Privacy Policy

Last updated: 11 May 2026

1. Introduction

Fendri ("we", "our", "us") provides an AI-powered customs declaration and trade compliance platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of data:

  • Account information: Name, email address, phone number, and organization details you provide during registration.
  • Business identifiers: EORI numbers, IEC codes, VAT numbers, GSTIN, and other regulatory identifiers you enter for customs filing.
  • Customs declaration data: Shipment details, HS codes, item descriptions, values, and related trade documentation you submit through our platform.
  • Authentication tokens: OAuth tokens obtained when you authorize Fendri to interact with customs systems (e.g., HMRC CDS) on your behalf. We store these securely and never store your Government Gateway credentials.
  • Usage data: Log data, feature usage patterns, and technical information for service improvement.

3. How We Use Your Data

  • To submit and manage customs declarations on your behalf via connected government systems.
  • To provide AI-powered HS code classification and trade compliance analysis.
  • To authenticate you and maintain your account security.
  • To send notifications about your shipments, declarations, and account activity.
  • To improve our service and develop new features.

4. Legal Basis for Processing

We process your data under the following legal bases: (a) performance of a contract — to provide our services to you; (b) legitimate interests — to improve and secure our platform; (c) consent — where you explicitly authorize connections to third-party systems like HMRC.

5. Data Storage and Security

Your data is stored on secure cloud infrastructure hosted on Microsoft Azure (Central India region) and Supabase (Singapore region). All OAuth tokens and personally identifiable information are encrypted at rest and in transit using industry-standard TLS 1.2+ encryption. We implement role-based access controls (RBAC) to ensure only authorized personnel can access your data, limited to what is necessary for their role.

We do not store HMRC Government Gateway sign-in credentials. All interactions with HMRC systems use OAuth 2.0 tokens, which are encrypted at rest and automatically refreshed. We conduct regular security reviews and penetration testing of our systems.

6. Data Sharing

We do not sell your data. We share data only with: (a) government customs systems (e.g., HMRC CDS) when you authorize us to submit declarations; (b) infrastructure providers who process data on our behalf under strict data processing agreements.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Export your data in a portable format.
  • Withdraw consent for third-party system connections at any time via Settings.
  • Object to processing based on legitimate interests.

8. Data Retention

We retain your account data for as long as your account is active. Customs declaration data is retained for 7 years to comply with regulatory requirements. You may request deletion of your account and associated data at any time by contacting us.

9. Security Breach Notification

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with UK GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay. Any security breaches involving HMRC systems or data will be reported to HMRC within 72 hours via their support channels.

10. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking or advertising cookies.

11. Contact

For privacy-related inquiries or to exercise your rights, contact us at: kadempallyruthvikgoud@gmail.com