Data Protection Governance

GDPR information for FairUX website interactions and commercial enquiries.

This page explains how FairUX handles contact data, consent signals, and platform-related intake information in a way that remains aligned with EU data protection expectations and enterprise procurement review.

Primary contact

hello@fairux.eu
Firstscore OÜ
Harju maakond, Tallinn, Estonia

Processing posture

  • ✓ EU-facing governance model
  • ✓ Minimal business-contact intake
  • ✓ Consent state persisted separately
  • ✓ Infrastructure audited quarterly

Governance

Controller & Scope

FairUX operates this site as part of the Firstscore compliance platform. This page outlines how we process business contact data, website interaction data, and inbound commercial enquiries within the EU-facing product surface.

Governance

Lawful Basis

We process data on the basis of legitimate interest for B2B communication, contract preparation when you request a demo or audit, and legal obligations where retention or regulatory disclosure is required.

Governance

Agentic Scanning & PII Protection

FairUX crawlers and Multi-Agent Systems are strictly configured to analyze interface logic (DOM, JS, API payloads) and do not intentionally scrape, store, or process Personally Identifiable Information (PII) of your end-users. Any inadvertently captured PII within screenshots or payloads is automatically masked/hashed before storage.

Governance

Credentialed Scans Security

Login credentials required for authenticated staging or post-purchase flow audits are encrypted at rest (AES-256) and in transit (TLS 1.3). Credentials are injected into the headless browser session strictly at runtime and are never exposed to external LLMs.

Governance

Data Minimisation

We only request operationally necessary information such as work email, company domain, and message context. Sensitive categories of personal data are not intentionally requested through this website.

Data Categories

What we may process

  • Corporate email addresses submitted through contact or audit request flows.
  • Company domain and technical context shared during qualification or audit intake.
  • Test-account credentials provided explicitly for authenticated scans (Staging Shield).
  • Browser execution state, DOM snapshots, and network payloads from targeted domains (excluding end-user PII).
  • Basic event telemetry related to CTA submissions and consent preferences.
  • Infrastructure logs used for availability, abuse prevention, and incident response.

Retention & Sharing

How long and with whom

Commercial Enquiries: Contact requests and sales qualification data are retained only for as long as needed to respond, assess fit, maintain records of inbound commercial activity, and meet legal obligations.
Audit Data: Evidence Dossiers (DOM states, API payloads, screenshots) are retained according to the customer's enterprise retention policy or until contract termination.
LLM Subprocessors: We utilize trusted LLM providers (e.g., Azure OpenAI) acting strictly under zero-data-retention agreements. Client interface data is strictly isolated, ephemeral, and is never used to train foundational public models.

Enterprise Infrastructure

Data Sovereignty & Security Architecture

As a Regulatory-Grade compliance platform, we treat our clients' staging environments and source code as highly sensitive assets. FairUX offers deployment models designed to satisfy the most rigorous Infosec and Legal requirements.

Sovereign Deployment Models

Depending on your tier, we support SaaS Hosted Tenants, Private Cloud, Sovereign Cloud (EU-only routing), and fully Air-Gapped On-Premise deployments.

Bring Your Own Key (BYOK)

Maintain cryptographic control over your Evidence Dossiers and Audit Trails. We operate with zero vendor lock-in regarding underlying LLM providers.

Security Audits

Our infrastructure undergoes quarterly third-party penetration testing. SOC 2 Type II certification is planned for Q3 2026.

Data Subject Rights

Your available rights

  • Access the personal data we hold about you.
  • Request rectification or deletion where legally permissible.
  • Object to processing based on legitimate interest.
  • Request restriction or data portability where applicable.
  • Define custom data retention policies for Evidence Dossiers (Enterprise tier).
  • Escalate concerns to your local supervisory authority in the EU.

FairUX
A strategic investment by Firstscore AI Platform™

We provide the evidentiary infrastructure to proactively monitor and document your architecture's alignment with emerging digital market regulations across Europe, including the upcoming June 19 mandates.

Our infrastructure is audited quarterly for regulatory adherence and data protection compliance.

REGULATORY ALIGNMENT

  • ✓ Anti-Obstruction Directive (June 19, 2026)
  • ✓ Digital Services Act (DSA) Article 25
  • ✓ UCPD & Omnibus Directive
  • ✓ EU AI Act (Risk-Based Framework)

GOVERNANCE & COMPLIANCE

  • ✓ Data Sovereignty (GDPR compliant)
  • ✓ Third-party audited security
  • ✓ SOC 2 Type II certification (planned Q3 2026)
  • ✓ Zero vendor lock-in guarantee

Documentation

Legal

Contact

hello@fairux.eu

Firstscore OÜ
Harju maakond, Tallinn, Estonia
Enterprise Registry Code: 16543211

© 2026 FairUX / Firstscore. All rights reserved.