Privacy Policy

Last updated: 23 February 2026

This Privacy Policy explains how Fernly Digital Services ("Fernly", "we", "us", "our") collects, uses, discloses, and protects personal data when you use our websites, applications, and services (together, the "Services").

For UK users, we process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are (Data Controller)

Controller: Fernly Digital Services
Contact email: legal@fernly.io

2. Scope

This Privacy Policy applies to:

Visitors to our website(s).
Users who create and use a Fernly account ("Customers" or "Users").
Individuals whose personal data is included in Customer content (e.g., leads, contacts, client portal users) ("End Individuals").

Where we process personal data on behalf of a Customer as their processor (e.g., contacts/leads stored in the Customer's workspace), the Customer is the controller and our processing is governed by our Data Processing Agreement (DPA).

Our subprocessor list is available at fernly.io/subprocessors.

3. Personal data we collect

3.1 Data you provide to us

We may collect:

Account data: name, email, password hash, organisation/workspace details, role/permissions.
Billing data: billing contact details, subscription status, invoices/receipts (payment details are processed by our payment provider).
Support data: messages and attachments you send to support.
Client portal data: if you invite clients, we may process their name, email, and project-related updates/files.

3.2 Data we collect automatically

We may collect:

Usage data: pages/screens viewed, features used, timestamps, events, and diagnostic logs.
Device and technical data: IP address, browser type, device identifiers, operating system, language, approximate location derived from IP.

3.3 Lead discovery / enrichment data

If you use lead discovery or enrichment features, we may process:

Business listing data (e.g., business name, category, address/area, phone number, map coordinates, listing URL, and other fields returned by third-party sources). Some of this may include personal data (e.g., sole traders or named contact points) depending on the source and listing content.

4. How we use personal data (purposes)

We use personal data to:

Provide and operate the Services (account access, workspace functionality, client portal, exports).
Process subscriptions and manage billing (invoicing, payments, fraud prevention).
Provide customer support and respond to requests.
Improve and secure the Services (analytics, troubleshooting, abuse detection, security monitoring).
Communicate service-related messages (security notices, product updates, policy changes).
Comply with legal obligations and respond to lawful requests.

If we send marketing emails to Users, we will do so only where permitted by applicable law and we will provide a clear opt-out mechanism.

5. Lawful bases

We rely on the following lawful bases, depending on context:

Contract (to provide the Services you request, including account administration and core features).
Legitimate interests (to secure, improve, and administer the Services, prevent fraud/abuse, and maintain service integrity), where those interests are not overridden by your rights.
Legal obligation (to meet tax/accounting and other legal requirements).
Consent (where required, such as certain cookies/technologies and certain marketing choices). You can withdraw consent at any time.

6. Cookies and similar technologies

We use cookies and similar technologies to operate and improve the Services.

Where required, we will:

Provide clear information about cookies and their purposes, and
Obtain user consent for non-essential cookies.

Cookie controls (if available) will be provided through our cookie banner or preference tools on the relevant website/application.

7. Sharing and disclosure

We may share personal data with:

Service providers (processors/subprocessors) that help us deliver the Services (e.g., hosting, databases, email delivery, analytics, support tooling).
Payment providers to process subscriptions and payments.
Professional advisers (legal, accounting, auditors) where necessary.
Authorities where required by law or to protect rights/safety.

We do not sell personal data.

Subprocessors: fernly.io/subprocessors

8. International transfers

If personal data is transferred outside the UK, we will use appropriate safeguards as required by applicable data protection law (for example, contractual protections where applicable).

9. Data retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.

Where we cannot specify exact periods, we use criteria such as:

the duration of the customer relationship,
legal/tax requirements,
dispute resolution needs, and
security and fraud-prevention requirements.

Typical retention approaches (to be implemented in line with product controls and legal obligations):

Account data: retained while the account is active; deleted or anonymised after account closure subject to legal requirements.
Workspace content (leads, contacts, files): retained until deleted by the Customer or account closure; backups retained for a limited period.
Logs/security events: retained for a limited period to support security and reliability.

10. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

No method of transmission or storage is completely secure; however, we maintain safeguards appropriate to the nature of the data and the risks involved.

11. Your rights

Depending on your circumstances, you may have rights including:

access, rectification, erasure, restriction, objection, and data portability. You also have the right to withdraw consent where consent is the basis for processing.

To exercise your rights, contact us at legal@fernly.io.

You may also have the right to lodge a complaint with the relevant supervisory authority (for UK users, the Information Commissioner's Office).

12. Customer content and client portal users

If you are a Customer and you upload/store personal data in your workspace, you are responsible for ensuring you have an appropriate lawful basis to do so and for providing notices to End Individuals where required.

If you are an End Individual (e.g., a contact within a Customer workspace), please direct privacy requests to the relevant Customer, as they control the data in that workspace. Where appropriate, we may assist Customers to fulfil such requests in accordance with our DPA.

DPA: fernly.io/dpa

13. Children

Our Services are not intended for children and we do not knowingly collect personal data from children.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date. Where required, we will provide additional notice.

15. Contact

For privacy questions or requests, contact: legal@fernly.io.

Privacy Policy

Last updated: 23 February 2026

For UK users, we process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are (Data Controller)

Controller: Fernly Digital Services
Contact email: legal@fernly.io

2. Scope

This Privacy Policy applies to:

Visitors to our website(s).
Users who create and use a Fernly account ("Customers" or "Users").
Individuals whose personal data is included in Customer content (e.g., leads, contacts, client portal users) ("End Individuals").

Our subprocessor list is available at fernly.io/subprocessors.

3. Personal data we collect

3.1 Data you provide to us

We may collect:

Account data: name, email, password hash, organisation/workspace details, role/permissions.
Billing data: billing contact details, subscription status, invoices/receipts (payment details are processed by our payment provider).
Support data: messages and attachments you send to support.
Client portal data: if you invite clients, we may process their name, email, and project-related updates/files.

3.2 Data we collect automatically

We may collect:

Usage data: pages/screens viewed, features used, timestamps, events, and diagnostic logs.
Device and technical data: IP address, browser type, device identifiers, operating system, language, approximate location derived from IP.

3.3 Lead discovery / enrichment data

If you use lead discovery or enrichment features, we may process:

4. How we use personal data (purposes)

We use personal data to:

Provide and operate the Services (account access, workspace functionality, client portal, exports).
Process subscriptions and manage billing (invoicing, payments, fraud prevention).
Provide customer support and respond to requests.
Improve and secure the Services (analytics, troubleshooting, abuse detection, security monitoring).
Communicate service-related messages (security notices, product updates, policy changes).
Comply with legal obligations and respond to lawful requests.

If we send marketing emails to Users, we will do so only where permitted by applicable law and we will provide a clear opt-out mechanism.

5. Lawful bases

We rely on the following lawful bases, depending on context:

Contract (to provide the Services you request, including account administration and core features).
Legitimate interests (to secure, improve, and administer the Services, prevent fraud/abuse, and maintain service integrity), where those interests are not overridden by your rights.
Legal obligation (to meet tax/accounting and other legal requirements).
Consent (where required, such as certain cookies/technologies and certain marketing choices). You can withdraw consent at any time.

6. Cookies and similar technologies

We use cookies and similar technologies to operate and improve the Services.

Where required, we will:

Provide clear information about cookies and their purposes, and
Obtain user consent for non-essential cookies.

Cookie controls (if available) will be provided through our cookie banner or preference tools on the relevant website/application.

7. Sharing and disclosure

We may share personal data with:

Service providers (processors/subprocessors) that help us deliver the Services (e.g., hosting, databases, email delivery, analytics, support tooling).
Payment providers to process subscriptions and payments.
Professional advisers (legal, accounting, auditors) where necessary.
Authorities where required by law or to protect rights/safety.

We do not sell personal data.

Subprocessors: fernly.io/subprocessors

8. International transfers

If personal data is transferred outside the UK, we will use appropriate safeguards as required by applicable data protection law (for example, contractual protections where applicable).

9. Data retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.

Where we cannot specify exact periods, we use criteria such as:

the duration of the customer relationship,
legal/tax requirements,
dispute resolution needs, and
security and fraud-prevention requirements.

Typical retention approaches (to be implemented in line with product controls and legal obligations):

Account data: retained while the account is active; deleted or anonymised after account closure subject to legal requirements.
Workspace content (leads, contacts, files): retained until deleted by the Customer or account closure; backups retained for a limited period.
Logs/security events: retained for a limited period to support security and reliability.

10. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

No method of transmission or storage is completely secure; however, we maintain safeguards appropriate to the nature of the data and the risks involved.

11. Your rights

Depending on your circumstances, you may have rights including:

access, rectification, erasure, restriction, objection, and data portability. You also have the right to withdraw consent where consent is the basis for processing.

To exercise your rights, contact us at legal@fernly.io.

You may also have the right to lodge a complaint with the relevant supervisory authority (for UK users, the Information Commissioner's Office).

12. Customer content and client portal users

DPA: fernly.io/dpa

13. Children

Our Services are not intended for children and we do not knowingly collect personal data from children.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date. Where required, we will provide additional notice.

15. Contact

For privacy questions or requests, contact: legal@fernly.io.

Privacy Policy

Last updated: 23 February 2026

For UK users, we process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Who we are (Data Controller)

Controller: Fernly Digital Services
Contact email: legal@fernly.io

2. Scope

This Privacy Policy applies to:

Visitors to our website(s).
Users who create and use a Fernly account ("Customers" or "Users").
Individuals whose personal data is included in Customer content (e.g., leads, contacts, client portal users) ("End Individuals").

Our subprocessor list is available at fernly.io/subprocessors.

3. Personal data we collect

3.1 Data you provide to us

We may collect:

Account data: name, email, password hash, organisation/workspace details, role/permissions.
Billing data: billing contact details, subscription status, invoices/receipts (payment details are processed by our payment provider).
Support data: messages and attachments you send to support.
Client portal data: if you invite clients, we may process their name, email, and project-related updates/files.

3.2 Data we collect automatically

We may collect:

Usage data: pages/screens viewed, features used, timestamps, events, and diagnostic logs.
Device and technical data: IP address, browser type, device identifiers, operating system, language, approximate location derived from IP.

3.3 Lead discovery / enrichment data

If you use lead discovery or enrichment features, we may process:

4. How we use personal data (purposes)

We use personal data to:

Provide and operate the Services (account access, workspace functionality, client portal, exports).
Process subscriptions and manage billing (invoicing, payments, fraud prevention).
Provide customer support and respond to requests.
Improve and secure the Services (analytics, troubleshooting, abuse detection, security monitoring).
Communicate service-related messages (security notices, product updates, policy changes).
Comply with legal obligations and respond to lawful requests.

If we send marketing emails to Users, we will do so only where permitted by applicable law and we will provide a clear opt-out mechanism.

5. Lawful bases

We rely on the following lawful bases, depending on context:

Contract (to provide the Services you request, including account administration and core features).
Legitimate interests (to secure, improve, and administer the Services, prevent fraud/abuse, and maintain service integrity), where those interests are not overridden by your rights.
Legal obligation (to meet tax/accounting and other legal requirements).
Consent (where required, such as certain cookies/technologies and certain marketing choices). You can withdraw consent at any time.

6. Cookies and similar technologies

We use cookies and similar technologies to operate and improve the Services.

Where required, we will:

Provide clear information about cookies and their purposes, and
Obtain user consent for non-essential cookies.

Cookie controls (if available) will be provided through our cookie banner or preference tools on the relevant website/application.

7. Sharing and disclosure

We may share personal data with:

Service providers (processors/subprocessors) that help us deliver the Services (e.g., hosting, databases, email delivery, analytics, support tooling).
Payment providers to process subscriptions and payments.
Professional advisers (legal, accounting, auditors) where necessary.
Authorities where required by law or to protect rights/safety.

We do not sell personal data.

Subprocessors: fernly.io/subprocessors

8. International transfers

If personal data is transferred outside the UK, we will use appropriate safeguards as required by applicable data protection law (for example, contractual protections where applicable).

9. Data retention

We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.

Where we cannot specify exact periods, we use criteria such as:

the duration of the customer relationship,
legal/tax requirements,
dispute resolution needs, and
security and fraud-prevention requirements.

Typical retention approaches (to be implemented in line with product controls and legal obligations):

Account data: retained while the account is active; deleted or anonymised after account closure subject to legal requirements.
Workspace content (leads, contacts, files): retained until deleted by the Customer or account closure; backups retained for a limited period.
Logs/security events: retained for a limited period to support security and reliability.

10. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

No method of transmission or storage is completely secure; however, we maintain safeguards appropriate to the nature of the data and the risks involved.

11. Your rights

Depending on your circumstances, you may have rights including:

access, rectification, erasure, restriction, objection, and data portability. You also have the right to withdraw consent where consent is the basis for processing.

To exercise your rights, contact us at legal@fernly.io.

You may also have the right to lodge a complaint with the relevant supervisory authority (for UK users, the Information Commissioner's Office).

12. Customer content and client portal users

DPA: fernly.io/dpa

13. Children

Our Services are not intended for children and we do not knowingly collect personal data from children.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the "Last updated" date. Where required, we will provide additional notice.

15. Contact

For privacy questions or requests, contact: legal@fernly.io.