Privacy Policy

Effective Date: January 16, 2025 | Last Updated: January 16, 2025

1. Introduction and Overview

CNF ("CNF," "we," "our," or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you use our services, websites, applications, or any other CNF products (collectively, our "Services") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

1.1 Scope

This Privacy Policy applies to information we collect:

  • Through our Services
  • In email, text, and other electronic messages between you and our Services
  • Through mobile and desktop applications you download from our Services
  • When you interact with our advertising and applications on third-party websites and services
  • Through our API integrations and developer platforms

2. Information We Collect

2.1 Categories of Personal Information

We collect several categories of information from and about users of our Services:

Category Examples Purpose
Identifiers Name, email address, postal address, unique personal identifier, online identifier, IP address Account creation, authentication, service delivery
Customer Records Phone number, billing information, payment data Transaction processing, customer support
Commercial Information Products or services purchased, obtained, or considered Service optimization, customer experience improvement
Network Activity Browsing history, search history, interaction with our Services Security, fraud prevention, service improvement
Geolocation Data Physical location, movements Service delivery, compliance, security

2.2 Technical and Usage Data

We automatically collect technical and usage information when you use our Services, including:

  • Device Information:
    • Hardware model and unique device identifiers
    • Operating system and version
    • Browser type and settings
    • Mobile network information
  • Log Information:
    • Service usage statistics
    • IP addresses
    • Date and time stamps
    • Session duration
    • Referring and exit pages

2.3 Information Collection Methods

  • Direct Collection:
    • Information you provide when registering for our Services
    • Customer support interactions
    • Survey responses
    • Contest or promotion participation
  • Automated Collection:
    • Cookies and similar technologies
    • Web beacons and tracking pixels
    • Log files and usage data
    • Analytics tools
  • Third-Party Sources:
    • Business partners
    • Identity verification services
    • Public databases
    • Social media platforms (when you connect your account)

3. Use of Information

3.1 Primary Purposes

We use the information we collect for the following primary purposes:

  • Service Delivery and Maintenance:
    • Providing and operating our Services
    • Authentication and access control
    • Technical support and customer service
    • Transaction processing and billing
  • Security and Protection:
    • Fraud detection and prevention
    • System and network security
    • Abuse prevention
    • Legal compliance
  • Service Improvement:
    • Research and development
    • Analytics and metrics
    • User experience optimization
    • Product enhancement

3.2 Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data on the following legal bases:

  • Contractual Necessity: Processing necessary for the performance of our contract with you
  • Legal Obligation: Processing necessary for compliance with legal obligations
  • Legitimate Interests: Processing necessary for our legitimate interests or those of third parties
  • Consent: Processing based on your specific consent

4. Cookie Policy and Tracking Technologies

4.1 Use of Cookies

We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

4.2 Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Required for basic functionality and security features Session to 1 year
Functional Cookies Remember user preferences and settings Up to 2 years
Analytics Cookies Track usage patterns and performance Up to 2 years
Marketing Cookies Enable targeted advertising features Up to 1 year

4.3 Third-Party Tracking Technologies

We partner with third parties who may use their own cookies or similar tracking technologies to collect information about you when you use our Services. This information may be used to provide measurement services and targeted ads.

5. Data Sharing and Disclosure

5.1 Categories of Recipients

We may share your personal information with the following categories of recipients:

  • Service Providers:
    • Cloud hosting providers
    • Payment processors
    • Analytics services
    • Customer support tools
    • Security vendors
  • Business Partners:
    • Integration partners
    • API service providers
    • Resellers and distributors
  • Legal and Regulatory:
    • Law enforcement agencies
    • Regulatory bodies
    • Courts and legal counsel

5.2 International Data Transfers

We transfer data internationally in compliance with applicable data protection laws. For transfers from the EEA, we rely on:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable
  • Other legal transfer mechanisms as required

6. Data Security and Retention

6.1 Security Measures

We implement and maintain appropriate technical and organizational security measures designed to protect personal information from:

  • Technical Controls:
    • Encryption at rest and in transit
    • Multi-factor authentication
    • Network segmentation
    • Intrusion detection and prevention
    • Regular security assessments
  • Organizational Controls:
    • Access control policies
    • Employee training programs
    • Incident response procedures
    • Regular security audits

6.2 Data Retention

We retain personal information for as long as necessary to:

  • Provide our Services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

6.3 Data Deletion

When personal information is no longer needed, we will:

  • Securely delete or anonymize the data
  • Ensure third-party service providers do the same
  • Maintain deletion records as required by law

7. Your Rights and Choices

7.1 GDPR Rights

If you are in the European Economic Area (EEA), you have the following rights:

  • Access: Obtain confirmation of whether we process your personal data and request copies of that data
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of personal data in certain circumstances
  • Restriction: Limit the processing of your personal data
  • Portability: Receive your personal data in a structured, commonly used format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent

7.2 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information
  • Right to Non-Discrimination: Exercise rights without discrimination

8. Additional Information

8.1 Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us.

8.2 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes.

8.3 Contact Information

For questions or concerns about this Privacy Policy or our privacy practices:

Email: [email protected]
Data Protection Officer: [email protected]
Help: https://help.c.nf
Support: https://support.c.nf

9. Compliance and Certifications

9.1 Industry Standards

We maintain compliance with various industry standards and certifications:

  • ISO 27001:2013 Information Security Management
  • SOC 2 Type II
  • PCI DSS Level 1
  • HIPAA compliance where applicable
  • EU-US and Swiss-US Privacy Shield Frameworks