Skip to main content

Privacy Policy

Last updated: 15 March 2026

FiorLab Limited ("FiorLab", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform.

1. Data Controller

FiorLab Limited (CRO 813471), Dublin, Ireland is the data controller. Contact: privacy@fiorlab.com

2. Data We Collect

We collect: account information (name, email, company name, role); company data (registration numbers, VAT numbers, LEI numbers); supplier assessment data (financial metrics, compliance records, sustainability scores); usage data (page views, feature usage, session duration); uploaded documents (contracts, RFPs, certificates); and communications (support requests, notifications). For pharmaceutical users, this may include GxP compliance data, supplier qualification records, and CAPA documentation.

3. Legal Basis for Processing

We process your data on the basis of: contract necessity (to provide the service); legitimate business interests (to improve the platform and prevent fraud); regulatory compliance (to meet legal obligations); and consent (for marketing communications, which you may withdraw at any time).

4. How We Use Your Data

We use your data to: provide and improve the platform; generate assessment scores and reports; facilitate buyer-supplier connections; send transactional notifications; comply with legal obligations; and detect and prevent fraud or abuse.

5. Data Storage and Security

Data is stored on Google Cloud Platform within the EU. We use TLS 1.2+ encryption in transit and AES-256 encryption at rest. Our infrastructure providers maintain ISO 27001 and SOC certifications. Access is restricted via role-based access control, and all data modifications are logged.

6. Data Sharing

We share data only with approved sub-processors under data processing agreements: Google Cloud Platform (Firebase) for EU storage; Vercel for EU hosting; Resend for email delivery (US, via Standard Contractual Clauses); and Stripe for payment processing. We do not sell your data to third parties.

7. Data Retention

Active account data is retained for the duration of your account. Assessment data is retained for a minimum of 7 years to comply with financial and pharmaceutical regulatory requirements. You may request early deletion subject to legal retention obligations.

8. Your Rights (GDPR)

Under GDPR, you have the right to: access your personal data; rectify inaccurate data; request deletion ("right to be forgotten"); restrict processing; data portability; object to processing; and withdraw consent. Requests will be responded to within 30 days. Contact privacy@fiorlab.com to exercise your rights.

9. Cookies and Analytics

We use essential cookies for authentication and session management. We use Sentry for error monitoring and may use analytics tools to understand platform usage. You can manage cookie preferences through your browser settings.

10. International Transfers

Where data is transferred outside the EEA (e.g., to US-based email providers), we use Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, in accordance with GDPR Article 33.

12. Children's Privacy

FiorLab is a business platform not intended for use by individuals under 18. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Privacy Policy with 30 days' notice via email to registered users. The latest version is always available at this page.

14. Supervisory Authority

You have the right to lodge a complaint with Ireland's Data Protection Commission (dataprotection.ie) if you believe your data has been processed unlawfully.

15. Contact

For privacy inquiries: privacy@fiorlab.com
For general questions: hello@fiorlab.com
FiorLab Limited (CRO 813471), Dublin, Ireland