Functor Privacy Policy
Last Updated: Nov 6, 2025
This Privacy Policy describes how Sunhill LLC, a Delaware corporation operating out of New Jersey (the "Company," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with the Functor AI memory service and all related applications, documentation, and services (the "Service").
We respect your privacy and are committed to protecting your personal data. This policy is designed to comply with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Data We Collect
We collect information to provide, operate, maintain, and improve our Service. This data falls into three main categories:
A. Information You Provide Directly
- Account and Contact Information: When you create an account, we collect personal details such as your name, email address, company name, phone number, and account password.
- Payment Information: If you subscribe to paid Services, our third-party payment processors may collect payment card details or other billing information. We do not store full payment card numbers on our servers.
- Customer Content: Information and data, including personal data, that you upload, submit, post, or otherwise transmit to the Services (e.g., project data, user profiles within your organization).
- Communications: Information you provide when you communicate with us, such as support requests, feedback, or inquiries sent to us.
B. Information We Collect Automatically
- Usage Data: Details about how you use the Services, including access times, pages viewed, and the features you use.
- Device and Technical Data: Information about the device you use to access the Services, such as IP address, browser type, operating system, and device identifiers.
- Cookies and Tracking Technologies: We and our service providers use cookies and similar technologies to track activity on our Services and hold certain information.
2. How We Use Your Data (Purpose of Processing)
We use your data for the following purposes and rely on specific legal bases, as detailed in Section 3:
| Purpose | Description | Legal Basis (for EU/EEA Users) |
|---|---|---|
| To Provide and Maintain Services | To operate, maintain, and provide all features of the Services, including processing transactions and managing user accounts. | Contractual Necessity |
| To Improve Services | To understand and analyze how you use the Services and to develop new products, services, and features. | Legitimate Interest |
| To Communicate with You | To respond to your comments and questions, provide customer support, and send technical notices, updates, security alerts, and administrative messages. | Contractual Necessity and Legitimate Interest |
| Marketing and Promotion | To send promotional communications, if you have opted in, about new products, services, or events. | Consent (where required) or Legitimate Interest |
| Security and Fraud Prevention | To detect, prevent, and respond to actual or potential fraud, illegal activities, or security breaches. | Legitimate Interest and Legal Obligation |
Specific Note on AI/ML Model Improvement (User Data): As described in our Terms of Service, we use aggregated, anonymized, or de-identified User Data and Usage Data to train and improve the performance, functionality, and accuracy of the Functor Service itself. We commit to not using User Data to train models in a manner that would identify you or your end-users, unless we have obtained your specific, written consent.
3. Legal Basis for Processing (GDPR)
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activity |
|---|---|
| Performance of a Contract | Processing necessary to fulfill our obligations under your subscription agreement (Section 2.1, 5.1). |
| Legitimate Interests | Providing security, preventing fraud, maintaining Service performance, and improving our Service using aggregated/de-identified data. |
| Legal Obligation | Complying with legal requirements, tax, and regulatory obligations. |
| Consent | Sending marketing communications, or other activities where consent is explicitly sought. |
4. Disclosure and Sharing of Data
We do not sell your personal data. We may disclose your data to the following parties:
- Service Providers: Third parties who perform functions on our behalf, such as cloud hosting providers (e.g., AWS, GCP), payment processors, and analytics providers. These providers are bound by confidentiality obligations.
- Affiliates: To any present or future affiliate or subsidiary for internal operational purposes.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
- Legal Requirements: When required by law, subpoena, or government request, or to protect our rights, property, or safety, or that of our users or the public.
- Aggregated Data: We may share aggregated or de-identified data (which cannot reasonably be used to identify you) with third parties for research, product development, or marketing.
5. Your Data Protection Rights
Depending on your location (especially if you are in the EEA or California), you may have the following rights regarding your personal data:
5.1. Rights under GDPR (EEA, UK, Switzerland)
- Right of Access: To request copies of your personal data.
- Right to Rectification: To request correction of inaccurate data.
- Right to Erasure ("Right to be Forgotten"): To request deletion of your personal data.
- Right to Restriction of Processing: To request limits on how we process your data.
- Right to Data Portability: To request transfer of your data to another organization.
- Right to Object: To object to processing based on legitimate interests or direct marketing.
- Right to Lodge a Complaint: With a supervisory authority in your country.
5.2. Rights under CCPA (California Residents)
If you are a California resident, you have the right to:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, and the business purpose for collecting it.
- Right to Deletion: Request the deletion of personal information we have collected from you, subject to certain exceptions.
- Right to Opt-Out of Selling or Sharing: We do not sell or share (as defined by the CCPA) your personal information for monetary or cross-context behavioral advertising purposes. Therefore, no opt-out link is needed.
- Right to Non-Discrimination: Not be discriminated against for exercising any of your CCPA rights.
To exercise any of these rights, please contact us using the information in Section 9.
6. International Data Transfers
The Service is provided from the United States, and your data will be processed and stored in the United States and potentially other countries where our service providers operate. By using the Service, you acknowledge and agree that your personal data may be transferred to, and processed in, the United States.
For residents of the EEA, UK, or Switzerland, we will ensure that any transfer of personal data outside these territories is governed by adequate safeguards, such as the European Commission's standard contractual clauses (SCCs).
7. Data Security and Retention
Security
We implement commercially reasonable technical and organizational security measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. However, no internet transmission or electronic storage method is 100% secure.
Retention
We retain personal data for as long as your account is active or as needed to provide you with the Service. We also retain and use your data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Anonymized or de-identified data used for model improvement may be retained indefinitely.
8. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information.
9. Contact Information
If you have questions or requests regarding this Privacy Policy or your data, please contact: