Privacy Policy

Our Commitment

At Fontana, protecting your privacy is our top priority. We are committed to protecting your personal information and will never sell or trade your data to third parties.

1. Information We Collect

We collect information to provide and improve our engineering calculation services. The types of information we collect include:

Personal Information

• Email address
• First name and last name
• Account credentials
• Professional information (company, role)

Usage Data

• IP address and device information
• Browser type and version
• Pages visited and time spent
• Engineering calculations performed
• Documents uploaded and processed

Technical Data

• Cookies and similar tracking technologies
• Session data and preferences
• Error logs and performance metrics

Engineering Content

• Uploaded engineering documents and standards
• Calculation inputs and results
• Notes and annotations
• Custom spreadsheet configurations

2. How We Use Your Information

We use your information solely to deliver and improve our engineering calculation platform:

Service Provision

• Perform OCR on uploaded technical documents
• Generate vector embeddings for intelligent search
• Maintain your calculation history and preferences

Service Improvement

• Analyse usage patterns to enhance features
• Debug technical issues and improve performance
• Develop new engineering calculation tools
• Train and improve our AI models (anonymised data only)

Communication

• Send service updates and security alerts
• Respond to support requests
• Notify about changes to terms or policies
• Share relevant engineering resources (with consent)

Legal and Safety

• Comply with legal obligations
• Prevent fraud and abuse
• Protect intellectual property rights
• Ensure platform security and stability

3. Data Protection

We implement industry-standard security measures to protect your information:

Technical Safeguards

• 256-bit SSL/TLS encryption for data transmission
• Encrypted storage for sensitive information
• Regular security audits and penetration testing
• Multi-factor authentication available

Access Controls

• Role-based access restrictions
• Regular review of access permissions
• Employee confidentiality agreements

Infrastructure Security

• Secure cloud hosting (AWS/GCP compliant)
• Regular automated backups

Third-Party Services

We use trusted services that maintain their own security standards:

• Supabase (database and authentication)
• Pinecone (vector search)
• Google Cloud (document processing)
• Anthropic/OpenAI (AI models with data processing agreements)

4. Data Sharing Prohibition

We Never

• Sell your personal data to third parties
• Share your engineering calculations without consent
• Use your data for advertising purposes
• Allow unauthorised access to your documents

Limited Sharing

We only share data when:

• You explicitly request or consent
• Required by law or legal process
• Necessary to prevent imminent harm
• Processing through secure service providers (under strict agreements)

All service providers are contractually bound to:

• Use data only for specified purposes
• Maintain equivalent security standards
• Delete data upon contract termination
• Comply with applicable privacy laws

5. Your Rights

You have complete control over your personal information:

Access Rights

• Request a copy of all your personal data
• View processing activities and purposes
• Obtain information about data recipients
• Export data in machine-readable format

Control Rights

• Update or correct inaccurate information
• Delete your account and associated data
• Restrict processing of your information
• Object to specific uses of your data

Communication Preferences

• Opt-out of marketing communications
• Manage notification settings
• Control cookie preferences
• Withdraw consent at any time

How to Exercise Rights

• Through account settings dashboard
• Email: gabriel@fontana.app
• Response within 30 days guaranteed

6. Data Retention

We retain data only as long as necessary for legitimate purposes:

Active Accounts

• Personal data: Duration of account plus 30 days
• Usage logs: 90 days rolling window
• Engineering calculations: Indefinitely (unless deleted by user)
• Communication records: 2 years

Deleted Accounts

• Immediate removal from active systems
• Backup deletion within 30 days
• Anonymised aggregated data may be retained
• Legal hold exceptions apply

Document Retention

• Uploaded documents: User-controlled deletion
• Generated reports: 1 year unless saved
• Temporary processing files: 24 hours
• Cached search results: 7 days

7. Legal Compliance

Jurisdictional Compliance

• Australian Privacy Act 1988
• GDPR for European users
• Industry-specific engineering standards
• Cross-border data transfer agreements

Lawful Basis for Processing

• Contract performance (service delivery)
• Legitimate interests (security, improvement)
• Legal obligations (tax, regulatory)
• Consent (marketing, optional features)

Data Breach Protocol

• Detection and containment within 24 hours
• User notification within 72 hours
• Regulatory reporting as required
• Remediation and prevention measures

International Transfers

• Standard contractual clauses in place
• Adequacy decisions where applicable
• Encryption for all transfers
• Data localisation options available

8. Additional Protections

Children's Privacy

• Service not intended for users under 16
• No knowing collection from minors
• Immediate deletion upon age discovery

Cookies and Tracking

• Essential cookies only by default
• Optional analytics with consent
• No third-party advertising cookies
• Cookie preferences manageable anytime

Automated Decision-Making

• AI assists but doesn't make final decisions
• Human review available on request
• Transparent about AI involvement
• Right to opt-out of automation

Data Minimisation

• Collect only necessary information
• Regular review and deletion
• Anonymous options where possible
• Clear purpose for each data point

9. Contact Information

Data Protection Officer

Gabriel Garayalde

Email: gabriel@fontana.app

Address: 8 Bligh Place, Randwick NSW 2031, Australia

Response Times

• General inquiries: 3 business days
• Rights requests: 30 days maximum
• Urgent security issues: 24 hours

Complaint Process

If you're unsatisfied with our response:

1. File formal complaint with our DPO
2. Contact the Office of the Australian Information Commissioner
3. Seek legal remedies as provided by law