Data & IP Protection.

Data Governance

FabriMatch operates under strict data residency and security protocols. All data is processed and stored within the European Union. We collect company identity, user authentication data, and technical project files solely to provide manufacturing matching, payment processing, and transaction services.

We do not sell, rent, or share personal data with third parties for marketing purposes. Data is shared only with: (a) manufacturers you explicitly engage with on the platform, (b) payment processors (Stripe, Wise) for transaction execution, and (c) authorities when required by law.

Technical File Security

Proprietary CAD and drawing files are encrypted at rest using AES-256 standards. In transit, all data is protected by TLS 1.3. Access to technical files is programmatically restricted to only those manufacturers that a client has explicitly invited to a negotiation or confirmed via the AI matching engine.

Every instance of a technical file being viewed, downloaded, or shared is recorded in an immutable audit log. Clients can review the full access history of their files at any time from their dashboard. Files are automatically purged 90 days after order completion unless the client opts to retain them.

Payment & Financial Security

Payment card data is never stored on FabriMatch servers. All payment processing is handled by Stripe, which is certified PCI DSS Level 1 — the highest level of payment security certification. Manufacturer IBAN details are stored encrypted and used exclusively for SEPA payout processing via Wise.

Escrow transactions use Stripe's manual capture mechanism to hold funds securely until delivery acceptance. All payment operations include idempotency controls to prevent duplicate charges and row-level database locking to prevent race conditions.

Your Data Rights

Under GDPR and applicable data protection laws, you have the following rights:

To exercise any of these rights, contact our Data Protection Officer at dpo@fabrimatch.com. We will respond within 30 days as required by GDPR. Note that deletion requests are subject to active order compliance and financial records retention obligations (typically 10 years for tax documentation under German law).

Cookies & Tracking

FabriMatch uses strictly necessary cookies for authentication, session management, and security. We use anonymized analytics to improve platform performance. We do not use third-party advertising cookies or cross-site tracking pixels.

Data Retention

Account data is retained for the duration of your active account plus 30 days after deletion request. Financial and transaction records are retained for 10 years as required by German tax law (AO §147). Technical files are retained for 90 days after order completion unless explicitly extended by the client.

Anonymized analytics data may be retained indefinitely for platform improvement purposes. Audit logs are retained for a minimum of 5 years for regulatory compliance.

International Transfers

All primary data processing occurs within the EU. Where third-party services require data transfer outside the EU (e.g., Stripe for payment processing), we ensure adequate protection through Standard Contractual Clauses (SCCs) or adequacy decisions as recognized by the European Commission.

Security Incidents

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Article 33/34.

Our incident response process includes immediate containment, forensic investigation, root cause analysis, and remediation. All incidents are logged and reviewed quarterly.