Privacy Policy
Effective Date: February 2, 2026
Last Updated: January 3, 2026
════════════════════════════════════════════════════════════════════
TABLE OF CONTENTS
• Introduction
• Regulatory Compliance Framework
• Definitions
• HIPAA Compliance for Protected Health Information
• Clinical Trial and Research Data Compliance
• Information Collection and Use
• Use of Data
• Legal Basis for Processing Personal Data
• Data Retention
• Data Residency and International Transfers
• Data Processors and Subprocessors
• Security of Data
• Data Breach Notification
• Disclosure of Data
• Your Data Protection Rights
• Analytics and Third-Party Service Providers
• Links to Other Sites
• Children's Privacy
• "Do Not Track" Signals
• Changes to This Privacy Policy
• Contact Us
════════════════════════════════════════════════════════════════════
INTRODUCTION
This Privacy Policy describes how Fountayn ("we," "us," or "our") collects, uses, discloses, and protects personal information when you use our Electronic Data Capture (EDC) software-as-a-service platform (the "Service") accessible at http://www.fountayn.com.
As a provider of electronic data capture systems for clinical trials and medical research, we are committed to protecting the privacy and security of all data entrusted to us, including Protected Health Information (PHI) and personal data subject to various privacy regulations.
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. Unless otherwise defined in this Privacy Policy, terms used herein have the same meanings as in our Terms and Conditions.
REGULATORY COMPLIANCE FRAMEWORK
Our Service and this Privacy Policy are designed to comply with the following regulatory frameworks:
• Health Insurance Portability and Accountability Act (HIPAA) - United States
• FDA 21 CFR Part 11 (Electronic Records and Electronic Signatures) - United States
• General Data Protection Regulation (GDPR) - European Economic Area
• UK GDPR and Data Protection Act 2018 - United Kingdom
• Good Clinical Practice (GCP) Guidelines - ICH E6(R2) and ICH E6(R3)
• California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and other applicable US state privacy laws
DEFINITIONS
Service
Service refers to the Fountayn Electronic Data Capture (EDC) platform, including the website http://www.fountayn.com and all associated software, applications, and services operated by Fountayn.
Personal Data
Personal Data means data about a living individual who can be identified from that data (or from that data combined with other information either in our possession or likely to come into our possession). This includes both directly identifiable information (such as name and email address) and indirectly identifiable information.
Protected Health Information (PHI)
Protected Health Information or PHI means individually identifiable health information transmitted or maintained in any form or medium by a covered entity or business associate, as defined under HIPAA. PHI includes demographic information, medical histories, test results, insurance information, and other data that relates to an individual's past, present, or future physical or mental health condition.
Data Controller
Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your account and administrative Personal Data. For clinical trial data, the study sponsor or principal investigator typically acts as the Data Controller.
Data Processor (or Service Provider)
Data Processor (or Service Provider) means any natural or legal person who processes data on behalf of the Data Controller. Fountayn acts as a Data Processor for clinical trial data and PHI processed on behalf of covered entities, study sponsors, and principal investigators.
Business Associate
Business Associate refers to a person or entity that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of PHI. Fountayn acts as a Business Associate when processing PHI on behalf of covered entities.
HIPAA COMPLIANCE FOR PROTECTED HEALTH INFORMATION
When Fountayn processes Protected Health Information (PHI) on behalf of covered entities or other HIPAA-regulated organizations, we act as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.
Business Associate Agreements
We execute Business Associate Agreements (BAAs) with all covered entities and business associates who use our Service to process PHI. These agreements establish:
• Permitted uses and disclosures of PHI
• Our obligations to implement appropriate safeguards
• Reporting requirements for breaches and security incidents
• Data access, amendment, and accounting rights
• Subcontractor management and oversight
HIPAA Safeguards
We implement comprehensive administrative, physical, and technical safeguards to protect PHI, including:
Administrative Safeguards:
• Designated Privacy and Security Officers
• Workforce training on HIPAA requirements
• Background checks for personnel with PHI access
• Sanctions policy for violations
• Regular risk assessments and security reviews
Physical Safeguards:
• SOC 2 Type II certified data centers
• 24/7 physical security monitoring and access controls
• Environmental controls and redundancy systems
• Secure disposal procedures for hardware containing PHI
Technical Safeguards:
• Unique user identification and authentication
• Multi-factor authentication (MFA) options
• Automatic logoff after period of inactivity
• End-to-end encryption for PHI in transit (TLS 1.3)
• AES-256 encryption for PHI at rest
• Comprehensive audit controls and access logs
• Integrity controls to prevent unauthorized alteration
Minimum Necessary Standard
We adhere to the minimum necessary standard by implementing role-based access controls (RBAC) that limit PHI access to only what is necessary for each user to perform their job functions.
Patient Rights Under HIPAA
While Fountayn is a Business Associate and not directly responsible for responding to individual rights requests, we support our covered entity clients in fulfilling patient rights including: right to access PHI, right to request amendments, right to an accounting of disclosures, and right to request restrictions.
For information about your rights under HIPAA, please contact the covered entity (such as your healthcare provider or health plan) that uses our Service. We will assist covered entities in responding to requests as required by our BAA.
CLINICAL TRIAL AND RESEARCH DATA COMPLIANCE
Fountayn's EDC system is specifically designed to support compliance with regulatory requirements for clinical trials and medical research.
FDA 21 CFR Part 11 Compliance
Our Service complies with FDA 21 CFR Part 11 requirements for electronic records and electronic signatures used in clinical investigations. This includes:
• Validation: The system undergoes rigorous validation to ensure accuracy, reliability, and consistent intended performance
• Audit Trails: Comprehensive, computer-generated, time-stamped audit trails that independently record the date and time of operator entries and actions
• Data Integrity: Measures to ensure data integrity and prevent unauthorized access or alterations
• Electronic Signatures: Secure electronic signature capabilities with unique user identification, password controls, and signature manifestations
• System Documentation: Complete documentation of system development, validation protocols, and standard operating procedures
• Data Retention: Ability to maintain records in electronic form and ensure their retrievability throughout the required retention period
Good Clinical Practice (GCP) Compliance
Our EDC system supports compliance with Good Clinical Practice guidelines as outlined in ICH E6(R2) and the updated ICH E6(R3). We support both versions to accommodate clinical trials designed under either framework:
• ICH E6(R2): Supports trials designed under the 2016 revision with emphasis on quality management systems and risk-based approaches
• ICH E6(R3): Fully aligned with the 2023 revision incorporating enhanced risk management, quality by design, and strengthened data governance requirements
Key GCP-supporting features include:
• Source data verification capabilities
• Query management and resolution workflows
• Data review and approval processes
• Regulatory inspection readiness features
• Support for risk-based monitoring approaches
• Essential document management
Audit Trails and Data Integrity
Our EDC system maintains comprehensive audit trails that record:
• All data entries, modifications, and deletions
• User actions with unique identifiers and timestamps
• System access logs and authentication events
• Electronic signatures and approvals
• Configuration changes and system events
Audit trails are:
• Tamper-evident and cannot be modified or deleted by users
• Retained for the life of the data plus the applicable retention period
• Available for regulatory inspection upon request
• Exportable in human-readable format
System Validation
Fountayn's EDC system undergoes comprehensive validation according to industry standards:
• Design Qualification (DQ): Documentation that design requirements align with intended use
• Installation Qualification (IQ): Verification that the system is installed correctly
• Operational Qualification (OQ): Testing that the system operates as intended across all features
Validation documentation is available to clients upon request to support their regulatory submissions and inspections.
INFORMATION COLLECTION AND USE
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
Personal Data
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
• Email address
• First name and last name
• Phone number
• Organization and job title
• Professional credentials and qualifications
• Address, State, Province, ZIP/Postal code, City
• Cookies and Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us directly.
Clinical Trial and Research Data
When our Service is used for clinical trials or medical research, we may process:
• Study participant data (which may include PHI)
• Clinical assessments and measurements
• Laboratory results
• Adverse event reports
• Protocol-specific data elements
For clinical trial data, we act as a Data Processor on behalf of study sponsors and principal investigators. The study sponsor or principal investigator determines what data is collected and how it is used. We process this data only as instructed by the Data Controller and in accordance with applicable regulations.
Usage Data
We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as:
• Your computer's Internet Protocol address (IP address)
• Browser type and version
• Pages of our Service that you visit
• Time and date of your visit
• Time spent on pages
• Unique device identifiers
• Operating system information
• Other diagnostic and performance data
Tracking and Cookies Data
We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of cookies we use:
• Session Cookies: We use session cookies to operate our Service and maintain your authenticated session
• Preference Cookies: We use preference cookies to remember your preferences and various settings
• Security Cookies: We use security cookies for security purposes and to detect fraudulent activity
• Analytics Cookies: We use analytics cookies to understand how users interact with our Service
USE OF DATA
Fountayn uses the collected data for various purposes:
• To provide and maintain our Service
• To notify you about changes to our Service
• To allow you to participate in interactive features of our Service when you choose to do so
• To provide customer support
• To gather analysis or valuable information so that we can improve our Service
• To monitor the usage of our Service and detect, prevent, and address technical issues
• To ensure system security and prevent unauthorized access
• To comply with legal obligations and regulatory requirements
• To facilitate clinical trial and research activities in accordance with applicable protocols and regulations
• To provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about, unless you have opted not to receive such information
LEGAL BASIS FOR PROCESSING PERSONAL DATA
Under GDPR and UK GDPR
If you are from the European Economic Area (EEA) or the United Kingdom, Fountayn's legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.
We comply with:
• EU General Data Protection Regulation (GDPR) for EEA residents
• UK GDPR and Data Protection Act 2018 for UK residents
Fountayn may process your Personal Data because:
• We need to perform a contract with you (such as providing EDC services under our Terms of Service)
• You have given us permission to do so (consent)
• The processing is in our legitimate interests and is not overridden by your rights (such as improving our Service, ensuring security, and preventing fraud)
• We need to comply with a legal obligation (such as regulatory reporting requirements)
• Processing is necessary for reasons of public interest in the area of public health, such as conducting clinical research
For processing of special categories of personal data (including health data), we rely on:
• Explicit consent where required
• Processing necessary for scientific research purposes in accordance with Article 9(2)(j) GDPR
• Processing necessary for reasons of public interest in the area of public health
DATA RETENTION
Personal Data
Fountayn will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to:
• Comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws)
• Resolve disputes
• Enforce our legal agreements and policies
• Maintain business records for operational and financial purposes
Clinical Trial and Research Data
For EDC data related to clinical trials and medical research, we retain data according to:
• Applicable regulatory requirements (typically a minimum of 25 years for FDA-regulated trials, as specified in 21 CFR 312.62)
• EMA requirements (typically at least 25 years after completion or discontinuation of the trial)
• MHRA requirements for UK clinical trials
• Client-specific retention schedules specified in our Data Processing Agreements
• ICH GCP guidelines (E6(R2) and E6(R3))
Clients (Data Controllers) maintain control over their research data retention schedules. Upon contract termination or client request, we will:
• Return all client data in a usable, structured format within 30 days
• Securely delete data from our systems after the agreed retention period
• Provide certification of deletion upon request
• Maintain backup copies only as long as required by our disaster recovery procedures, with secure deletion following the same timeline
Usage Data
We generally retain Usage Data for a period of 1 year for internal analysis purposes. Usage Data is retained for a shorter period than Personal Data, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
DATA RESIDENCY AND INTERNATIONAL TRANSFERS
Data Storage Locations
We store data in secure, SOC 2 Type II certified data centers. Our primary data center locations include:
• United States (for US clients and global operations)
• European Union (for EEA clients)
Clients can specify preferred data residency locations based on their regulatory requirements and business needs. We offer regional hosting options to meet specific data localization requirements.
International Data Transfers
Your information, including Personal Data, may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we may transfer the data, including Personal Data, to the United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
For data transfers from the EEA or UK to other countries, we implement appropriate safeguards including:
• UK International Data Transfer Agreement (IDTA): For transfers from the UK, we comply with the UK IDTA and International Data Transfer Addendum to the EU SCCs
• Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission or UK authorities
• Additional Safeguards: Encryption in transit and at rest, strict access controls, and contractual obligations on all data recipients
Fountayn will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
DATA PROCESSORS AND SUBPROCESSORS
We may employ third-party companies and individuals to facilitate our Service ("Service Providers" or "Subprocessors"), to provide the Service on our behalf, to perform Service-related services, or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We maintain a current list of all subprocessors at [insert URL]. This list includes:
• Subprocessor name and location
• Services provided
• Data processing location
• Applicable data transfer mechanisms
All subprocessors:
• Are contractually bound to GDPR, UK GDPR, and applicable data protection requirements
• Execute Data Processing Agreements (DPAs) or equivalent contractual arrangements with us
• Maintain appropriate technical and organizational security measures
• Are subject to our oversight, monitoring, and audit rights
• Comply with confidentiality obligations
For clients with Business Associate Agreements, all subprocessors handling PHI are also HIPAA-compliant Business Associates with executed BAAs.
We will notify clients of any changes to our subprocessor list with at least thirty (30) days' advance notice. Clients may object to the appointment of a new subprocessor on reasonable grounds relating to data protection. If we cannot accommodate such objection, the client may have the right to terminate the affected services as specified in our service agreement.
SECURITY OF DATA
The security of your data is our highest priority. As an EDC vendor handling sensitive research and health data, we implement comprehensive, defense-in-depth security measures across multiple layers.
Technical Safeguards
Encryption:
• End-to-end encryption for data in transit using TLS 1.3 or higher
• AES-256 encryption for data at rest
• Encrypted database backups
Access Controls:
• Multi-factor authentication (MFA) required for all user accounts
• Role-based access controls (RBAC) with principle of least privilege
• Unique user identification for all system access
• Automatic session timeout after periods of inactivity
• Strong password policies and enforcement
Monitoring and Detection:
• 24/7 automated security monitoring and alerting
• Intrusion detection and prevention systems (IDS/IPS)
• Security information and event management (SIEM)
• Real-time threat intelligence and anomaly detection
Vulnerability Management:
• Regular vulnerability assessments and penetration testing
• Secure software development lifecycle (SDLC)
• Code security reviews and static analysis
Administrative Safeguards
• Designated Chief Information Security Officer (CISO)
• Comprehensive security awareness training for all employees
• Background checks for all personnel with data access
• Documented information security policies and procedures
• Regular security audits and compliance assessments
• Incident response plan with defined roles and procedures
• Business continuity and disaster recovery planning
• Vendor risk management program
Physical Safeguards
• SOC 2 Type II certified data centers
• 24/7 physical security monitoring with video surveillance
• Biometric and multi-factor access controls for data center entry
• Environmental controls (temperature, humidity, fire suppression)
• Redundant power supplies and network connectivity
• Secure media disposal and destruction procedures
Business Continuity and Disaster Recovery
We maintain comprehensive business continuity and disaster recovery capabilities:
• Redundant data backups in geographically separated locations
• Recovery Point Objective (RPO): Maximum 1 hour of data loss
• Recovery Time Objective (RTO): Service restoration within 4 hours
• Regular disaster recovery testing and drills
• 99.9% uptime Service Level Agreement (SLA)
Certifications and Compliance
Our security program is validated through:
• Regular third-party security assessments and penetration testing
• HIPAA Security Rule compliance
While no method of transmission over the Internet or method of electronic storage is 100% secure, we employ industry-leading security practices appropriate for the highly sensitive nature of clinical research and health data. We continuously monitor and update our security measures to address emerging threats and maintain the highest standards of data protection.
DATA BREACH NOTIFICATION
In the event of a data breach involving Personal Data or Protected Health Information, we have established comprehensive breach response procedures to ensure timely notification and appropriate remediation.
Notification Timelines
We will notify affected parties according to applicable legal requirements:
• GDPR/UK GDPR Breaches: We will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Affected individuals will be notified without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
• HIPAA Breaches: We will notify covered entities of any breach of unsecured PHI within 60 days of discovery, as required by the HIPAA Breach Notification Rule.
• Other Applicable Laws: We will comply with breach notification requirements under US state laws (such as CCPA/CPRA) and other applicable regulations.
Breach Notification Content
Breach notifications will include:
• Description of the nature of the breach
• Categories and approximate number of individuals affected
• Categories and approximate number of data records concerned
• Likely consequences of the breach
• Measures taken or proposed to address the breach
• Measures to mitigate potential adverse effects
• Contact information for further inquiries
Incident Response
We maintain a documented incident response plan that includes:
• Immediate containment and assessment procedures
• Investigation and root cause analysis
• Documentation and evidence preservation
• Remediation and corrective actions
• Post-incident review and lessons learned
• Regular incident response drills and tabletop exercises
DISCLOSURE OF DATA
Disclosure for Law Enforcement
Under certain circumstances, Fountayn may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (for example, a court order, subpoena, or government agency request).
Legal Requirements
Fountayn may disclose your Personal Data in the good faith belief that such action is necessary to:
• Comply with a legal obligation or regulatory requirement
• Protect and defend the rights or property of Fountayn
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability
• Respond to regulatory audits or inspections (such as FDA or MHRA inspections)
For clinical trial data, we will notify the Data Controller (study sponsor or principal investigator) of any legal process requesting access to their data, unless prohibited by law, to allow them to seek protective orders or other appropriate relief.
YOUR DATA PROTECTION RIGHTS
Rights Under GDPR and UK GDPR
If you are a resident of the European Economic Area (EEA) or the United Kingdom, you have certain data protection rights. Fountayn aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us at gdpr@fountayn.com.
In certain circumstances, you have the following data protection rights:
• The right to access, update, or delete the information we have on you. Whenever made possible, you can access, update, or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
• The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object. You have the right to object to our processing of your Personal Data.
• The right of restriction. You have the right to request that we restrict the processing of your personal information.
• The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
• The right to withdraw consent. You also have the right to withdraw your consent at any time where Fountayn relied on your consent to process your personal information.
• The right to object to automated decision-making and profiling. You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
Please note that we may ask you to verify your identity before responding to such requests to ensure the security of your Personal Data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact:
• UK residents: Information Commissioner's Office (ICO) - https://ico.org.uk
• EEA residents: Your local data protection authority in the European Economic Area
Rights Under US State Privacy Laws
California Residents (CCPA/CPRA)
If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by businesses
• Right to opt-out of sale or sharing of personal information
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights
IMPORTANT: We do not sell personal information.
Other US State Residents
If you are a resident of Virginia, Colorado, Connecticut, or Utah, you may have similar privacy rights under your state's privacy law. These rights typically include the right to access, correct, delete, and obtain a copy of your personal data, as well as the right to opt out of certain data processing activities.
To exercise your rights under applicable US state privacy laws, please contact us at privacy@fountayn.com or call our toll-free number at [insert toll-free number].
ANALYTICS AND THIRD-PARTY SERVICE PROVIDERS
We may use third-party Service Providers to monitor and analyze the use of our Service to improve functionality, performance, and user experience.
These analytics tools may collect information about your use of the Service, including pages visited, time spent, features used, and technical information about your device and browser. This information helps us understand usage patterns, identify technical issues, and make data-driven improvements to our Service.
All analytics providers are bound by contractual obligations to protect the confidentiality and security of this data.
LINKS TO OTHER SITES
Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
CHILDREN'S PRIVACY
Our Service is not intended for use by children under the age of 13 without appropriate parental consent ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 13 without verifiable parental consent. If you are a parent or guardian and you are aware that your child has provided us with Personal Data without consent, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Clinical Trial Participation: Clinical trial subjects under 18 may use our Service only with appropriate parental or legal guardian consent and assent processes as required by applicable research ethics regulations, including 21 CFR 50 Subpart D (Additional Safeguards for Children in Clinical Investigations) and ICH E6(R2)/E6(R3) GCP guidelines.
"DO NOT TRACK" SIGNALS
We currently do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs. We will notify you of any material changes by:
• Posting the new Privacy Policy on this page
• Sending you an email notification
• Displaying a prominent notice on our Service
We will provide notice at least thirty (30) days prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
For material changes affecting clinical trial data or PHI, we will also notify Data Controllers (study sponsors and principal investigators) and covered entities as required by our contractual obligations.
CONTACT US
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us:
Email: dpo@fountayn.com
Mailing Address:
Fountayn
Attn: Privacy Officer
823 Congress Ave
Ste 150297
Austin, TX 78701
If you have any questions about this Privacy Policy, please contact us:
By email: privacy@fountayn.com