Get Started
- The Basics
  - What is Face2Face?
Installation & Onboarding
- Plugins
  - WordPress Plugin
- Integrations
  - F2F — Slack Integration Gone Wrong (and what to do)
- Workflows
  - Filtering by Country: Include/Exclude Visitors from Workflows based on their Location
- Sparks
  - Spark Installation Instructions
  - Spark Configuration Instructions
Developer Documentation
- Javascript Functions
  - Identify
  - Workflow
  - Notify
  - Popup
  - requestAgent
  - evaluateCondition
- Other
  - How to Identify Visitors via URL Parameters (UTMs)
  - How to Start Call via URL Parameter (UTM)
Compliance Hub
- Using Face2Face Responsibly
  - How to Use Face2Face in a GDPR-Compliant Way
  - Adding Face2Face to Your Cookie Consent Banner
  - Manually Delete a Specific Visitor's Data
- Privacy & Legal
  - Privacy Policy
  - Terms of Use (Customer Agreement)
  - Acceptable Use Policy (AUP)
  - Data Processing Agreement (DPA)
- Security, Uptime & Support
  - Security Practices (Information Security Policy)
  - Support & Uptime Commitments (SLA)
- Data Handling & Compliance
  - Data Handling Overview (Controller ROPA)
  - Data Processing Overview (Processor ROPA)
  - Subprocessors List
  - Data Retention Policy
- Compliance Certifications
  - SOC 2 Type II

Data Handling Overview (Controller ROPA)

Shows what data we collect for our own business (e.g. marketing, billing), and how we store and secure it.

Last updated: May 16, 2025

Processing Activity	Purpose	Data Subjects	Data Types	Legal Basis	Recipients/Subprocessors	Storage Locations	Retention Period	Security Measures
Marketing Emails	Sending promotional emails	Leads, Customers	Name, Email	Consent	Postmark	EU, USA	Until unsubscribe	TLS encryption, limited access
User Registration	Create/manage user accounts	Customers, Leads	Name, Email, IP, Password (hashed)	Contract	Heroku, MongoDB Atlas	USA, Germany	Until account deletion	TLS encryption, access control
Payment Processing	Billing and financial transactions	Customers	Name, Email, Billing Address, Payment Method, Transaction data	Legal Obligation (financial)	Stripe	EU, USA	7 years (accounting purposes)	TLS encryption, PCI compliance, access control
Customer Support	Resolving customer inquiries and tickets	Customers	Name, Email, Support Ticket Data	Contract	Intercom, Gmail	EU, USA	2 years after issue resolution	TLS encryption, access limited to support roles
Website Analytics	Understand/improve site performance	Website visitors	IP, Browser type/version, Device information	Legitimate Interest	Mixpanel	EU	14 months	Aggregation/anonymization, limited user access
Recruitment	Hiring and employment processing	Job Candidates, Employees	Name, Email, Resume, LinkedIn Profile	Legitimate Interest, Consent	Notion, Gmail	EU, USA	6 months	Restricted access, secure storage
Supplier Management	Managing supplier/vendor relationships	Suppliers/Vendors	Name, Email, Phone, Company Details	Contract, Legitimate Interest	Notion, Gmail	EU, USA	Duration of contractual relationship	Restricted access, secure communications, encrypted storage

Notes:

Security measures reflect current startup practices (encryption, access controls, vendor reviews).

Retention periods balance business requirements, legal obligations, and GDPR storage limitation principles.

Data transfers outside EEA are safeguarded by GDPR-compliant mechanisms (e.g., SCCs).

Last updated on May 16, 2025

Support & Uptime Commitments (SLA) Data Processing Overview (Processor ROPA)