Privacy Policy

Fidant.AI ("we," "us," or "the Service") is an AI assistant with persistent memory for executives. This Privacy Policy explains what data we collect, why we collect it, how we use and store it, and the choices you have. By using Fidant.AI, you agree to the practices described here.

01Information We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile picture as provided by Google. We do not collect or store your Google password.

Google Drive Data

Fidant.AI creates a dedicated folder on your personal Google Drive to store your context files (structured memory). We access Google Drive solely to read and write files within this folder. We do not access, read, or modify any other files on your Google Drive. The specific scope we request is limited to files created by the application (drive.file).

Conversation Data

Your conversations with the AI are stored as JSON files within your Google Drive folder. Structured memory (facts, preferences, decisions) is extracted from conversations and stored as markdown files in the same folder. This data resides on your Google Drive, not on our servers.

Voice Input

If you use voice input, audio recordings are sent to OpenAI's Whisper API for transcription. The audio is processed in real time and is not stored by us. Transcribed text is treated the same as typed messages. OpenAI's API terms govern the processing of audio data.

Wearable Device Data

You may optionally connect wearable devices such as Whoop or Oura Ring. When you connect a device, we store an OAuth access token and refresh token on our servers to maintain the connection. We retrieve health metrics (recovery scores, sleep data, heart rate, HRV, SpO2, workout data, and body measurements) from these services on your behalf. This data is used to generate AI responses and may be stored in your context files on Google Drive. You can disconnect a device at any time from your profile settings.

Server-Side Data

We store the following on our servers: your email address, name, and profile picture (for authentication); a reference to your Google Drive folder ID (so we can locate your files); usage event logs (message counts, model selection, feature interactions) with associated metadata; billing information (managed by Stripe); and encryption keys if you enable the encryption feature. We do not store the content of your conversations or memory files on our servers, except when you explicitly create a shared conversation link (see Section 05).

Usage & Device Data

We automatically collect standard telemetry: IP address, browser type, device information, and interaction patterns. This helps us maintain service quality and diagnose issues.

02How We Use Your Data

We use the information we collect to:

• Provide, maintain, and improve the Fidant.AI service, including building and updating your persistent memory layer
• Send your messages to AI model providers (Anthropic, OpenAI, Google) along with your context files to generate personalized responses
• Generate vector embeddings of your context data via OpenAI to enable semantic search and deduplication within your memory — this occurs regardless of which chat model you select
• Transcribe voice input via OpenAI's Whisper API when you use voice messaging
• Retrieve health and biometric data from connected wearable devices (Whoop, Oura) to include in your AI context
• Authenticate your identity and manage your account
• Process payments through Stripe
• Communicate with you about your account and service updates
• Ensure security, prevent fraud, and enforce our Terms of Service

03Google API Services User Data Policy

Fidant.AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only access Google Drive data to create, read, and update files within the Fidant.AI folder that the application itself created
• We do not use Google user data for advertising or to serve ads
• We do not transfer Google user data to third parties except as necessary to provide the Service (sending context to AI model providers for response generation) or as required by law
• We do not use Google user data to train AI models — your data is used only to generate responses in your conversations
• Humans do not read your Google user data unless you give us explicit permission for support purposes, or we are required to do so for security or legal compliance

04Data Sharing with AI Providers

To generate AI responses, we send your messages and relevant context files to the AI model provider you select:

• Anthropic (Claude models) — subject to Anthropic's usage policy
• OpenAI (GPT models) — subject to OpenAI's usage policy
• Google (Gemini models) — subject to Google's API terms

We send only the data necessary to generate a response: your current message, recent conversation history, and your context files. We use API access (not consumer products), which means these providers do not use your data to train their models under their standard API terms.

Additionally, certain features send data to OpenAI regardless of your selected chat model: voice transcription (audio sent to the Whisper API) and semantic memory operations (text sent to the Embeddings API for vector search and deduplication). Only the minimum data required for each operation is transmitted.

05Shared Conversations

You may optionally share a conversation by generating a unique link. When you create a shared link, a snapshot of the conversation is stored on our servers and is accessible to anyone who has the link. Shared conversations display your name and the conversation content. You can revoke a shared link at any time, which immediately removes public access to that conversation.

06Encryption

Fidant.AI offers an optional encryption feature that encrypts your context files before they are written to Google Drive using AES-256-GCM. When enabled, your encryption key is generated server-side and stored on our servers; encryption and decryption are performed server-side. This protects your data at rest on Google Drive but does not constitute end-to-end encryption — our servers have access to the key and plaintext during processing. All data in transit between your browser and our servers is protected by TLS 1.2+.

07Data Storage & Security

Your memory files and conversations are stored on your personal Google Drive, protected by Google's security infrastructure. Server-side data (account records, usage event logs, wearable device tokens, encryption keys) is stored in a PostgreSQL database hosted on Railway, encrypted in transit (TLS 1.2+). Access to production systems is restricted to authorized personnel.

While no system is impervious, we implement industry-standard safeguards and continuously review our security posture.

08Data Retention

Your memory files and conversations live on your Google Drive — you control their retention directly. You can view, edit, or delete any file at any time through the Fidant.AI interface or directly via Google Drive.

Server-side account data is retained for as long as your account is active. Upon account deletion, we purge your server-side records (including wearable device tokens, encryption keys, and shared conversation snapshots) within 30 days. Your Google Drive files remain under your control and are not affected by account deletion.

09Your Rights & Choices

Depending on your jurisdiction, you may have rights including:

• Access — request a copy of the personal data we hold about you
• Correction — update or correct inaccurate data
• Deletion — request that we delete your data
• Portability — your memory files are already on your Google Drive in standard formats (Markdown, JSON)
• Withdrawal of consent — revoke Google Drive access at any time through your Google Account settings

To exercise any of these rights, contact us at privacy@fidant.ai. We will respond within 30 days.

10Revoking Access

You can revoke Fidant.AI's access to your Google Account at any time by visiting myaccount.google.com/permissions and removing Fidant.AI. This immediately stops our access to your Google Drive. Your files remain on your Drive. You can disconnect Whoop or Oura from your profile settings at any time, which deletes the stored tokens from our servers.

11Cookies & Tracking

We use essential cookies to maintain your authentication session. We do not use advertising trackers, and we do not participate in cross-site tracking networks. We may add privacy-respecting analytics (such as Plausible) in the future — this policy will be updated before that happens.

12Children's Privacy

Fidant.AI is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly.

13International Data Transfers

Fidant.AI operates globally. Your data may be processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place to protect your data regardless of where it is processed.

14Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. Your continued use of the Service after such notice constitutes acceptance of the updated policy.

15Contact

If you have questions, concerns, or requests related to this Privacy Policy, reach us at privacy@fidant.ai.

© 2026 Fidant.AI. All rights reserved.