SNK Software Consulting LLC, doing business as Fctr Identity ("Fctr," "we," "our," or "us"), provides an identity-operations platform for helpdesk and IT support workflows. This Privacy Policy applies to fctr.io, related public web pages, Fctr's business operations, and personal information processed in connection with the Fctr Identity Platform. For customer-controlled product data, the customer generally acts as the business or controller and Fctr acts as its service provider or processor under the applicable agreement.
1. Scope
This policy covers information processed when you visit our website, request information, communicate with us, or use the Fctr Identity Platform through an organization. It does not govern the privacy practices of Microsoft, Okta, an employer, or another third party that independently determines how it processes personal data.
2. Information we collect
Information you provide
- Business contact information, such as your name, work email address, organization, and the content of an inquiry.
- Account, onboarding, support, contracting, and billing information provided by an authorized customer representative.
- Security reports and related communications you submit to us.
Website and service information
- Basic request and device information made available by browsers and hosting services, such as IP address, timestamp, requested page, browser type, and error information.
- Service usage and operational metadata needed to authenticate users, secure sessions, troubleshoot the service, prevent abuse, and maintain auditability.
Customer-controlled product data
Depending on customer configuration and the active workflow, Fctr may process workforce identifiers, directory attributes, account status, group or device context, enrolled factor metadata, verification results, and support-action records obtained from connected identity services.
3. How we use information
We use information to:
- provide, secure, operate, and support the website and Fctr Identity Platform;
- authenticate authorized users and maintain protected sessions;
- retrieve identity context, perform customer-directed verification, and execute authorized support workflows;
- create privacy-reviewed operational and audit records;
- respond to demo requests, support questions, security reports, and contractual inquiries;
- detect abuse, investigate errors, and improve service reliability; and
- meet legal, accounting, and contractual obligations.
We do not sell personal data or use product data for third-party advertising.
4. Product data handling
The Fctr verification product does not persist customer workforce PII. It retrieves identity context from customer-connected services when needed for an authorized workflow and does not maintain a separate workforce identity profile or shadow directory.
Credentials and secrets are excluded from approved logs. Fctr's logging and audit policy excludes provider access tokens, authorization headers, raw cookies, session identifiers, OTP values, generated recovery credentials, and identity documents.
Some product features require limited technical state or operational records, including protected session state, opaque workflow references, provider configuration, delivery status, security events, and PII-masked audit data. Microsoft Entra Verified ID workflows may also require time-limited transaction and callback state. These records support service delivery and auditability without creating a persistent customer workforce identity directory.
Separately, Fctr's business systems retain limited account, customer-contact, contracting, billing, support, security-reporting, and website information needed to operate the company. Those business records are not part of the workforce verification product.
SMS and email verification delivery
When a customer enables SMS or email delivery, Fctr and the configured delivery provider may process the destination, message status, and verification metadata necessary to deliver a transactional security message. This information is not used for promotional messaging.
6. Service providers & connected services
We engage providers only for functions needed to operate, secure, communicate about, or support the service. Current service categories may include:
| Provider or category | Purpose | When used |
|---|---|---|
| Google Cloud | Product hosting, managed data services, logging, and infrastructure security | Standard product delivery |
| DigitalOcean | Processing demo requests submitted through the public website | Website inquiry form |
| Infobip or another configured delivery provider | Transactional SMS or email delivery for supported verification workflows | Only when enabled by the customer |
Microsoft Entra ID, Microsoft Entra Verified ID, Okta, and customer-selected support systems are connected services used at the customer's direction. Their own privacy terms may also apply. A current customer-specific subprocessor disclosure may be provided through the contracting or security-review process.
8. Retention
Fctr retains information only for as long as reasonably necessary for the purposes described in this policy, the applicable customer agreement, configured service operation, and legal or accounting obligations. Retention varies by record type and deployment. Transient workflow state is short-lived; operational and audit records follow configured or contractual schedules; financial and contracting records may be retained longer where required.
When retention ends, information is deleted, anonymized, or allowed to expire using the applicable service controls. Backup and managed-service deletion may complete over an additional limited period.
9. Your U.S. privacy rights
Depending on the U.S. state law that applies, you may have rights to request access to or a copy of personal information, correction, deletion, or portability; to opt out of sale, sharing, or targeted advertising; to receive equal service when exercising a privacy right; and to appeal certain decisions. Fctr does not sell personal information or use customer product data for targeted advertising.
If your request concerns data controlled by your employer or another Fctr customer, please contact that organization first; we will assist the customer as required by our agreement and applicable law. To submit a request concerning data Fctr controls, email support@fctr.io. We may need to verify your identity and authority before acting on a request.
10. Security
We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure. For more information about our product security model, see the Security page.
11. Processing locations
Fctr is based in the United States and the standard Fctr Identity Platform is offered as a U.S. SaaS service. Fctr and its contracted providers may process business and service information in the United States and in other locations where those providers operate, subject to the applicable agreement and U.S. law.
12. Changes to this policy
We may update this policy to reflect changes in our services, practices, or legal obligations. We will post the revised policy at this URL and update the date above. Material changes may also be communicated through the service or directly to affected customers when appropriate.
13. Contact
606 Liberty Ave, Ste 300
Pittsburgh, PA 15222
support@fctr.io