Privacy — docufi

Privacy Notice

Last Updated: December 15, 2023

FAI Enterprises, Inc. (FAI Enterprises) respects your privacy and know that you care about how we use and share your information. This notice describes how FAI Enterprises collects, shares, uses, and protects personal information in accordance with the requirements of privacy laws in the jurisdictions that we operate in, including but not limited to, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

By using this website and other websites that we operate (Our Site(s)) and where we post a direct link to this Privacy Notice, you are accepting and consenting to the practices described in this Privacy Notice.

Our Privacy Notice explains:

Personal Information we collect, and why we collect it.
How we use your Personal Information.
How we share your Personal Information.
- Sale or Sharing of Personal Information.
- Data transfers.
How we protect your Personal Information.
- FAI Enterprises Products.
How we monitor and enforce.
How long we keep your Personal Information.
Your Rights and Choices.
- California Consumer Rights and Choices.
Global Privacy Laws.
- New York SHIELD Act (New York).
- PIPEDA (Canada).
- Children's Online Privacy Protection Act (COPPA).
Recruitment.
Cookies and other technologies.
- Third Party Websites.
Changes to this Privacy Notice.
How to contact us.

Personal Information We Collect and Why We Collect

This is information about you that you provide to us by filling in forms on our Sites(s), participating at events organized or attended by FAI Enterprises, corresponding with us by phone, electronic mail or otherwise, or visiting our offices. It includes information that you provide when you register to use our Site(s), subscribe to our services, engage in social media functions on our Site(s) or other activities commonly carried out on the respective site, as well as when you report a problem with our Site(s).

Personal Information, also known as personally identifiable information (PII) or personal data, for purposes of this Privacy Notice (including other similar terms under applicable privacy laws), means any information that (i) directly and clearly identifies an individual, or (ii) can be used in combination with other information to identify an individual. Personal information does not include such information if it is anonymous or if it has been rendered de-identified by removing personal identifiers. We may automatically collect information such as:

Technical information including but not limited to the Internet Protocol (IP) address used to connect your computer to the Internet, source domain names, your login information, browser type and version, time zone setting, length of time spent on our Site(s), operating system, and platform.
Uniform Resource Locators (URL) including but are not limited to, specific web pages, clickstream to, through, and from our Site(s) including date and time, anything you viewed or searched for, page response times, download errors, length of visits to certain pages, and any phone number used to call our customer service number.

FAI Enterprises may also collect sensitive personal information (which may include information relating to medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the sex life of the individual, ideological views or activities, social security information, or administrative or criminal proceedings and sanctions) from you where it is appropriate or necessary for conducting business. FAI Enterprises limits its collection and use of personal information to the minimum identifiers that are necessary for performing the specific task related to the purpose for which the personal information is collected.

FAI Enterprises may also supplement the personal information we collect from you with information we receive from third parties, including our business partners, contractors, analytics, and other service providers.

Categories of Personal Information Collected by FAI Enterprises

Within the last twelve (12) months, we may have collected the following categories of personal information. This collection of data is reasonable and proportionate to the business, commercial, and regulatory activities of FAI Enterprises.

Category	Examples
Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name and login information, Social Security number, driver's license number, passport number, or other similar identifiers.
Personal information categories listed under applicable laws.	A name, signature, Social Security number, physical characteristics or description, address, telephone number, text messages, email, passport number, driver's license or state identification card number, insurance policy number, education, bank account number, credit card number, debit card number, or any similar information.
Protected classification characteristics under applicable laws.	Age, race, national origin, citizenship, religion, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, pregnancy, childbirth, and related medical conditions), sexual orientation, veteran, or military status.
Contractual information.	Information collected as part of the products and services we provide to you.
Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
Professional or employment-related information.	Current or past employment history or performance evaluations.

We obtain the categories of personal information listed above from the following categories of sources:

Directly from you or our clients. For example, when you contact us by telephone, e-mail, post, Site chatbot or by using any of our digital platforms, from forms you complete or products and services you purchase.
Indirectly from you. For example, from observing your actions on our Sites.

How We Use Your Personal Information

FAI Enterprises uses, stores, and processes the personal information we collect to:

Where relevant, operate and provide FAI Enterprises' products and services, including creating, maintaining, customizing, and securing your account with us.
Where relevant, register you as a customer.
Fulfil our obligations under a contract with you.
Provide you with information, products, and services which you request from us or similar products or services which you have already requested.
Follow up on our communication with you.
Create a record of our communication with you for quality purposes.
Process your requests, purchases, transactions, and payments.
Where appropriate, provide you with marketing communications for FAI Enterprises products and services, including personalized offers and content based on your interactions with us and usage of our products.
Enforce or apply the terms of any of our user agreements.
Provide testing, research, analysis, and product development, including developing and improving our Site(s), products, and services.
Provide technical support, respond to inquiries, investigate and address concerns, and monitor and improve our responses.
Maintain the safety, security, and integrity of our Site(s), rights, property, products and services, databases and other technology assets, and business of FAI Enterprises, FAI Enterprises' users, or others.
Cooperate with law enforcement requests and as required by applicable law, court orders, or governmental regulations.
Manage our everyday business needs, such as internal account management, client reporting, contract management, site administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance.
As described to you when collecting your personal information or sensitive personal information.
Any other basis that lawfully entitles us to process your personal information.

FAI Enterprises reserves the right to transfer and disclose your information if FAI Enterprises becomes involved in a business divestiture, change of control, sale, merger, or acquisition of all or a part of its business.

Certain privacy laws require that we inform you of the legal bases for our processing of your personal information. We process personal information for the following legal bases:

Consent: where you have given clear consent for us to process your personal information for a specific purpose.
Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
Legal obligation: where our use of your personal information is necessary for us to comply with the law.
Vital interests: where our use of your personal information is necessary to protect you or someone else's life.
Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party.

Please note that if you do not provide us with certain personal information, depending on the purposes for which we have collected it, we may not be able to provide the information, products, or services you have asked for or process your requests, applications, subscriptions or registrations, and may not be able to perform or discharge applicable legal obligations.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing notice. FAI Enterprises does not use or disclose sensitive personal Information for purposes other than those specified in this Notice or as permitted under applicable laws.

How We Share Your Personal Information

FAI Enterprises may have to share your personal information with entities and persons set out below, for the purposes listed herein:

Our affiliates, subsidiaries, vendors, consultants, and other service providers to perform the services on our behalf and to ensure the efficient operation of our business.
Where required, with professional advisors or consultants, including lawyers, banks, auditors, accountants, and insurers providing consultancy, legal, banking, audit, accounting, or insurance services to us; any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body.
Service providers who provide information technology and system administration services to us.

Categories of Personal Information Shared by FAI Enterprises

In the preceding twelve (12) months, FAI Enterprises has disclosed personal information for a business purpose to the following categories of third parties:

Category	Category of Third-Party Recipients
	Business Purpose Disclosures
Identifiers.	- Our affiliates, vendors, consultants, and other service providers. - Professional advisors or consultants.
California Customer Records personal information categories.	- Our affiliates, vendors, consultants, and other service providers. - Professional advisors or consultants.
Commercial information.	- Our affiliates, vendors, consultants, and other service providers. - Professional advisors or consultants.
Internet or other similar network activity.	- Our affiliates, vendors, consultants, and other service providers.
Professional or employment related information.	- Our affiliates, vendors, consultants, and other service providers.

FAI Enterprises may also share your personal information in connection with or during negotiations of any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company.

We may also share your personal information with our customers when they need access to such information to fulfill specific transactions related to services you requested. You may opt out of sharing your information with our customers for related services by sending an email to hello@docufi.ai. Upon receipt of your request to opt out of this information sharing, we will acknowledge your request and take appropriate measures in response.

We may also share your personal information if we determine that your actions are inconsistent with our user agreements or policies, or if we must protect the rights, property, and safety of FAI Enterprises or others in accordance with, or required by, any applicable law, regulation, or legal process.

Sale or Sharing of Personal Information

In the preceding twelve (12) months we have not "sold" personal information for the purposes of the CPRA. FAI Enterprises does not sell the personal information of its employees, contractors, customers, third parties, or any other affiliation to others.

FAI Enterprises does not sell or share personal information for cross-context behavioral advertising. FAI Enterprises will only disclose your personal information for advertising purposes through targeting or advertising cookies with your affirmative, opt in consent. For more information on cookies, please refer to our Cookie Notice.

We do not have actual knowledge that we sell or share personal information of minors under 16 years of age. FAI Enterprises does not conduct business directly with individual consumers. Our business relationships are business-to-business (B2B).

Data Transfers

As a global organization with legal entities and business processes in operation across borders, we cannot always limit the processing of personal information to the country in which an individual is based. In the course of providing our services, FAI Enterprises may need to transfer personal information to locations outside the jurisdiction in which our clients are located or where our Sites are viewed. We design processes to comply and ensure adequate safeguards for the transfer of personal information.

Data transfers between the U.S., EU, UK, and other countries will be done subject to compliance with applicable law and appropriate technical and organization safeguards. This includes onward transfers to third parties. FAI Enterprises requests our third parties to implement the necessary safeguards to protect personal information both in transit and at rest. FAI Enterprises transfers personal information to third parties only for limited and specified purposes.

How We Protect Your Personal Information

The security of your personal information is important to us. We use reasonable physical, electronic, and procedural safeguards to protect the personal information we collect from loss, theft, misuse, alteration and unauthorized access or destruction. In addition, we maintain appropriate physical, electronic, and procedural safeguards to protect your personal information, including:

Restricting access to personal information to our employees or service providers on a "need-to-know" basis.
Enforcing policies and procedures for our employees in their handling of personal information.
Using technologies designed to safeguard data during its transmission, such as SSL encryption for the information you provide on some parts of our Site(s) and using appropriate security to safeguard the data that we have received.

FAI Enterprises also employs industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.

There is, however, no method of transmission over the Internet, or method of electronic storage that can be 100% secure. Therefore, FAI Enterprises cannot guarantee the absolute security of your information. The Internet by its nature is a public forum, and FAI Enterprises encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.

FAI Enterprises Products

FAI Enterprises has a strong corporate commitment to data privacy. We commit to using data privacy principles and strategies to implement Privacy by Design and Default whenever possible within our applications, practices, and organization. FAI Enterprises incorporates various technologies into our applications to streamline data-gathering and reporting processes, protect and secure data, enhance user experience, and efficiently improve performance. Depending on the product(s) in scope, these technologies may include but are not limited to: artificial intelligence (AI) powered contract analysis software, automated data extraction, natural language processing technology combined with machine learning, the study of algorithms, tokenized redaction, proprietary pattern matching technology, redaction masking or anonymization to data files, single sign-on (SSO) access, built-in and customized exception and audit reporting, data integration, built-in safeguards to flag non-compliance requirements, streamlined features for safe real-time collaboration and accurate ﬁnancial reporting, AES 256-bit encryption at rest and in transit, multi factor authentication (MFA), robust role-based access control (RBAC), cloud-based workflow tools, in-app automated publishing capabilities, and Straight Through Processing (STP). These and other technologies continuously provide effective, robust, and innovative forward protections over FAI Enterprises' clients, employees, and stakeholders' personal information.

How We Monitor and Enforce

FAI Enterprises regularly reviews our compliance with our Privacy Notice. We also adhere to several self-regulatory frameworks in addition to complying with applicable laws. If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly.

How Long We Keep Your Personal Information

We will keep your personal information while you have an account with us, or we are providing products or services to you. Thereafter, we will keep your personal information for as long as is necessary to:

Respond to any questions, complaints or claims made by you or on your behalf.
Keep records required by applicable laws and regulations or FAI Enterprises' retention and deletion policies.

We will not retain your personal information for longer than necessary for the purposes set out in this Privacy Notice.

Your Rights and Choices

Under specific global privacy laws, individuals are afforded certain rights related to the handling and processing of their personal information. FAI Enterprises respects your rights and your exercising of these rights. FAI Enterprises will make reasonable efforts to comply with your requests, unless such requests are prohibited by law, or there is a legitimate business purpose to retain personal information. We reserve the right to verify your identity before complying with such requests.

You may have the right to access (as permitted under applicable law) and review the personal information stored by us to confirm its accuracy. If necessary, you may request that personal information is updated if it is inaccurate. You may also request that certain personal information be deleted from our files. You may be required to log into your account to exercise these rights or contact us at hello@docufi.ai.

Please direct any questions about your personal information to FAI Enterprises at hello@docufi.ai.

In accordance with this Privacy Notice, where we receive personal information directly from an individual to which such personal information relates, where applicable, we will offer the individual the opportunity to choose (opt-out) whether their personal information is (i) disclosed to a third party or (ii) used for a purpose that is materially different from the purpose it was originally collected or subsequently authorized by the individual. This will not apply to transfers of data to third parties performing tasks on our behalf – at our instruction.

Any individual who wishes to opt out can do so by contacting FAI Enterprises at the address provided below under the section of this Privacy Notice entitled "How to Contact Us."

In situations where we receive personal information pertaining to individuals directly from our clients (and not the individual to whom the personal information relates), we will cooperate with our clients' reasonable requests to:

Assist them in informing the impacted individuals about (i) the possibility that we may disclose such individuals' information to third parties and (ii) the individual's ability to opt out of such disclosures (except for disclosures to third parties performing tasks directly on our behalf and pursuant to our instructions).
Reasonably ensure that we process the information for purposes compatible with the purposes for which it was originally collected or subsequently authorized by the impacted individuals. After we have notified our clients, they will then inform us if any individuals have opted out of such disclosures.

In situations where FAI Enterprises processes "sensitive personal information", we will seek informed express consent (opt in) from individuals if such information is to be disclosed to a third-party (except for disclosures to third parties performing tasks directly on our behalf and pursuant to our instructions) or used for purposes that are materially different from the purpose it was originally collected or subsequently authorized by the individual.

California Consumer Rights and Choices

The California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA) provides California residents with specific rights regarding their personal and sensitive personal information. California residents have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months, including the Right to:

Know which categories of personal information are collected.
Know the categories of sources from which the personal information is collected.
Know if personal information is being sold or shared, and to whom.
Know the business or commercial purpose for collecting, selling, or sharing personal information.
Object to the sale of personal information.
Access one's own personal information.
Equal service and price, even for consumers who exercise their privacy rights.
Request deletion of personal information that we collected from you, subject to certain exceptions.
Correct inaccurate personal information.
Limit the use and disclosure of sensitive personal information.

The CCPA has extended these rights to be afforded to all employees who are residents of California. Under the CCPA, employees are defined as: full or part-time employees, independent contractors, and/or job applicants who are residents of California.

A Right to Know request may only be submitted twice within a 12-month period.

Exercising the Right to Deletion of personal information is subject to certain exceptions under CCPA.

FAI Enterprises is not required to delete personal information if it is still needed in order to complete the transaction for which the information was collected, provide a product or service requested by you (or that we reasonably anticipate based on our relationship with you), perform a contract with you, comply with legal obligations, or accomplish any other objective recognized as an exception to the right to deletion under CCPA.

Exercising Your Rights

FAI Enterprises will never charge you or discriminate against you for choosing to exercise your rights. FAI Enterprises will make reasonable efforts to comply with all consumer rights requests. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

An authorized agent can make a request on a California residents' behalf by providing a power of attorney valid under California law, or providing: (i) proof that the consumer authorized the agent to do so; (ii) verification of their own identity with respect to a right to know categories, right to know specific pieces of personal information, or requests to delete which are outlined above; and (iii) direct confirmation that the consumer provided the authorized agent permission to submit the request.

You may also make a verifiable consumer request on behalf of your minor child. FAI Enterprises reserves the right to verify your identity before any request to know, access, update, correct or delete your personal information is processed by us. The verifiable consumer request must provide sufficient information that allows FAI Enterprises to reasonably verify you are the person about whom we collected personal information or an authorized representative, as well as describe your request with sufficient detail that allows FAI Enterprises to properly understand, evaluate, and respond to it. We will verify your identity to a reasonable degree of certainty by matching the data points provided by you against information in our systems which are considered reasonably reliable for the purposes of verifying a consumer's identity.

The CCPA grants businesses 45 days to respond to a consumer rights request. An extension period of up to an additional 90 days is allowed.

All California Consumer Rights requests including deletion requests can be emailed directly to hello@docufi.ai.

Individuals who would like to opt-out of correspondence or modify their online communications preferences with FAI Enterprises, should contact FAI Enterprises at hello@docufi.ai.

This section does not address or apply to our handling of:

Publicly available information from government records.
Information excluded from the CCPA's scope, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), or the Gramm-Leach-Bliley Act (GLBA).
De-identified or aggregated consumer information. De-identified information is data that has had all personally identified information removed from it. Aggregated information is numerical or non-numerical information that is compiled into data summaries or summary reports for data statistics or public reporting.

Global Privacy Laws

New York SHIELD Act (New York). The New York Stop Hacks and Improve Electronic Data (SHIELD) Security Act applies to any person or business that owns or licenses computerized data which includes private information, regardless of corporate structure, revenues, or location. FAI Enterprises conducts business within New York (NY) state and has realigned its processes and procedures to adhere to the requirements established within the SHIELD Act to support the protection of New York residents' personal and private information.
PIPEDA (Canada). FAI Enterprises has controls in place to ensure that the privacy of personal information about an "identifiable individual" used in the course of "commercial activity" is protected and managed in such a manner which meets or exceeds the guidelines set out in Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation.
Children's Online Privacy Protection Act (COPPA). FAI Enterprises does not sell or offer its services and products to children. As such, our Site(s) are designed for adult user interaction. We do not intentionally collect personally identifiable information from children under the age of 13. If you are a parent or legal guardian of a minor under the age of 13 and believe that the minor has disclosed personal information to us, please contact us by following the "How to Contact Us" below.

Recruitment

When you apply for an employment opportunity at FAI Enterprises through our Careers site or through other third-party platforms, we may collect certain personal information from your job application or where applicable from your personal references (provided by you), your educational institute, or any other relevant professional body. This may include name, postal address, email address, phone number, details of your qualifications, job history, curriculum vitae, contact details of your references and any other personal information submitted along with your application.

FAI Enterprises processes your personal information as necessary for the purposes of fulfilling certain legal obligations related to recruitment, for example where employment law or other laws require the processing of your personal information. We may process personal information in reliance on our legitimate business interests in the selection, evaluation and appointment of new employees, and the management and administration of recruitment and HR processes. On occasion, legal grounds such as protection of your vital interests may also apply. For example, for health and safety reasons, if you attend an interview at one of our offices or in relation to agreements with employee representation groups, if applicable.

We retain the personal information that we obtain about you during the recruitment process for no longer than is necessary for the purposes for which it is processed. The duration for which we keep your information will depend on whether your application is successful, and whether you become employed by us, the nature of the information concerned, and the purposes for which it is processed.

Cookies and Other Technologies

When you visit our Site(s), we may automatically collect information such as your IP address, browser type and language, operating system, location, date, and time using cookies.

Third Party Websites

FAI Enterprises may post links to third party websites as a service to you. These third-party websites are operated by companies that are outside of our control and your activities at those third-party websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information, as we are not responsible for the privacy policies of those websites.

Changes to this Privacy Notice

FAI Enterprises reserves the right at its absolute discretion to change this Privacy Notice from time to time. If this Privacy Notice changes, the revised version will be posted at the "Privacy Notice" link on our Site's home page. In the event the change is significant we will revise the link on the home page to read "Newly Revised Privacy Notice." Please check the Privacy Notice frequently. Your continued use of our sites constitutes acceptance of such changes in the Privacy Notice, except where further steps are required by applicable law. This Privacy Notice was last updated on December 15, 2023.

How to Contact Us

If you have any questions regarding FAI Enterprises' privacy practices, the use of your personal information, or about this Privacy Notice, please contact us at: hello@docufi.ai