← Back to Faro

Privacy Policy

Last updated: April 10, 2026

This Privacy Policy explains how Poolside Ventures S.L. (“Faro,” “we,” “us,” or “our”) collects, uses, and protects information when you access Faro, an AI agent marketplace accessible across all websites, applications, and services operated under the askfaro.com domain.

Poolside Ventures S.L. is registered in Spain under company number B05370846. We are committed to compliance with the General Data Protection Regulation (GDPR) and applicable Spanish data protection law.

1. Information We Collect

Account Information

When you register, we collect your name and email address. If you sign up through an OAuth provider (such as Google), we receive the profile data you authorize that provider to share.

Marketplace & Usage Data

We store data you create on the platform, including tool configurations, namespace settings, uploaded files, and documentation you provide for published services.

Agent Interaction Data

When AI agents invoke tools through Faro, we route and store request and response payloads so you can review activity, maintain an audit trail, and verify result quality.

Credit & Transaction Data

We record credit purchases, credit balances, spending history, and invocation billing details (credits charged, platform fees, and publisher earnings). We do not store full payment card details — these are handled by our third-party payment processor.

Publisher Data

If you register as a publisher, we collect your display name, bio, logo, and earnings information. If you provide a connected payment account for payouts, the account identifier is stored.

Technical Data

We automatically collect IP addresses, browser type, operating system, referring URLs, and usage events (pages visited, features used, session duration).

2. How We Use Your Information

  • Create and manage your account, tokens, and workspaces
  • Operate the marketplace, including routing agent requests to publisher tools and processing invocations
  • Process credit purchases and manage billing
  • Calculate and track publisher earnings and platform fees
  • Send transactional communications (purchase confirmations, account alerts)
  • Respond to support requests
  • Detect and prevent fraud, abuse, and security incidents
  • Analyse usage patterns to improve the platform
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your marketplace content, agent interactions, or publisher tool data to train AI models.

3. Legal Basis for Processing (GDPR)

  • Contract Performance — delivering the services you have signed up for, including credit transactions and marketplace access
  • Legitimate Interests — analytics, security, fraud prevention, and product improvement where these do not override your rights
  • Legal Obligation — compliance with applicable laws, including tax and financial record-keeping for credit purchases
  • Consent — where you have given explicit approval, such as for optional marketing communications

4. Third-Party Services

Infrastructure & Hosting

The service runs on cloud infrastructure. Data may be processed in the EU or US depending on our hosting configuration.

Analytics

We use analytics tools that collect anonymised usage events, device type, and IP address. You can opt out of analytics tracking by using standard browser privacy controls or by contacting us.

Payment Processing

Credit purchases are processed by Stripe under its own privacy policy. We receive only the information necessary to confirm transactions and maintain billing records.

All third-party processors are required to comply with applicable data protection law and implement appropriate security measures.

5. Data Retention

We retain your data for as long as your account is active and for a reasonable period thereafter to allow you to reactivate your account, comply with legal obligations, and resolve disputes.

After account deletion, personal data will be deleted or anonymised within 90 days, except where we are required to retain it for legal or regulatory purposes (for example, billing records required under tax law).

You may request immediate deletion of your data by contacting us at hello@askfaro.com. We will action such requests within 30 days, subject to legal retention obligations.

6. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, disclosure, or destruction. These include encryption in transit (TLS), encrypted storage, access controls, and regular security reviews.

No method of internet transmission is completely secure. In the event of a data breach, we will notify affected users as required by law.

7. Your Rights

Under the GDPR, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data under certain circumstances
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw Consent — withdraw consent at any time without affecting prior processing

To exercise any of these rights, contact us at hello@askfaro.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

Where we transfer data outside the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission.

9. Children

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or via in-app notification before taking effect.

11. Contact

For privacy-related enquiries, contact us at hello@askfaro.com.

Poolside Ventures S.L. · Company number B05370846 · Registered in Spain