Privacy Policy for Fibbler

Information Collection

When you register with Fibbler, we collect the following personal data:

• Name
• Email address
• Company name

This information is essential for the use of our product and services.

Important: Fibbler does not process personal data (PII) as part of its core LinkedIn Ads product. The primary personal data we handle is account-related information such as email addresses, which are used to create and manage Fibbler accounts. We do not process CRM contacts, LinkedIn messages, or sensitive personal information as part of the core product. For customers using the Google Ads attribution add-on, IP addresses of website visitors are processed by our partner Dealfront (Leadfeeder) for the purpose of B2B company identification — see the Google Ads Attribution section below for full details.

Use of Information

The personal data collected is used for the following purposes:

• To enable full use of our product and deliver the services you signed up for (Art. 6(1)(b) GDPR — contract performance).
• For marketing purposes, such as sending newsletters, if you opt-in to receive them (Art. 6(1)(a) GDPR — consent).

Google Ads Attribution and Website Visitor Identification

Fibbler's Google Ads attribution feature is an optional paid add-on to our core LinkedIn Ads product. For customers using this add-on, Fibbler works in partnership with Dealfront (Dealfront Finland Oy, operating the Leadfeeder product) to identify which companies are visiting your website after engaging with your Google Ads campaigns.

This feature requires the installation of the Dealfront (Leadfeeder) tracking script on your website. When active, the following data is collected from your website visitors:

• IP address of the visitor (used to identify the visiting company)
• Visitor behavior (pages visited, time and date of visit, duration of visit)
• Source and medium (including UTM parameters, if applicable)
• First-party cookies (if enabled) to recognize returning visitors

The IP address is matched against a database of known companies to enrich it with associated business information such as company name and industry. This processing is limited to business-to-business (B2B) identification and does not identify individual persons.

Additionally, Fibbler connects to your Google Ads account via API to retrieve campaign performance data such as clicks, impressions, spend, keywords, and campaign metadata. This is aggregated performance data; no individual user data from Google Ads is processed.

With respect to the personal data processed through the Dealfront tracking script, the customer acts as the Data Controller and Dealfront acts as the Data Processor. Fibbler has concluded a Data Processing Agreement with Dealfront to ensure compliance with applicable data protection standards.

Whenever website traffic data is processed as part of this feature, this processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in optimizing products, services, sales, and marketing. Website visitors may prevent this processing by installing appropriate ad-blockers or no-script plugins in their browser. Where cookies are used as part of this feature, consent is obtained via the customer's cookie consent mechanism in accordance with Art. 6(1)(a) GDPR.

Google Ads campaign performance data and Leadfeeder-derived company identification data is stored for as long as the customer maintains an active Fibbler subscription. Upon account cancellation or termination, this data will be deleted as soon as it is no longer required for its intended purposes. Statutory retention obligations may lead to longer retention periods.

The tracking script does not use third-party cookies. It is the customer's responsibility to implement appropriate cookie consent mechanisms on their website when using this feature.

Data Sharing and Disclosure

In order to provide our services effectively, Fibbler shares your personal data with specific third parties:

• Email Marketing Services: For communication purposes, we will send you emails related to essential service notifications and account updates immediately upon signup. Additionally, you will receive our newsletter and other marketing communications, from which you may opt-out at any time if you choose not to receive them.
• Payment Processing Services: To facilitate transactions and manage payment-related processes.

We ensure that these partners adhere to strict data protection and confidentiality standards, and we share only the necessary information required to perform these services.

Service-specific Data Processors

Fibbler uses the following sub-processors to deliver our services. Customer and application data related to the core product is processed exclusively within the European Economic Area (EEA), unless otherwise stated below.

Note: LinkedIn Insights (analytics) is used only on our marketing website (fibbler.co) for visitor analytics. It is not present on the Fibbler application (app.fibbler.co) and does not process any customer or application data.

All sub-processors are subject to strict security terms and GDPR compliance requirements. We continuously monitor our sub-processors to ensure they maintain appropriate security standards and, where applicable, appropriate safeguards for international data transfers in accordance with GDPR.

Cookies and Website Analytics

Our marketing website (fibbler.co) uses cookies and similar tracking technologies. No tracking takes place before you give consent via our cookie banner. The Fibbler application (app.fibbler.co) does not use any tracking cookies.

When you accept cookies, the following may be activated:

• LinkedIn Insights Tag — helps us understand the effectiveness of our advertising campaigns. It may collect your IP address, page views, and other browsing data.
• Leadfeeder (Dealfront) — identifies which companies are visiting our website by matching IP addresses against a database of known businesses. This is limited to company-level identification and does not identify individual persons.
• Datafa.st — provides website analytics and attribution services, including linking website visits to account creation and subscription events.

The data collected is used solely to improve our services and marketing. We do not sell this data to third parties.

The processing of this data is based on your consent in accordance with Article 6(1)(a) of the GDPR. Datafa.st processes personal data under a Data Processing Agreement in accordance with Article 28 of the GDPR.

If you do not wish to have cookies set on your device, you can adjust your browser settings to refuse cookies or indicate when a cookie is being sent. Please note that if you disable cookies, some features of our website may not function properly.

Data Storage and Caching

All customer and application data related to Fibbler's core product is hosted in the EU on Google Cloud's infrastructure, which operates in European regions. Our application services run on both Google Cloud and Fly.io, ensuring high availability and performance. No customer or application data from the core product is processed outside the EU.

For the purpose of improving user experience and optimizing performance, certain data may be temporarily stored in cache and encrypted on servers located within the European Union. The caching duration varies based on the type of data:

• Session data and temporary user preferences: 2 hours
• Static content and frequently accessed resources: up to 7 days

We store LinkedIn ads data and Google Ads campaign data in our database to improve performance and enable advanced analytics features. For customers using HubSpot CRM sync features, we also store company ID and domain information to improve performance and enable faster data matching. Other CRM data is still fetched in real time via API calls when you actively filter for it in the app.

Additionally, when users choose to share content with others, this shared data is stored in our database for a period of 7 days. This is separate from our caching system and applies specifically to user-shared content that has been explicitly designated for sharing with other users.

All stored data is encrypted at rest using AES-256 encryption before being stored in the database, ensuring that even if the database is compromised, the data remains secure.

Use of Aggregated and Anonymized Data

In addition to the handling of personal data described in this policy, Fibbler may use aggregated and anonymized company-level data (for example, advertising performance metrics and opportunity data) to generate industry benchmarks, trends reports, and similar insights. This data is processed in a way that ensures no individual or company can be identified.

International Data Transfers

Customer and application data related to Fibbler's core product is processed exclusively within the EU.

Consent-based website analytics data (such as cookies and IP addresses collected on fibbler.co) may be processed by third-party providers outside the EU/EEA under appropriate safeguards, including Standard Contractual Clauses, in accordance with GDPR.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete data. You can update your name, email, password, 2FA settings, and company details directly in the app
• Erasure — request deletion of your personal data
• Data portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at support@fibbler.co. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. For Sweden, this is Integritetsskyddsmyndigheten (IMY) at www.imy.se.

Children's Privacy

Fibbler is a business-to-business (B2B) service and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@fibbler.co so we can take appropriate action.

Data Processing Agreements and Non-Disclosure Agreements

Most companies don't need extra paperwork to use Fibbler. But we understand that larger organizations may have vendor vetting, legal, or procurement requirements.

We now offer:

• A standard Data Processing Agreement (DPA) aligned with GDPR
• A Mutual Non-Disclosure Agreement (NDA) for vendor evaluation

These documents are available upon request. Just email support@fibbler.co and we'll be happy to help.

Changes to the Privacy Policy

Fibbler reserves the right to update this Privacy Policy periodically, and the latest version will always be available on the Fibbler website. When significant changes occur, we will endeavor to notify you via email to the address linked with your account, if appropriate. We encourage you to regularly review this policy for any modifications or updates. By continuing to use the Services after being informed of any amendments taking effect, you consent to the updated Privacy Policy. Should you disagree with the changes made to the Privacy Policy, you are advised to cease using the Services immediately.

Contact Information

For any privacy-related inquiries or concerns, please contact us at support@fibbler.co.