fastr logo
Request Demo

Service Privacy Notice

Last updated: March 4th, 2026.

Fastr.ai (“we,” “us,” or “our”), operated by itD, provides a private, closed-environment talent intelligence platform for enterprise customers (the “Enterprise Services”). 

This Enterprise Services Privacy Notice applies only to personal data we collect and process as a data controller in connection with the Enterprise Services. This includes limited data related to billing contacts, account administrators, support interactions, and similar administrative purposes. 

Important – Processor Role for Customer Data: For any customer data, candidate data, or other information uploaded, generated, integrated (e.g., via ATS), or processed within your private Enterprise environment, Fastr.ai acts solely as a data processor or service provider. That processing is governed exclusively by your Master Services Agreement (MSA) and the incorporated Data Processing Addendum (DPA). This Notice does not apply to that data. Please contact your organization’s Fastr.ai administrator or refer to your MSA/DPA for questions, rights requests, or details about processing in your environment. 

By using the Enterprise Services as an administrator, billing contact, or authorized user, you acknowledge and agree to the practices described in this Notice for our limited controller data. 

1. Information We Collect as Controller (Limited Scope) 

We collect only the following categories of personal data in our controller capacity: 

  • Contact and account administration data: Name, business email address, phone number, job title, company name (for billing, account setup, admin access, and support). 
  • Usage and security-related data: IP address, browser/device type, login timestamps, feature usage patterns (for security monitoring, performance, and service improvement). 
  • Payment-related data: Billing details (processed securely by third-party payment providers; we do not store full card information). 

We do not act as controller for candidate or talent data in your Enterprise environment. 

2. How We Use This Information 

We use the limited controller data solely to: 

  • Deliver, administer, secure, and improve the Enterprise Services (e.g., account management, support tickets, billing). 
  • Communicate important updates, security notices, or service-related information. 
  • Comply with applicable legal obligations, resolve disputes, or enforce agreements. 

AI Usage Note: Customer data can be used to fine tune Fastr.ai’s model specifically for the one customer. This ensures that the intelligence and insights provided are optimized for your organization’s specific needs while remaining isolated within your private environment. 

3. Third-Party Subprocessors 

Fastr.ai engages subprocessors only where required to deliver services to customers. All third-party service providers are subject to rigorous vendor evaluation prior to onboarding, including assessment of their security posture, data privacy practices, and contractual obligations. Security and privacy requirements are incorporated into all subprocessor agreements. Fastr.ai maintains an up-to-date list of subprocessors, which is available to customers upon request. 

Examples of subprocessors may include cloud hosting providers, analytics tools, and support/ticketing systems. We do not share customer data with subprocessors beyond what is strictly necessary for service delivery.

4. Security & Compliance

Fastr.ai is built on a “security-first” architecture designed to maintain the total isolation of your private Enterprise environment. 

  • Enterprise-Grade Infrastructure: Our Services are hosted on Microsoft Azure and utilize its global security capabilities. Our infrastructure adheres to the highest industry standards, including SOC 2 Type IIISO 27001, and HIPAA compliance frameworks where applicable. 
  • Data Isolation (Tenant Shielding): We employ logical separation to ensure that your Customer Data is shielded from all other tenants. Data is encrypted at rest using AES-256 and in transit via TLS 1.2+. 
  • Rigorous Vendor Oversight: As part of our commitment to security, all third-party subprocessors undergo a strict evaluation process to ensure their security posture and privacy practices align with our Enterprise standards. 
  • Independent Audits: We regularly perform internal security assessments and coordinate with third-party auditors to validate the integrity of our “closed-environment” architecture.

5. Your Privacy Rights 

For the limited controller data we hold about you (Administrators and Billing Contacts): 

If you are an authorized user of the Enterprise Services, you may have rights under applicable laws (such as the CCPA or GDPR) to access, correct, delete, or restrict the processing of your account information. 

For Candidate and Talent Data (The Customer’s Source of Truth): 

Fastr.ai is not a candidate-facing system. We process candidate data solely as a data processor at the direction of our Enterprise Customers and through integrations with their existing systems (e.g., ATS or CRM). 

  • Adherence to Customer Standards: We do not independently alter the privacy status of a candidate. We automatically adhere to the privacy standards, consent flags, and “source of truth” settings established within the Customer’s own systems or operational processes. 
  • How to Exercise Rights: If you are a candidate or individual whose data may be processed within an Enterprise environment, please contact the relevant employer (our Customer) directly. They are the data controller responsible for managing your information and responding to your privacy requests. 
  • Our Role in Requests: If we receive a request directly from a candidate regarding data held in a Customer’s private environment, we will redirect that request to the appropriate Customer for handling in accordance with their specific privacy policies. 

6. Retention 

We retain controller data only as long as necessary to fulfill the purposes outlined in this Notice, resolve disputes, enforce agreements, or meet legal/regulatory requirements. Usage/security logs are typically retained for shorter periods (e.g., 12–24 months) unless required longer for security investigations. 

 

7. International Transfers 

The Enterprise Services are hosted and primarily operated in the United States. Personal data may be transferred to, stored, and processed in the U.S. or other countries where our subprocessors operate. 

For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including: 

  • The EU-U.S. Data Privacy Framework (DPF) where certified. 
  • Standard Contractual Clauses (SCCs) or other approved mechanisms incorporated into agreements. 

By providing controller data, you consent to these transfers where required. 

8. Children’s Privacy 

The Enterprise Services are intended for business/enterprise use and are not directed to individuals under 18. We do not knowingly collect personal data from children. 

9. Do Not Track 

We do not currently respond to browser “Do Not Track” (DNT) signals or similar mechanisms. 

10. Changes to This Notice 

We may update this Notice from time to time. We will post the revised version here with an updated “Last Updated” date. Material changes will be communicated via email to account administrators or through the Enterprise Services where appropriate. Continued use after changes constitutes acceptance.