Privacy Policy

Last updated: June 2026

This Privacy Policy explains how fullfraction collects, uses, shares, and protects personal data. fullfraction is an independent project operated by Zak Nason-Giwa in the United Kingdom, who is the data controller for the purposes of UK data protection law. We work in partnership with Fundably. As the project grows we may operate fullfraction through a company; if that changes who controls your data, we will update this policy. If you have any questions, contact us at privacy@fullfraction.io.

Who this applies to

This policy covers everyone who interacts with fullfraction, including fractional CFOs and finance professionals who apply or create a profile, businesses that submit a brief or request a match, and visitors to our website.

What data we collect

We collect the following categories of personal data:

• CFOs & finance professionals: name, email address, LinkedIn profile URL and photo, the text of any CV or LinkedIn profile you paste, your self-reported capability information (sectors, company types, situations, tools, functions, engagement types, experience, availability, indicative day rate), and any notes you provide.
• Businesses: company name and website, your name, email address and phone number, and the details of your brief or requirements.
• Account & sign-in data: your email address and authentication and session information. If you choose to sign in with LinkedIn, we receive your name, email address, and profile photo from LinkedIn.
• Technical data: usage and log information, device and browser details, and information stored in essential cookies needed to keep you signed in.

How we use your data

We use personal data to operate, provide, maintain, improve, and develop our services. This includes, but is not limited to:

• creating and managing accounts and profiles, and verifying identity;
• matching businesses with fractional CFOs and facilitating introductions;
• communicating with you, including service messages, invitations, and updates;
• understanding how our services are used, and analysing and improving them;
• developing new features, products, services, and offerings;
• maintaining the security and integrity of our platform; and
• complying with legal and regulatory obligations.

We may also use personal data for other purposes that are compatible with those above. Where the law requires it, we will update this policy and, where necessary, seek your consent before using your data for a materially different purpose.

Automated processing

When you paste CV or LinkedIn text, we use an automated parsing service to extract and pre-fill structured profile fields, which you can review and edit. Decisions about matches and approvals are made by our team — we do not carry out automated decision-making that produces legal or similarly significant effects on you.

Legal bases for processing

Under UK GDPR we rely on one or more of the following legal bases: performance of a contract (to provide the service you request); our legitimate interests (to operate, improve, develop, and secure our services and to facilitate matches); your consent (which you may withdraw at any time, for example for certain communications); and compliance with legal obligations.

How we share data

Matching is the core of our service, so we share relevant profile and brief information between matched parties — for example, sharing an approved CFO's profile with a business they are matched to, and vice versa. We also share data with service providers who process it on our behalf, with partners we work with (such as Fundably and specialist recruitment partners) where relevant to operating, marketing, matching, or developing the service, and where required by law or to protect our rights. We do not sell your personal data.

Our key service providers (processors) include:

• Supabase — database hosting and authentication;
• Cloudflare — application hosting, content delivery, and AI-based profile parsing;
• Resend — transactional and notification email.

International transfers

Some of our service providers may process personal data outside the United Kingdom. Where they do, we rely on appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, or Standard Contractual Clauses.

Data retention

We keep personal data for as long as needed to provide our services, to develop and improve them, and to meet our legal, accounting, and regulatory obligations. When data is no longer needed, we delete or anonymise it.

Your rights

Subject to UK data protection law, you have the right to access your personal data; to request correction or erasure; to restrict or object to processing; to data portability; and to withdraw consent where we rely on it. To exercise any of these, contact privacy@fullfraction.io. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

We use essential cookies that are necessary to sign you in and keep your session secure. We may use limited analytics to understand and improve usage; where required, we will ask for your consent.

Security

We take reasonable technical and organisational measures to protect personal data, including access controls and encryption in transit. No system is completely secure, but we work to protect your information and to respond appropriately to any incident.

Children

Our services are intended for businesses and finance professionals and are not directed at anyone under 18. We do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you.

Contact

fullfraction — email privacy@fullfraction.io.