Privacy Policy for Fibbler
Last Updated: October 2025
Information about us
“Fibbler”, “we“, “our“ or “us“ means Fibbler AB are committed to protecting and respecting your privacy. This “Privacy Policy” sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our “Website” www.fibbler.co you are accepting and consenting to the terms in this Privacy Policy. For the purpose of the Data Protection Act 1998 (the Act), the “Data Controller” is Fibbler AB, Kävlinge, Sweden, which is registered with the Swedish companies registration office (Org nr 559476-3491). If you have any questions about this Privacy Policy or our privacy practices, please contact us.
Contact information to responsible Fibbler party: legal@fibbler.co
Information Collection
When you register with Fibbler, we collect the following personal data:
- Name
- Email address
- Company name
This information is essential for the use of our product and services.
Important: Fibbler does not process personal data (PII) as part of its core product on behalf of our customers. The primary personal data we handle is account-related information such as email addresses, which are used to create and manage Fibbler accounts. We do not process CRM contacts, LinkedIn messages, or sensitive personal information as part of the core product.
Use of Information
The personal data collected is used for the following purposes:
- To enable full use of our product.
- For marketing purposes, such as sending newsletters, if you opt-in to receive them.
Data Sharing and Disclosure
In order to provide our services effectively, Fibbler shares your personal data with specific third parties:
- Email Marketing Services: For communication purposes, we will send you emails related to essential service notifications and account updates immediately upon signup. Additionally, you will receive our newsletter and other marketing communications, from which you may opt-out at any time if you choose not to receive them.
- Payment Processing Services: To facilitate transactions and manage payment-related processes.
We ensure that these partners adhere to strict data protection and confidentiality standards, and we share only the necessary information required to perform these services.
Service-specific Data Processors
Fibbler uses the following sub-processors to deliver our services. Customer and application data related to the core product is processed exclusively within the European Economic Area (EEA), unless otherwise stated below.
| Sub-processor | Location | Purpose | Data Processed |
|---|---|---|---|
| Google Cloud (Cloud Run, Cloud SQL) | Belgium region (EU) (SOC 2, ISO 27001) | Primary infrastructure and database hosting | Application data, LinkedIn ads data |
| Fly.io | EU region (SOC 2 Type 2 certified) | Application hosting and server infrastructure | Processes application requests and scheduled jobs |
| Redis | EU-hosted | Caching layer | Temporary session and cache data |
| Sentry | EU-hosted | Error monitoring and logging | Error logs and performance metrics (no customer PII) |
| Resend | EU-hosted | Transactional email delivery | Email addresses for account notifications only |
| HubSpot | EU data hosting | Marketing emails, announcements, updates | Contact email for company communications only |
| Stripe | EU operations | Payment processing | Billing metadata only; no customer PII or data shared |
| Datafa.st | International (non-EU/EEA) – Data processor | Website analytics and revenue attribution | Cookies, IP addresses, and pseudonymous website usage data |
Note: LinkedIn Insights (analytics) is used only on our marketing website (fibbler.co) for visitor analytics. It is not present on the Fibbler application (app.fibbler.co) and does not process any customer or application data.
All sub-processors are subject to strict security terms and GDPR compliance requirements. We continuously monitor our sub-processors to ensure they maintain appropriate security standards and, where applicable, appropriate safeguards for international data transfers in accordance with GDPR.
Data Storage and Caching
All customer and application data related to Fibbler's core product is hosted in the EU on Google Cloud's infrastructure, which operates in European regions. Our application services run on both Google Cloud and Fly.io, ensuring high availability and performance. No customer or application data from the core product is processed outside the EU.
For the purpose of improving user experience and optimizing performance, certain data may be temporarily stored in cache and encrypted on servers located within the European Union. The caching duration varies based on the type of data:
- Session data and temporary user preferences: 2 hours
- Static content and frequently accessed resources: up to 7 days
We store LinkedIn ads data in our database to improve performance and enable advanced analytics features. For customers using HubSpot CRM sync features, we also store company ID and domain information to improve performance and enable faster data matching. Other CRM data is still fetched in real time via API calls when you actively filter for it in the app.
Additionally, when users choose to share content with others, this shared data is stored in our database for a period of 7 days. This is separate from our caching system and applies specifically to user-shared content that has been explicitly designated for sharing with other users.
All stored data is encrypted at rest using AES-256 encryption before being stored in the database, ensuring that even if the database is compromised, the data remains secure. This combined approach of caching and database storage is designed to enhance website performance, reduce server load, and improve loading times while maintaining data security and privacy. Users retain full control over what content they choose to share and for how long.
Use of Aggregated and Anonymized Data
In addition to the handling of personal data described in this policy, Fibbler may use aggregated and anonymized company-level data (for example, advertising performance metrics and opportunity data) to generate industry benchmarks, trends reports, and similar insights. This data is processed in a way that ensures no individual or company can be identified.
Database Security & Access Controls
Our database infrastructure is protected by multiple layers of security:
- Database access is restricted to whitelisted IP addresses only
- All database connections are encrypted using TLS
- Database accounts have minimal required permissions
- Regular security updates and patches are applied
- Database access is logged and monitored in real-time
- Backup data is encrypted and stored separately
Only authorized personnel with specific business needs can access the database, and all access is logged and audited regularly.
Our Security Measures
We apply technical and organizational measures to protect your account and integrations, including:
- Encrypted data transfer (TLS)
- Database access restricted to whitelisted IP addresses only
- Real-time monitoring and alerting
- Access controls and internal audit logging
- Dependency scanning and vulnerability alerts
- Annual third-party security audits (Aikido)
We are not yet SOC 2 or ISO 27001 certified. However, we have completed an external security audit by Aikido Security and run real-time monitoring and alerts across all infrastructure and code.
International Data Transfers
Customer and application data related to Fibbler's core product is processed exclusively within the EU.
Consent-based website analytics data (such as cookies and IP addresses collected on fibbler.co) may be processed by third-party providers outside the EU/EEA under appropriate safeguards, including Standard Contractual Clauses, in accordance with GDPR.
User Rights
As a user of Fibbler, you have the right to edit your personal information, including:
- Name
- Email address
- Password
- Two-factor authentication (2FA) settings
- Company details
Cookies and Tracking Technologies
Fibbler uses cookies and similar tracking technologies to enhance your experience on our website. Specifically, we use the LinkedIn Insights Tag to help us understand the effectiveness of our advertising campaigns and to provide you with relevant advertising.
You have the option to accept or decline cookies. If you choose to accept cookies, the LinkedIn Insights Tag will be activated, and it may collect information such as your IP address, page views, and other browsing data. This information is used to improve our services and tailor our marketing efforts.
If you do not wish to have cookies set on your device, you can adjust your browser settings to refuse cookies or indicate when a cookie is being sent. Please note that if you disable cookies, some features of our website may not function properly.
Additional analytics and attribution tools may be used on our marketing website (fibbler.co) only after explicit user consent and are not present on the Fibbler application (app.fibbler.co).
Website analytics and attribution
After a visitor has provided explicit consent via our cookie banner, we use analytics and attribution tools to understand how visitors interact with our website and how marketing efforts lead to signups and revenue.
This includes the use of cookies and IP-based information to track website activity and attribute conversions. We use Datafa.st as a data processor to provide website analytics and attribution services on our behalf.
The data collected is used solely for analytics and attribution purposes, including linking website visits to account creation and subscription events processed via Stripe. We do not sell this data to third parties. No tracking takes place before consent is given.
The processing of this data is based on user consent in accordance with Article 6(1)(a) of the GDPR and our legitimate interest in improving our website, product, and marketing performance. Datafa.st processes personal data under a Data Processing Agreement in accordance with Article 28 of the GDPR.
Children's Privacy
Fibbler does not specify a minimum age for its users. However, we encourage parents and guardians to take an active role in their children's online activities.
Data Processing Agreements and Non-Disclosure Agreements
Most companies don't need extra paperwork to use Fibbler. But we understand that larger organizations may have vendor vetting, legal, or procurement requirements.
We now offer:
- A standard Data Processing Agreement (DPA) aligned with GDPR
- A Mutual Non-Disclosure Agreement (NDA) for vendor evaluation
These documents are available upon request. Just email support@fibbler.co and we'll be happy to help.
Changes to the Privacy Policy
Fibbler reserves the right to update this Privacy Policy periodically, and the latest version will always be available on the Fibbler website. When significant changes occur, we will endeavor to notify you via email to the address linked with your account, if appropriate. We encourage you to regularly review this policy for any modifications or updates. By continuing to use the Services after being informed of any amendments taking effect, you consent to the updated Privacy Policy. Should you disagree with the changes made to the Privacy Policy, you are advised to cease using the Services immediately.
Contact Information
For any privacy-related inquiries or concerns, please contact us at support@fibbler.co.