Functor Privacy Policy
Last Updated: November 6, 2025
Sunhill LLC (referred to as "we," "us," or "our") operates a Software as a Service (SaaS) product called Functor, hosted in the United States and serving global clients. This Privacy Policy describes how we collect, use, and share your personal information.
We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy applies to all users of our SaaS product and related services (collectively, the "Services").
1. Information We Collect
We collect information to provide and improve our Services, and to communicate with you. The types of information we collect include:
A. Information You Provide Directly
- Account and Contact Information: When you create an account, we collect personal details such as your name, email address, company name, phone number, and account password.
- Payment Information: If you subscribe to paid Services, our third-party payment processors may collect payment card details or other billing information. We do not store full payment card numbers on our servers.
- Customer Content: Information and data, including personal data, that you upload, submit, post, or otherwise transmit to the Services (e.g., project data, user profiles within your organization).
- Communications: Information you provide when you communicate with us, such as support requests, feedback, or inquiries sent to Person.
B. Information We Collect Automatically
- Usage Data: Details about how you use the Services, including access times, pages viewed, and the features you use.
- Device and Technical Data: Information about the device you use to access the Services, such as IP address, browser type, operating system, and device identifiers.
- Cookies and Tracking Technologies: We and our service providers use cookies and similar technologies to track activity on our Services and hold certain information.
2. How We Use Your Information
We use the collected information for the following purposes:
| Purpose | Description | Legal Basis (for EU/EEA Users) |
|---|---|---|
| To Provide and Maintain Services | To operate, maintain, and provide all features of the Services, including processing transactions and managing user accounts. | Contractual Necessity |
| To Improve Services | To understand and analyze how you use the Services and to develop new products, services, and features. | Legitimate Interest |
| To Communicate with You | To respond to your comments and questions, provide customer support, and send technical notices, updates, security alerts, and administrative messages. | Contractual Necessity and Legitimate Interest |
| Marketing and Promotion | To send promotional communications, if you have opted in, about new products, services, or events. | Consent (where required) or Legitimate Interest |
| Security and Fraud Prevention | To detect, prevent, and respond to actual or potential fraud, illegal activities, or security breaches. | Legitimate Interest and Legal Obligation |
3. Sharing Your Information
We do not sell your personal information. We may share your information in the following circumstances:
- With Service Providers: We may share information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as payment processing, data hosting, and analytics. These providers are bound by contract to protect your data.
- Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
- For Legal Reasons: To comply with law enforcement, government agencies, or courts, as required by law (e.g., in response to a subpoena or court order).
- With Your Consent: We may share your information for any other purpose disclosed to you with your consent.
4. International Data Transfers
Functor is hosted in the United States. If you are accessing our Services from outside the United States, be aware that your information may be transferred to, stored, and processed in the U.S. where our servers are located.
We take appropriate measures to ensure that your personal information receives an adequate level of protection when transferred, including:
For users in the European Economic Area (EEA), the UK, and Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or other relevant data protection authorities.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Services. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
6. Your Data Protection Rights
Depending on your location, particularly if you are in the EEA or California, you may have the following rights regarding your personal information:
- Right to Access: The right to request copies of your personal data.
- Right to Rectification: The right to request that we correct any information you believe is inaccurate or incomplete.
- Right to Erasure (Right to be Forgotten): The right to request that we erase your personal data, under certain conditions.
- Right to Restrict Processing: The right to request that we restrict the processing of your personal data, under certain conditions.
- Right to Object to Processing: The right to object to our processing of your personal data, under certain conditions.
- Right to Data Portability: The right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
To exercise any of these rights, please contact us at the address below. We may need to verify your identity before responding to your request.
7. Data Breach Notification
In accordance with GDPR Article 33 and applicable data protection laws, we have established the following data breach notification process:
Notification to Supervisory Authority
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals' rights and freedoms.
Notification to Affected Individuals
If a data breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay. The notification will include:
- The nature of the personal data breach
- The likely consequences of the breach
- The measures taken or proposed to address the breach
- Contact information for our Data Protection Officer
Our Response Process
Upon discovering a potential data breach, we will immediately initiate our incident response protocol, which includes containment, investigation, notification to relevant parties, and implementation of measures to prevent future occurrences.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page or by sending a notification via email to File. You are advised to review this Privacy Policy periodically for any changes.
9. Contact Us
If you have any questions or concerns about this Privacy Policy, our data practices, or if you would like to exercise your rights, please contact us: