FactGrid // PRIVACY_POLICY

This Privacy Policy governs data handling practices for FactGrid (https://factgrid.org), an independent structured data archive publishing verified B2B SaaS operational data under the CC BY 4.0 license.

FactGrid is engineered to minimize data collection to the absolute technical minimum required for infrastructure security. This document outlines what data is — and is not — collected, processed, or retained.

FactGrid collects zero personally identifiable information (PII) from visitors, researchers, or API consumers. Specifically:

• No User Accounts No registration, login, authentication, or session management exists. There are no user profiles, passwords, or credentials of any kind.
• No Payment Data FactGrid does not sell products, accept payments, or process financial information. No payment processors or billing integrations are present.
• No Contact Forms No forms collect personal data. The site is strictly read-only. Inquiries are handled exclusively via email.
• No Cookies (PII) No authentication cookies, preference cookies, or marketing/tracking cookies are set. No cookie consent banner is required because no consent-requiring cookies exist.

FactGrid does not deploy third-party analytics platforms (Google Analytics, Mixpanel, Amplitude, etc.), advertising SDKs, social media pixels, or cross-site tracking mechanisms of any kind.

Any observational telemetry used for infrastructure monitoring is strictly anonymous, aggregated, and privacy-preserving. No individual user sessions are reconstructed, fingerprinted, or identifiable. No data is shared with third parties for profiling, advertising, or behavioral analysis.

• No cross-site tracking scripts
• No marketing or retargeting cookies
• No third-party embeds (iframes, social widgets, CDN-served tracking beacons)
• No browser fingerprinting or device identification

FactGrid infrastructure (Cloudflare Pages and edge Workers) may temporarily process IP addresses in server-side logs. These logs exist solely for the following operational purposes:

• Rate limiting: Enforcing API request quotas to prevent abuse.
• Security: Detecting and mitigating DDoS attacks, malicious scraping, and unauthorized access attempts.
• API integrity: Monitoring endpoint health and response validity.

IP addresses in edge logs are automatically rotated and anonymized by the infrastructure provider (Cloudflare) per their standard data retention policy. FactGrid does not separately store, index, or analyze IP data.

FactGrid fully respects data subject rights under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). However, since FactGrid collects no personally identifiable information, standard data access, export, rectification, and deletion requests are technically null — there is no personal data to access, export, or delete.

If you believe FactGrid holds any data pertaining to you, or if you have a privacy inquiry of any kind, contact legal@factgrid.org. All inquiries will receive a response within 30 calendar days.

FactGrid relies on the following third-party infrastructure providers. No personal data is shared with these providers beyond standard HTTP request metadata processed at the network edge:

• Cloudflare, Inc. — Edge hosting, CDN, DDoS mitigation, DNS. Subject to Cloudflare Privacy Policy.
• Supabase, Inc. — PostgreSQL database service (server-side only; no client-side connection). Subject to Supabase Privacy Policy.

Neither provider receives PII from FactGrid's application layer. User browsers never connect directly to Supabase; all database queries execute server-side at build time or within edge Workers.

This policy may be updated to reflect changes in infrastructure, legal requirements, or operational practices. Material changes will be noted in the "Last updated" timestamp at the top of this document. Continued use of the DATA_ARCHIVE after a policy update constitutes acceptance.

Document ref: FG-PRIVACY-1.0 — FactGrid — Effective April 8, 2026