Your Data Is Yours. Full Stop.
Fullcast does not sell, share, or disclose customer data beyond what is necessary for service delivery. Our privacy practices are built around minimization, transparency, and your control.
Privacy by Default, Not by Request
Fullcast is built around data minimization, transparent retention policies, and strict contractual protections. Privacy controls are embedded into how we handle your data from day one through contract termination and beyond.
Data Protection Agreement
Fullcast maintains a standard Data Protection Agreement (DPA) required for all third-party engagements. The DPA is available on request as part of our contract process and ensures compliance with GDPR and applicable data protection regulations.
Data Retention & Deletion
Fullcast processes your data for as long as your account remains active and up to 35 days after termination of the commercial relationship. You may request access to, correction of, or deletion of your data at any time by contacting our privacy team. Appropriate physical, technical, and administrative safeguards are maintained throughout the retention period.
No Selling or Sharing of Data
Fullcast does not sell or disclose customer data beyond what is described in our Privacy Policy. Where data is shared, including with subprocessors and in limited circumstances outlined in our Privacy Policy. It is done under strict contractual agreements and solely for disclosed purposes. A full list of subprocessors is available in our Trust Center.
Data Residency Requirements (for non-U.S.)
For customers outside the United States, cross-border data transfers are handled in compliance with applicable regulations, including through Standard Contractual Clauses as recommended under GDPR.
Read More About Our Privacy Policies
Compliancy at Fullcast
Fullcast maintains current SOC 2 Type II compliance through annual independent audits, with GDPR and CPRA compliance across the platform. Our trust portal at trust.fullcast.com gives prospects and customers on-demand access to audit reports and our published subprocessor list, with disaster recovery targets of a 4-hour RTO and 24-hour RPO.
Learn More
Governance at Fullcast
Fullcast provides granular role-based access controls, approval workflows, and comprehensive audit trails so your team stays in control of every change to your revenue operations. Audit logs capture configuration updates, employee data access, failed logins, and AI agent invocations, retained for up to 30 days with backups purged within 35 days.
Learn More
Security at Fullcast
Fullcast's infrastructure is primarily cloud-hosted and architected for high availability across multiple availability zones, with annual third-party penetration testing and SAML 2.0 SSO via Okta. Our documented incident response plan ensures affected companies are notified promptly in the event of a security incident, with ICO notification within 72 hours where GDPR applies.
Learn MoreFrequently Asked Questions
Does Fullcast have a standard DPA?
Yes. Fullcast maintains a standard Data Protection Agreement (DPA) available to customers on request as part of the contract process. The DPA ensures compliance with GDPR and applicable data protection regulations and addresses international data transfer requirements, including EU and UK Standard Contractual Clauses.
Is Fullcast CCPA compliant?
Yes. Fullcast supports compliance with the California Privacy Rights Act (CPRA) and provides the technical mechanisms needed to honor consumer privacy requests. Fullcast does not sell customer personal data.
What happens to my data after contract termination?
Fullcast processes your data for as long as your account remains active and up to 35 days after termination of the commercial relationship. You may request access to, correction of, or deletion of your data at any time by reaching out to our privacy team.
Has Fullcast appointed a Data Protection Officer?
Data privacy compliance is overseen by our Chief Technology Officer, Bala Balabaskaran.
Does Fullcast sell or share customer data?
No. Fullcast does not sell, share, or disclose customer data to any third party beyond what is strictly necessary for service delivery under contractual agreements.
Where is my data stored?
Customer data is stored and processed within the United States. For non-U.S. customers, cross-border data transfers are governed by Standard Contractual Clauses included in our Data Protection Agreement.
