Privacy Policy
Effective July 13, 2026
1. What this covers
This policy describes how Fault Finder Lab handles personal information across faultfinderlab.com and the Fault Finder Lab application. The short version: we collect what a training service needs — your account details and your training activity. No advertising, no third-party analytics, and we never sell personal information.
2. What we collect
- Account information. Display name, email address and/or username, and a password — stored only as a salted hash, so we cannot read it. Team accounts also record your team, role, and any admin or supervisor capabilities, including who granted them.
- Invitations. When a supervisor invites someone by email, we store the invited address, who sent the invitation, and its status.
- Training activity. The core of the product: lesson completions and simulation attempts, including the scenarios you open, the readings and checks you take, the causes you commit to and whether they were correct, repairs attempted, and how long attempts take. Incorrect attempts are recorded too — scoring is deliberately truthful and carries no penalty.
- Technical data. A session cookie (see section 4) and standard server logs — IP address, request time, and path — kept for security and operations.
3. How we use it
To run the service: signing you in, building your competency record and certificates, team assignments and reporting, sending invitation emails, support, security, and improving the product. We do not use your data for advertising, and we do not sell it.
4. Cookies and local storage
We set one essential cookie, fdt_session, to keep you
signed in for up to 30 days; the server stores only a hash of it.
There are no tracking or advertising cookies. Before you sign in,
lesson progress may be kept in your browser's local storage and is
merged into your account when you sign in.
5. Visibility inside your team
If your account belongs to a team, administrators and the supervisors assigned to you can view and export your training record — completions, attempts, correctness, and timing — along with your name and email or username. If your account was provisioned by your employer, your use of Fault Finder Lab is part of your workplace training and your organization controls the account; requests about such an account may be routed through your team administrator.
6. Who we share it with
No data brokers and no ad networks. We use a small set of service providers to run the product:
- Email delivery (currently Resend) — sends invitation and service emails, and receives the recipient address and message content.
- Hosting — our website and application run on U.S.-based cloud infrastructure providers.
- Payments — when paid subscriptions launch, a payment processor will handle payment details; card numbers never touch our servers.
We may also disclose information when the law requires it, or to protect the service and its users.
7. Retention
Account data is kept while the account exists. Training events are the durable record behind competency reports and certificates, so they are kept for the life of the account. Sessions expire after 30 days. Email invitations expire after 14 days, though the invitation record is retained for seat accounting. When an account is deleted, we remove or de-identify its personal information within a reasonable period, except what we must keep for legal or security reasons.
8. Security
Passwords are hashed with scrypt using a unique salt; session tokens are stored only as hashes; traffic is encrypted in transit; and access inside teams is role-based. No method is perfect — contact us immediately if you believe an account has been compromised.
9. Your choices
You can export your training record from your Record page. To access, correct, or delete your personal information, email contact@faultfinderlab.com. For accounts provisioned by an employer, we may direct requests through your team administrator, as described in section 5.
10. Children
Fault Finder Lab is a workplace training tool. It is not directed to children under 16, and we do not knowingly collect their information.
11. Where data lives
Our servers are in the United States. If you use the service from elsewhere, your information is processed and stored in the United States.
12. Changes to this policy
We will post updates here and change the effective date above. For material changes we will give notice by email or in the app.
13. Contact
Privacy questions: contact@faultfinderlab.com.