Third Parties

We may receive information about you from third‑party sources in certain situations:

• If your employer or another business entity provides you with access to Fract (e.g. they invite you as an authorized user), they may give us your name, work email or other contact details to set up your account.
• For sales and marketing, we might obtain business contact information from partners or public sources. For example, we could collect your business contact details from public professional profiles (like LinkedIn) or marketing lead providers, in order to send an invitation to try Fract. We only collect limited professional data in this manner (e.g. name, business email, company, job title) and only where it is lawful to do so.
• If we integrate with third‑party services at your request (for example, if you connect a CRM system or upload data from an external source), we will receive information from those systems per your integration. We will inform you at the time of any such data import.

We do not knowingly collect any personal information from children under 13 years of age, and our Services are not directed to children under 13. If you believe a child under 13 may have provided us personal data, please contact us immediately and we will take steps to delete such information. Likewise, our Services are intended for business use by adults; if you are under the age required by your local law to validly consent to data processing (for example, under 16 in some EU countries), you should not use Fract or provide personal information through our platform.

How We Use Information

Fract uses the collected information for the following business and operational purposes:

• Providing and Improving the Services: We process your personal and business information to set up and maintain your account, authenticate you and deliver our Services’ core functionality. For example, we use your information to allow you and your team to log in, upload and analyze territory data, and visualize insights. We also use data to operate, troubleshoot and improve our platform – for instance, analyzing usage trends to debug issues, optimize user interface flows and develop new features. This includes using aggregated usage data to understand how clients interact with features so we can make enhancements.
• Analytics and AI‑Powered Insights: As part of providing our analytics and territory planning solutions, we may apply algorithms, including machine learning or AI, to your data to generate insights, predictions or recommendations for you. For example, our Service may automatically identify optimal sales territories or highlight trends by analyzing the data you input. Any automated processing of your data is done to serve you – e.g. to deliver analytics results – and not to make consequential decisions about individuals outside of providing the analytics you request. We do not engage in solely automated decision‑making that produces legal or similarly significant effects on individuals without human review or your explicit consent. We may also use anonymized data to improve our AI algorithms and analytical models, so that we can provide better insights. If we ever wish to use your identifiable personal data to train or improve our AI beyond your own use of the Service (for example, to develop general AI features), we will do so only in compliance with applicable law – which may include obtaining your opt‑in consent where required.
• Aggregated and Anonymized Data Use: We may aggregate, de‑identify or anonymize personal information such that it can no longer be linked to any individual or company. We may use this aggregated data for purposes such as improving our Services, publishing benchmarking reports or developing new products and features. For example, we might compile statistics like "average territory size by industry" using data across many customers, but without revealing any personal or confidential details. We will not attempt to re‑identify anonymized data, and any sharing of aggregated insights will contain no personal or confidential information.
• Customer Support and Communications: We use contact information (like your email or phone number) and any relevant account or usage data to provide support and respond to inquiries. For instance, if you reach out with a technical question, we will review your account details or relevant data to help resolve the issue. We also send you service‑related communications such as billing invoices, technical notices, security alerts and administrative messages. These communications are necessary for us to maintain the Services and keep you informed of important information related to your use of Fract.
• Marketing and Newsletters: We may use your contact details (such as your work email) to send you promotional communications about Fract, such as product updates, whitepapers, events or newsletters, if you have opted in or if otherwise permitted (for example, if you are an existing customer, we might send product updates based on our legitimate interest in keeping you informed, to the extent allowed by law). You have control over marketing messages – see Your Choices below for opt‑out. We do not spam, and you can unsubscribe at any time. We also do not sell your information to third‑party marketers.
• Security and Fraud Prevention: We process certain data to secure our Services, prevent fraud, abuse or other illegal activities and to enforce our terms and policies. For example, we may use IP addresses and device information to detect suspicious logins, or review logs to protect against DDOS attacks. We may also use automated tools to monitor for inappropriate use of our platform (such as uploading illicit content) in order to maintain a safe environment.
• Legal Compliance and Protection: Where necessary, we use personal information to comply with legal obligations, such as maintaining proper business records, handling opt‑out requests, meeting government reporting requirements or responding to lawful requests by public authorities. Additionally, we may process data as needed to protect our rights and interests (or those of our customers or partners), for instance to enforce contracts or to investigate and defend against potential legal claims.
• Other Purposes with Consent: If we intend to use your personal information for any purpose outside of the above, we will explain it to you at the time of collection and, if required, obtain your consent. For example, if we ever wish to publish a customer testimonial that includes personal information, we would seek your permission. You have the right to withdraw any given consent at any time.

Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we only process your personal data when we have a valid legal basis to do so under GDPR/UK GDPR. This section explains the legal grounds we rely on for the processing activities described:

• Performance of a Contract: We process personal data to provide our Services pursuant to our contract with you (or your organization). This covers most of the core data processing in Fract – for example, using your account, contact and Customer Data to deliver analytics results and account features, as agreed in our Terms of Service. It also includes processing payments and communicating with you about the Services.
• Legitimate Interests: We process certain data as necessary for our legitimate business interests, provided that those interests are not overridden by your data protection rights. We have carefully balanced these interests with your privacy. Examples of processing under legitimate interests include: improving and securing our platform (analytics, debugging and security monitoring), contacting business users about product updates or relevant services (direct marketing in a B2B context, subject to your rights) and detecting fraud or illegal use. We only rely on legitimate interests for processing business contact data or usage data in ways individuals would reasonably expect from a B2B service. You have the right to object to processing based on legitimate interests (see Your Rights below).
• Consent: In certain cases, we rely on your consent. For instance, if you sign up to receive our newsletter or if we place non‑essential cookies (like analytics or marketing cookies) on your device in jurisdictions that require consent, we do so based on your consent (which you can withdraw at any time). Similarly, if we ever process sensitive personal data or introduce new processing that requires consent, we will obtain it separately. When we rely on consent, we make sure you are informed and can opt out freely.
• Legal Obligation: We will process personal data when necessary to comply with a legal obligation to which we are subject. For example, we may retain and disclose certain transaction records to comply with tax and accounting laws, or respond to a valid legal subpoena or court order requiring disclosure of data.
• Other Bases: In rare cases, we might process data to protect vital interests (e.g. in a life‑threatening situation) or for tasks carried out in the public interest, but these bases are generally not applicable to our typical B2B Services.

We will clarify the specific legal basis whenever required by law. If you have questions about the legal basis of a particular processing activity, please contact us.

Sharing and Disclosure of Information

We do not sell your personal information to third parties. We only share your information in the following circumstances, and always with appropriate safeguards and only the minimum necessary data:

Service Providers (Processors)

We share personal and business data with third‑party service providers who act on our behalf to support our operations and the provision of Services. These service providers (also called “processors” or “agents”) assist us with various business functions, such as:

• Cloud Hosting and Storage: We use secure cloud infrastructure to host our application and store data (for example, a cloud platform where our databases and servers reside).
• Payment Processing: If you make purchases, our payment processor (e.g. Stripe or similar) will receive your billing information to process transactions.
• Email and Communications: We use email delivery services to send transactional emails (like account invites and alerts) and newsletters. These providers process your contact info for sending messages on our instructions.
• Analytics Services: We use analytics tools (like Google Analytics or others) to collect usage data as described above. These providers may receive identifiers and usage info via their scripts or SDKs on our site. We configure these tools to limit data sharing (for example, using IP anonymization where possible).
• Customer Support Tools: If we use helpdesk or live chat software, those tools may process data you provide in support inquiries (like your email and support conversation).
• Infrastructure and Security: We may use services for logging, monitoring, backup, content delivery (CDN) and security (like firewalls or DDoS protection services) that necessarily process some data to function.

In all cases, these service providers are bound by contractual agreements (such as Data Processing Agreements) to only use your data for our specified purposes, to keep it confidential and to meet adequate security standards. They are not allowed to use your personal information for their own purposes. We maintain an updated list of key sub‑processors which we can provide upon request.

Business Partners

In some cases, we may share business contact information with authorized partners or resellers of Fract, but only for legitimate purposes related to our Service. For example, if you were referred to Fract by a consulting partner, we might confirm basic usage information back to that partner for account management and commission calculations. We will ensure any such partners are under obligations to protect your data. We do not share personal data with third parties for their independent marketing purposes without your consent.

Within Our Corporate Group

If Fract is part of a corporate family (subsidiaries, affiliates or parent company), we may share information within that group as needed to operate the Service and corporate functions. (As of the date of this Policy, Fract is a standalone company with operations in the U.S.) Any future corporate affiliates would be required to honor this Privacy Policy.

Legal Compliance and Protection

We may disclose personal information to government authorities, regulators or other third parties when we believe disclosure is necessary to comply with a law or legal process (such as a subpoena, court order or government demand). We will only do so after verifying the request’s validity and only the data required. Additionally, we may share information if we believe in good faith that it’s necessary to protect the rights, property or safety of Fract, our users or the public. For example, we might need to share data with law enforcement to investigate a fraud or cybersecurity incident, or disclose information in litigation if relevant to defending legal claims.

Business Transfers

If Fract is involved in a potential or actual merger, acquisition, financing, corporate reorganization, bankruptcy, receivership or sale of all or part of our business or assets, personal information may be disclosed to or transferred as part of that transaction. We would only transfer what is necessary and ensure the recipient commits to protect your data in a manner consistent with this Policy. You will be notified via a prominent notice on our website or via email of any change in ownership or uses of your personal information as a result of a business transition, as well as any choices you may have.

Your Instruction or Consent

We may share your information with other third parties at your direction or with your explicit consent. For instance, if you integrate Fract with a third‑party application, we will, upon your direction, share data with that third‑party as needed for the integration. Similarly, if you ask us to share data with a consultant or partner working with you, or you make your data public within our platform (if such feature exists), we will do so as instructed by you.

In all sharing scenarios, we strive for transparency. Importantly, Fract does not sell your personal information and does not share it for cross‑context behavioral advertising. In the past 12 months, we have disclosed personal information only for “business purposes” as described above, not for third parties’ commercial gain.

International Data Transfers

Fract is based in the United States, and our primary servers and data centers are located in the U.S. If you are accessing our Services from outside the U.S., be aware that your personal information will likely be transferred to and stored in the United States or other jurisdictions where our service providers are located. These countries may have data protection laws that are different from those in your country (and in some cases, may not be as protective).

However, when we transfer personal data internationally, we take steps to ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law. If you are in the European Economic Area (EEA), United Kingdom or Switzerland, this means:

• We will transfer your personal data to the U.S. and other countries only to recipients that are in jurisdictions deemed to have “adequate” data protection by the European Commission, or under legally‑approved transfer mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs). These SCCs contractually oblige the recipient to protect your data to EU privacy standards.
• We have in place a Data Processing Addendum with SCCs incorporated for our customers, and similar agreements with our processors, to cover EEA/UK data transfers. We also monitor regulatory developments around international transfers and will adjust our practices accordingly.
• Where applicable, we rely on adequacy decisions (for example, transfers to countries that the EU has deemed as providing adequate protection) or any new compliance frameworks that may be established.

For other regions (such as Canada, Australia, etc.), we likewise ensure that cross‑border transfers comply with local requirements. By using our Services or submitting information to us, you understand that your data may be transferred to the U.S. and globally. If you have questions about our international data transfer practices, please contact us.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. In general:

• Account Information: If you have an account with Fract, we keep your account data while your account is active. This allows us to provide the Service to you. If you or your organization chooses to terminate your subscription or your account is otherwise deleted, we will delete or anonymize your personal information within a reasonable period after the account closure, except as noted below.
• Customer Data (Uploaded Content): Data that you or your users upload to the platform is stored on our systems. If you delete specific data within the platform, we remove it from active databases, but it may persist in secure backups for a limited time before being purged. Upon account termination, we generally delete or return Customer Data as per our contract with you. We may retain it for a brief period post‑termination in backups or archives before it is fully erased, except if we are instructed otherwise or prohibited by law.
• Communication and Support Data: If you correspond with us, we may retain those communications for a period necessary for customer service and to improve our services. If you unsubscribe from marketing emails, we will retain your email on a suppression list to ensure we honor your opt‑out.
• Legal and Backup Retention: We may retain information for longer periods if necessary to meet legal obligations or to resolve disputes. For example, we might retain certain billing records as required for financial audits, or information that is subject to a litigation hold. We also maintain secure backup copies of data for disaster recovery purposes – these backups are retained in a protected environment and are only accessed if needed for restoration. We limit retention of backups and logs to what is reasonably necessary.

Our retention periods consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for processing and whether those purposes can be achieved through other means. When personal data is no longer needed, we will ensure it is either securely deleted or anonymized. If you have specific questions about retention for certain data types, please contact us.

Data Security

Fract takes security measures seriously to protect your information from loss, misuse and unauthorized access or disclosure. We employ a combination of technical, organizational and physical safeguards in line with industry standards. These include, for example:

• Encryption: We encrypt personal data in transit over the internet (e.g. TLS encryption for data transmitted between you and Fract’s servers). We also encrypt sensitive data at rest in our databases or storage systems.
• Access Controls: We limit access to personal data strictly to authorized personnel and service providers who need it to operate our Service. Employee access to customer data is restricted and governed by confidentiality obligations. We use authentication measures (including multi‑factor authentication where feasible) to prevent unauthorized access to systems.
• Network & Application Security: Our platform is built with security in mind. We maintain firewalls and network monitoring to protect our infrastructure. Regular security scans, penetration testing and code reviews are conducted to identify and fix vulnerabilities.
• Organizational Practices: Our team is trained on data privacy and security best practices. We have internal policies for incident response, and we continually improve our security protocols. In the event of any data breach that affects personal information, we will notify affected users and authorities as required by law.
• Third‑Party Security: We vet our service providers for strong security practices and ensure they are contractually obligated to protect your data.

Please note, however, that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You should also take care with how you handle and disclose your own credentials and personal data, and notify us immediately if you believe your account or data may have been compromised.

Your Privacy Rights and Choices

Depending on your jurisdiction, you have certain rights and choices regarding your personal information. Fract is committed to honoring your rights under applicable privacy laws. This section describes general rights that apply to our users and specifically addresses rights for individuals in the European Union (and equivalent GDPR jurisdictions) and in California.

General Rights

• Access, Correction, Deletion: You have the right to access the personal information we hold about you and to receive a copy of it in a structured, commonly used format. You also have the right to request correction of any inaccurate or incomplete personal data we have about you. Furthermore, you may ask us to delete personal information in certain circumstances (for example, if it’s no longer needed for the purposes collected, or if you withdraw consent). We will honor valid deletion requests unless an exception applies (for instance, we may keep data if required by law or if it’s necessary for a legal claim). Once we delete your data, we will inform you, and note that deletion may be irreversible.
• Objection and Restriction: You have the right to object to the processing of your personal information in some cases. For example, if we process your data based on legitimate interests, you can object if you feel it infringes on your rights. If you object to direct marketing, we will stop using your data for that purpose immediately. You also have the right to request that we restrict processing of your data in certain situations – for instance, while we are verifying its accuracy or if you have objected and await our assessment. When processing is restricted, the data will just be stored and not otherwise used.
• Data Portability: To the extent provided by law, you have the right to data portability, meaning you can request to receive certain personal information in a machine‑readable format, and/or have it transmitted to another provider where technically feasible. This typically applies to data you provided to us, and that we process by automated means based on consent or contract.
• Withdraw Consent: If we rely on consent for any processing, you have the right to withdraw your consent at any time. For example, you may unsubscribe from our marketing emails (withdrawing consent for marketing) by clicking the “unsubscribe” link in the email or contacting us. Withdrawing consent will not affect the lawfulness of processing before the withdrawal. If you withdraw consent for a functionality that requires it (e.g. certain cookies), you might not be able to continue using that feature.
• Non‑Discrimination: We will never retaliate or discriminate against you for exercising any of these privacy rights. For example, we will not deny you service or provide a lesser experience because you made a data rights request. However, please note that if you request deletion of certain data, some features of the Service that rely on that data may no longer be available – for instance, if you delete your account data, you will no longer be able to log in – this is a consequence of the deletion, not discrimination.

Rights of Individuals in the EEA and UK

If you are located in the European Union, EEA or United Kingdom, you have the following rights under the GDPR (many of which overlap with the general rights described above):

• Right to Be Informed: You have the right to clear and transparent information about how we collect and use your personal data. This Privacy Policy is intended to provide you with that information. If you have any questions not answered here, please contact us.
• Right of Access: You can request confirmation of whether we are processing your personal data, and if so, request access to that data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you.
• Right to Rectification: You have the right to have inaccurate personal data corrected or completed if it is incomplete. We rely on you to help keep your information accurate, so we encourage you to contact us or use any self‑service tools we provide to correct your data.
• Right to Erasure: You have the right to request deletion of your personal data in certain circumstances. This right (also known as the “right to be forgotten”) is not absolute – for example, it does not apply if processing is still necessary for the purpose it was collected, or if we have a legal obligation to keep the data – but we will honor it whenever we can. If you close your account with Fract, we will delete or anonymize your personal data as described in the Data Retention section, subject to any lawful retention requirements.
• Right to Restrict Processing: You can ask us to suspend processing of your personal data if you contest its accuracy, prefer to limit processing rather than deletion, or if you have objected and we are considering the request, or when processing is unlawful but you do not want erasure. When processing is restricted, we will just store the data and not otherwise use it.
• Right to Data Portability: Under certain conditions, you have the right to receive personal data you have provided to us in a structured, commonly used, machine‑readable format, and to have that data transmitted to another controller where technically feasible. This right applies when the processing is based on your consent or a contract and is carried out by automated means.
• Right to Object: You have the right to object to our processing of your personal data when we base it on legitimate interests (or public interest) and you feel it impacts your fundamental rights and freedoms. We will review your objection and, unless we have a compelling legitimate ground to continue processing or it’s needed for legal claims, we will stop processing the data you objected to. Direct Marketing: You have an absolute right to object to your personal data being used for direct marketing purposes at any time. If you object, we will cease all such processing.
• Right not to be subject to Automated Decisions: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects for you, unless it is necessary for a contract, authorized by law, or based on your explicit consent. Fract does not engage in such decision‑making without human involvement as explained earlier.
• Right to Withdraw Consent: If we rely on consent, you can withdraw it at any time.
• Right to Complaint: If you have concerns about our data practices, you have the right to lodge a complaint with a supervisory Data Protection Authority (DPA) in the EU/EEA or with the UK’s Information Commissioner’s Office (ICO) for UK users. We would, however, appreciate the chance to address your concerns first, so we encourage you to contact us and we will do our best to resolve it.

We will respond to any valid requests from EEA/UK individuals to exercise these rights within one month, or inform you if we need more time as allowed by law. There is generally no fee for making a request, but if requests become excessive or repetitive, we may charge a reasonable fee or refuse to act on the request (as permitted by law). We may need to request certain information from you to confirm your identity for security purposes before fulfilling your request. This is to ensure that personal data is not disclosed to anyone who does not have the right to receive it.

Privacy Rights for California Residents

If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), in addition to the general rights described above. These include:

• Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose and sell or share about you. This includes the categories of personal information, the categories of sources, our purposes for collecting it, the categories of third parties with whom we share it and specific pieces of information we have collected. You may request a copy of the specific personal data we have about you, which we will provide in a readily usable format, allowing you to transmit it to another entity.
• Right to Delete: You have the right to request deletion of personal information we have collected from you and retained, subject to certain exceptions. Upon receiving and verifying a valid deletion request, we will delete (and instruct our service providers to delete) your personal information from our records, unless an exception applies (for example, if the information is needed to complete a transaction you requested, to detect security incidents, for legal compliance, etc.). We will inform you of any such exceptions that apply.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you. Upon verification, we will correct the information as you direct, taking into account the nature of the personal information and the purposes of processing.
• Right to Opt‑Out of Sale/Sharing: California residents have the right to opt out of the sale of personal information or the sharing of personal information for cross‑context behavioral advertising. However, as noted, Fract does not sell personal data and does not share personal data for targeted advertising, so this right is generally not applicable because we don’t engage in those practices. We also do not have any actual knowledge of selling or sharing personal information of individuals under 16 years of age. If in the future we ever considered selling or sharing personal data, we would implement an opt‑out mechanism and update this Policy accordingly.
• Right to Limit Use of Sensitive Personal Information: You have the right to direct businesses to limit the use of sensitive personal information to only that which is necessary to perform the services or provide the goods (as an average consumer would reasonably expect). Sensitive personal information under CPRA includes data like account login credentials, precise geolocation, racial or ethnic origin, health information, etc. As discussed, Fract’s collection of sensitive information is minimal (primarily account login and any payment info handled by third parties). We do not use or disclose sensitive personal information for purposes that would trigger the right to limit (we only use it to provide the Services and for security, not to infer characteristics or for secondary purposes). Therefore, a formal request to limit is generally not necessary in our case, as we already limit use to necessary purposes. If you have concerns or specific requests regarding sensitive information, you can contact us.
• Right to Non‑Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service just because you exercised your privacy rights. (However, please note that if you request deletion of certain data, some features of the Service that rely on that data may no longer be available – for instance, if you delete your account data, you will no longer be able to log in – this is a consequence of the deletion, not discrimination.)
• Shine the Light (Direct Marketing Disclosure): Under California Civil Code § 1798.83, California residents who have an established business relationship with us can request a notice disclosing the categories of personal information we have shared (if any) with third parties for their direct marketing purposes during the preceding calendar year, and the names and addresses of those third parties. As stated, Fract does not share personal information with third parties for their own direct marketing without your consent. Thus, we believe we have no such information to report. California residents can request further information regarding compliance with this law by contacting us as described below.
• Authorized Agent: California residents may designate an authorized agent to make requests to exercise certain rights on their behalf. If we receive a request from an agent on your behalf, we will take steps to verify the agent’s authorization (for example, by requiring a signed written permission or proof of power of attorney) and may also require you to verify your identity directly.
• Submitting Requests: If you are a California resident and wish to exercise any of the rights above, please contact us using the methods in the Contact Us section. Please specify which right you intend to exercise and provide us with sufficient information to verify your identity (and authority, if an agent is making the request). We will respond to verifiable requests within the timeframes required by law (generally within 45 days, with the possibility of an extension for complex requests). There may be limits or exceptions to these rights, as mentioned. If we refuse any part of your request, we will explain the reasons.

Beta Features and Future Updates

From time to time, Fract may offer beta features or pilot programs to introduce new functionalities (for example, an AI‑based tool in testing). If you choose to participate in a beta feature, please be aware that we may collect additional data related to your use of that feature and your feedback, in order to improve the feature. We will process any personal data involved in a beta in accordance with this Privacy Policy and any supplemental terms provided to you. If a beta feature involves new uses of your data beyond what’s described here, we will inform you and obtain any necessary consent before you use the feature. Participation in beta tests is voluntary, and you can opt out by discontinuing use of the beta feature and letting us know.

Fract is continually evolving, and we may introduce new services or use cases that involve personal data. We are committed to privacy by design and will ensure compliance with all relevant laws in future updates to our platform. We will update this Privacy Policy as needed to reflect any significant changes in our data practices or applicable regulations.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements and other factors. When we make changes, we will revise the "Last Updated" date at the top of this Policy. If changes are material, we will provide a more prominent notice (such as by posting a notice on our website or emailing you) explaining the updates. We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of the Services after the updated Policy becomes effective will indicate that you have read and understood the changes. If we materially change how we use or share personal data, we would either notify or obtain consent as required by law.

Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or your personal information, please do not hesitate to contact us:

Fract, Inc.
Attn: Privacy Team
8735 DUNWOODY PLACE STE R
ATLANTA, GA, 30350, USA
Email: privacy@fract.com

You may also contact us via our support portal on our website.

Exercising Your Rights: To exercise any of your privacy rights described above (access, deletion, etc.), please email us at privacy@fract.com with your request. We will respond as soon as possible, and no later than the timeframes required by law. We will need to verify your identity (and authority, if you are an agent) for security purposes before processing certain requests, as described earlier. If you have an account with Fract, we may ask you to verify your request through your account login or a confirmation email.

We are committed to resolving any complaints about our collection or use of your personal data. If you believe that we have not adhered to this Policy or have a privacy concern, please contact us at the email above so we can address the issue.

Thank you for trusting Fract with your data. We value your privacy and are dedicated to safeguarding it while providing you with powerful territory planning and analytics solutions.