Trust Center

Trust Center access is available for authorized clients.

If you’re evaluating a pilot and need materials for internal review, contact us and we’ll provide access. The sections and question checklist below show what’s covered.

Contact

1. Service Overview

What does Fridge Channel deliver, in one sentence?
What is hosted by FC vs. what remains on the customer’s systems?
What happens after a tap (end-to-end flow)?
What is the “tap-to-play” experience (preview/listen/landing/CTA routing)?
Is “one primary CTA” a hard rule? When can it vary by cohort?
What is explicitly out of scope (ads, acquisition, payment processing, retargeting, person-level tracking, etc.)?
What are the standard pilot deliverables (mock, configuration, reporting sample)?
Can the destination be 100% customer-owned pages (giving portal / campaign page / storefront)?
What does the customer need to provide (minimum inputs)?

2. Privacy & Data Boundaries

What data does FC not collect (explicit “No PII” list)?
What data does FC collect/process to operate the service (high-level categories)?
Does FC require any donor/member/subscriber lists?
Does FC process IP address and device/browser information? For what purposes?
Does FC create or maintain end-user profiles?
Does FC perform identity resolution or cross-device matching?
Does FC sell data or use data for advertising?
Is any data used for model training or secondary purposes (beyond service delivery/security/support)?
Does the service target or profile minors?
Where is data stored (regions), and how are cross-border transfers handled (if applicable)?
Is a DPA available? What is FC’s role (processor/controller) (as applicable)?

3. Measurement Methodology & Attribution Limits

What events are recorded (event taxonomy)?
What fields are included in event data (high-level)?
How is “conversion/completion” defined for each plan type?
What can be measured reliably, and what cannot?
What are the attribution limits (what FC will not claim)?
How does measurement work if the customer cannot provide a completion signal?
Are test/control or A/B methods supported? Who sets them up and how?
What does the pilot report look like (sample metrics/fields)?
What is the reporting cadence and export format?
What is the difference between validation-stage signals vs. pilot-stage outcomes?

4. Cookies, Analytics & Tracking

Are cookies or similar technologies used? For what purposes?
Which cookies are strictly necessary vs. optional (if applicable)?
Are third-party analytics tools used? Which ones?
Are any third-party ad pixels used?
Is cross-site tracking or retargeting performed?
Are consent notices/banners provided where required? Who controls configuration?
Is there an opt-out mechanism (where applicable)?

5. Security Overview

What encryption is used (in transit / at rest), at a high level?
How is access controlled (roles, least privilege, admin restrictions)?
What logging and monitoring exists for security and reliability?
What vulnerability management and patching processes are in place?
How is tenant/customer data isolated (high-level)?
Are backups and recovery processes in place (high-level)?
Are security questionnaires (SIG/CAIQ) supported?
Are any security attestations/certifications available (if applicable)?

6. Subprocessors & Third-Party Providers

What categories of subprocessors are used (cloud, CDN, monitoring, support, etc.)?
Is a subprocessor list available? Is it public or provided upon request?
How are subprocessors contractually bound (confidentiality/security obligations)?
How are subprocessor changes communicated?
Can customers object to specific subprocessors (if applicable)?
Do subprocessors access any end-user event data or logs?

7. Data Retention & Deletion

What is the default retention period by data type (logs/events/config/content)?
How does deletion work upon termination?
Can customers request early deletion? What is the process and SLA?
How are backups handled in relation to deletion (delayed purge timelines)?
What data must be retained for legal or operational reasons (if any)?

8. Incident Management & Notification

What is the incident response process (detect → contain → remediate → review)?
What qualifies as a notifiable incident?
What notification timelines and channels apply?
Is there an escalation path for urgent issues?
Is there a public status page or customer notification mechanism (if applicable)?

9. Brand Safety & Approvals

Who controls the destination URL and CTA?
Who approves creative/content before it goes live?
Can the experience be university-branded / white-labeled?
How are incorrect, outdated, or non-compliant links/content handled (pause/takedown)?
What safeguards exist to reduce perceived intrusion (opt-in/user-initiated behavior)?
Are category exclusions or brand adjacency controls supported (if applicable)?

10. Logistics & Timelines

Where does FC ship (to the organization vs. directly to end users)?
What is the standard pilot timeline (sample → approval → production → shipment)?
Who is responsible for distribution to end users?
How are international shipping and customs handled (responsibility boundaries)?
How are delays, lost shipments, and exceptions handled?
What operational inputs are required from the customer?

11. QC & Replacement Policy

What quality checks are performed (high-level)?
How is a defective item defined?
What is the replacement process, timeline, and window?
What replacement rates/allowances apply (if any)?
Who covers shipping costs for replacements (if applicable)?
How are batch-level issues handled (pause, rework, replacement)?

12. Pilot Terms & Exit Criteria

What is the standard pilot scope (duration, scale, single-CTA rule)?
What are success criteria vs. failure criteria in the pilot?
What happens if outcomes are below expectations?
What is the exit/termination process and what happens to remaining inventory?
What happens to data after a pilot ends?
What are the rules for expanding after the pilot (next cohort / next plan)?

13. Conversion & Payment Responsibilities

Is FC a payment processor?
Does FC store payment card information or payment credentials?
Where does conversion occur (customer/third-party platforms)?
Does FC receive any transaction details by default?
How is “completion” measured when conversion happens off FC?

14. Pricing & Commercial Terms

What is the pricing basis (per plan / per pilot / per unit / per active touchpoint)?
What is included vs. excluded in pilot pricing (production, shipping, replacement, creative)?
What are the payment terms (deposit, milestones, invoicing/PO)?
Are nonprofit/public-institution terms available (if applicable)?
How does pricing change for scale (tiering, volume, multi-plan bundles)?
What are cancellation, rescheduling, and change-order terms?
Are any discounts offered (annual prepay, multi-year, multi-campus) (if applicable)?

15. Procurement Resources & Contact

What documents are available upon request (DPA, MSA/SOW templates, security overview, subprocessor list, cookie details)?
What is the expected turnaround time for procurement/security questionnaires?
What are the primary contact points for privacy, security, and support?
What is the escalation contact for urgent issues?

16. FAQ

Do you track household members or individuals?
Do you need our donor/alumni/member lists?
What does alumni see after scanning—can it be fully university-controlled?
How do you prove impact, and what can’t you claim?
What happens if results are weak—what’s the exit path?
Is this intrusive—do you send emails/push notifications?
Can NFC/QR be copied or abused—what safeguards exist?
How long is data retained—can we request deletion?
What does legal/procurement typically ask for?
How does pricing work—what’s included and excluded?
Who handles distribution—do you ship directly to end users?
What happens if items fail—how does replacement work?