Fctr

Legal / Privacy

Privacy Policy

This policy explains what Fctr Identity collects through our public website, business operations, and identity platform, how we use and protect that information, and the choices available under applicable U.S. privacy law.

Fctr IdentityLast updated July 2026

SNK Software Consulting LLC, doing business as Fctr Identity ("Fctr," "we," "our," or "us"), provides an identity-operations platform for helpdesk and IT support workflows. This Privacy Policy applies to fctr.io, related public web pages, Fctr's business operations, and personal information processed in connection with the Fctr Identity Platform. For customer-controlled product data, the customer generally acts as the business or controller and Fctr acts as its service provider or processor under the applicable agreement.

1. Scope

This policy covers information processed when you visit our website, request information, communicate with us, or use the Fctr Identity Platform through an organization. It does not govern the privacy practices of Microsoft, Okta, an employer, or another third party that independently determines how it processes personal data.

2. Information we collect

Information you provide

  • Business contact information, such as your name, work email address, organization, and the content of an inquiry.
  • Account, onboarding, support, contracting, and billing information provided by an authorized customer representative.
  • Security reports and related communications you submit to us.

Website and service information

  • Basic request and device information made available by browsers and hosting services, such as IP address, timestamp, requested page, browser type, and error information.
  • Service usage and operational metadata needed to authenticate users, secure sessions, troubleshoot the service, prevent abuse, and maintain auditability.

Customer-controlled product data

Depending on customer configuration and the active workflow, Fctr may process workforce identifiers, directory attributes, account status, group or device context, enrolled factor metadata, verification results, and support-action records obtained from connected identity services.

3. How we use information

We use information to:

  • provide, secure, operate, and support the website and Fctr Identity Platform;
  • authenticate authorized users and maintain protected sessions;
  • retrieve identity context, perform customer-directed verification, and execute authorized support workflows;
  • create privacy-reviewed operational and audit records;
  • respond to demo requests, support questions, security reports, and contractual inquiries;
  • detect abuse, investigate errors, and improve service reliability; and
  • meet legal, accounting, and contractual obligations.

We do not sell personal data or use product data for third-party advertising.

4. Product data handling

The Fctr verification product does not persist customer workforce PII. It retrieves identity context from customer-connected services when needed for an authorized workflow and does not maintain a separate workforce identity profile or shadow directory.

Credentials and secrets are excluded from approved logs. Fctr's logging and audit policy excludes provider access tokens, authorization headers, raw cookies, session identifiers, OTP values, generated recovery credentials, and identity documents.

Some product features require limited technical state or operational records, including protected session state, opaque workflow references, provider configuration, delivery status, security events, and PII-masked audit data. Microsoft Entra Verified ID workflows may also require time-limited transaction and callback state. These records support service delivery and auditability without creating a persistent customer workforce identity directory.

Separately, Fctr's business systems retain limited account, customer-contact, contracting, billing, support, security-reporting, and website information needed to operate the company. Those business records are not part of the workforce verification product.

SMS and email verification delivery

When a customer enables SMS or email delivery, Fctr and the configured delivery provider may process the destination, message status, and verification metadata necessary to deliver a transactional security message. This information is not used for promotional messaging.

5. Cookies & similar technologies

The public website does not currently use advertising cookies or third-party behavioral analytics. The product uses essential cookies and related browser storage needed for authentication, session protection, CSRF defense, and user-requested functionality. Disabling essential cookies may prevent the product from operating.

6. Service providers & connected services

We engage providers only for functions needed to operate, secure, communicate about, or support the service. Current service categories may include:

Provider or categoryPurposeWhen used
Google CloudProduct hosting, managed data services, logging, and infrastructure securityStandard product delivery
DigitalOceanProcessing demo requests submitted through the public websiteWebsite inquiry form
Infobip or another configured delivery providerTransactional SMS or email delivery for supported verification workflowsOnly when enabled by the customer

Microsoft Entra ID, Microsoft Entra Verified ID, Okta, and customer-selected support systems are connected services used at the customer's direction. Their own privacy terms may also apply. A current customer-specific subprocessor disclosure may be provided through the contracting or security-review process.

7. Disclosure of information

We may disclose information to service providers acting under contract, to a customer that controls the relevant product data, in connection with a corporate transaction, or when reasonably necessary to comply with law, protect rights and safety, prevent fraud, or secure the service. We do not disclose customer product data for independent marketing or advertising.

8. Retention

Fctr retains information only for as long as reasonably necessary for the purposes described in this policy, the applicable customer agreement, configured service operation, and legal or accounting obligations. Retention varies by record type and deployment. Transient workflow state is short-lived; operational and audit records follow configured or contractual schedules; financial and contracting records may be retained longer where required.

When retention ends, information is deleted, anonymized, or allowed to expire using the applicable service controls. Backup and managed-service deletion may complete over an additional limited period.

9. Your U.S. privacy rights

Depending on the U.S. state law that applies, you may have rights to request access to or a copy of personal information, correction, deletion, or portability; to opt out of sale, sharing, or targeted advertising; to receive equal service when exercising a privacy right; and to appeal certain decisions. Fctr does not sell personal information or use customer product data for targeted advertising.

If your request concerns data controlled by your employer or another Fctr customer, please contact that organization first; we will assist the customer as required by our agreement and applicable law. To submit a request concerning data Fctr controls, email support@fctr.io. We may need to verify your identity and authority before acting on a request.

10. Security

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure. For more information about our product security model, see the Security page.

11. Processing locations

Fctr is based in the United States and the standard Fctr Identity Platform is offered as a U.S. SaaS service. Fctr and its contracted providers may process business and service information in the United States and in other locations where those providers operate, subject to the applicable agreement and U.S. law.

12. Changes to this policy

We may update this policy to reflect changes in our services, practices, or legal obligations. We will post the revised policy at this URL and update the date above. Material changes may also be communicated through the service or directly to affected customers when appropriate.

13. Contact

SNK Software Consulting LLCd/b/a Fctr Identity
606 Liberty Ave, Ste 300
Pittsburgh, PA 15222
support@fctr.io