1. Introduction
This Privacy Policy describes how Farpoint Technologies Inc.(“Farpoint”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information in connection with the Fabricsoftware platform (the “Service”). This Privacy Policy supplements and is consistent with our Terms of Service, Section 13.
Fabric is delivered primarily as a desktop application (Mac, Windows, Linux), and is also available as a mobile appfor iPhone. On desktop, most of your data — your source code, prompts, AI outputs, and conversation history — stays on your local device and is never transmitted to Farpoint when you use a local model or your own API keys. The mobile app works differently in one respect, described in Section 2.1. This Privacy Policy explains the limited circumstances in which Farpoint does receive personal information, and what we do with it.
If you do not agree with this Privacy Policy, please do not use the Service.
2. What we do not collect
Because of how Fabric is architected, there are several categories of data we do not collect by default:
- Customer Code. Your source code stays on your device. Farpoint does not have copies, indexes, or backups of your codebase.
- Inputs. Prompts, instructions, file selections, and other content you submit to the AI inside Fabric stay on your device when you use a local model or your own API keys.
- Outputs. Code suggestions, refactorings, and other AI-generated content stay on your device under the same conditions.
- Chat history.Your conversations with the AI are stored locally in the Fabric app’s local storage. Farpoint does not maintain a server-side record of your chats.
When you choose to use a Farpoint-hosted inference endpoint, your Inputs and Outputs are transmitted to Farpoint’s servers for the sole purpose of generating a response. Those servers do not log the contentof Inputs or Outputs in the normal course of operation. The only exception is the abuse-review procedure described in Section 5.4 of the Terms of Service, which is gated by written authorization from Farpoint’s Chief Security Officer.
2.1 The Fabric mobile app
The Fabric mobile app stores your conversations on your phone; Farpoint does not maintain a server-side record of your chats. However, unlike the desktop application — which can run local models or use your own API keys — the mobile app generates responses exclusively through Farpoint-hosted inference endpoints. This means that when you send a message in the mobile app, its content (and any images you attach) is transmitted to Farpoint’s servers to generate the response, under the same no-logging and no-training commitments described in this Section and Section 8. If you enable web search, your search queries are also sent to Farpoint’s search service to retrieve results. Usage metadata required for billing (token counts, model, timestamps — never message content) is retained as part of your billing records.
You can permanently delete your Fabric account, including all associated server-side data, directly in the mobile app under Settings → Delete account (see Section 9).
3. What we do collect
3.1 Account information
When you create an Account to use Fabric, we collect:
- your name and email address;
- a password (stored as a salted hash);
- billing information (processed by Stripe, Inc., our payment subprocessor — see Section 5);
- subscription tier and entitlements;
- the team or organization you belong to, if any;
- security audit data (login times, IP address at sign-in, multi-factor authentication status).
3.2 Opt-in usage analytics
Fabric can collect redacted, opt-in usage telemetry to help us improve the Service. This collection is:
- off by default;
- controlled by you in Fabric → Settings;
- collected via PostHog, Inc. (PostHog Cloud, hosted in the United States), our analytics subprocessor;
- redacted at the source— we strip Customer Code, Inputs, Outputs, file paths, and any content that could identify a specific user or organization before the data leaves your device.
What we docollect through PostHog (when enabled): anonymized event counts (e.g., “code completion accepted”), feature usage breakdowns, error categories, latency measurements, and operating-system / Fabric-version metadata.
What we do not collect through PostHog: code content, prompt content, response content, file paths, project names, user names, email addresses, or any other personal identifier.
3.3 Support communications
If you contact us at any of our operational mailboxes (support, privacy, security, legal, billing @farpointhq.com), we retain your messages and any information you choose to share for the purpose of responding to your inquiry and improving our support quality.
3.4 Bug reports
If you click the in-app “Bug Report” button, Fabric uploads diagnostic logs and the specific chat that is open at that moment, with your explicit consent, so that we can investigate the issue. Bug reports are reviewed only by Farpoint engineering personnel and are deleted within 90 days of resolution.
4. Google user data (Google Workspace connector)
Fabric offers an optional Google Workspace connector that lets the AI assistant act on your Gmail and Google Calendar when you ask it to. This section describes how we handle Google user data— information received from Google APIs — in accordance with the Google API Services User Data Policy, including its Limited Use requirements.
4.1 What we access
The connector is off by default. No Google user data is accessed at sign-in; signing in to Fabric with Google requests only your basic profile (name, email address, profile picture). Only if you explicitly enable the connector does Fabric request, through a separate incremental consent screen:
- Gmail (
gmail.modify): the ability to read, draft, send, label, and archive email messages in your mailbox. This scope does not permit permanent deletion of messages. - Google Calendar (
calendar.events): the ability to read, create, and update events on your calendars.
4.2 How we use it
Google user data is used onlyto provide the user-facing features you invoke — for example, summarizing or triaging email threads you ask about, drafting or sending a reply you request, labeling or archiving messages at your direction, and reading or scheduling calendar events you ask for. Message and event content is processed on your device and submitted to the AI model you have selected solely to generate the response you requested. We do not use Google user data for advertising, profiling, market research, or any purpose unrelated to the feature you invoked.
4.3 Transfer and sharing
We do not sell Google user data, and we do not transfer it to third parties, except: (a) to the AI model provider you have selected, solely to generate the response you requested, under the no-training prohibition described in Section 8; (b) as necessary to comply with applicable law; or (c) as part of a merger or acquisition, in which case this Privacy Policy will continue to apply. We never transfer Google user data to data brokers, advertisers, or information resellers.
4.4 AI/ML limited use
Fabric’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data — raw, aggregated, or anonymized — to develop, improve, or train generalized artificial intelligence or machine-learning models. We do not transfer Google user data to third-party AI tools that train on it: every model provider available in Fabric is contractually prohibited from training on content submitted through the Service, as described in Section 8.
4.5 Protection, retention, and deletion
OAuth tokens for your Google account are stored encrypted, and all communication with Google APIs uses TLS. Farpoint does not maintain server-side copies of your Gmail messages or Calendar events; content retrieved by the connector is processed ephemerally to fulfill your request and stored, if at all, only in the Fabric app’s local storage on your device. When you disconnect the connector in Fabric, or revoke Fabric’s access from your Google Account security settings, the associated tokens are deleted and access ends immediately. You may also request deletion of any associated data at [email protected].
5. Subprocessors
Farpoint uses the following third-party subprocessors. Each subprocessor is contractually bound to handle personal information consistently with this Privacy Policy and is subject to the same restrictions on training, retention, and disclosure that bind Farpoint.
| Subprocessor | Purpose | Location | Data shared |
|---|---|---|---|
| Stripe, Inc. | Payment processing | United States | Billing information; full card numbers processed directly by Stripe, never stored by Farpoint |
| PostHog, Inc. | Opt-in usage analytics | United States (PostHog Cloud) | Redacted anonymized event data; only when user has opted in via Fabric → Settings |
| Google LLC (Workspace) | Operational email | United States | Inbound and outbound email correspondence with Farpoint |
| Microsoft Corporation (Azure) | Hosted inference infrastructure | Canada and United States | Inputs and Outputs transiting Farpoint-hosted inference endpoints (not logged) |
We will update this list as our subprocessor arrangements change. Material changes will be communicated through the Service or by email at least 30 days before they take effect.
6. Legal basis and applicable law
Farpoint is a Canadian federal corporation headquartered in British Columbia. Our processing of personal information is governed by, and we are committed to compliance with, the following laws:
- the Canadian Personal Information Protection and Electronic Documents Act(“PIPEDA”);
- Quebec’s Act respecting the protection of personal information in the private sector, as amended by Law 25;
- the European Union General Data Protection Regulation (“GDPR”);
- the United Kingdom General Data Protection Regulation (“UK GDPR”);
- applicable United States state privacy laws, including the California Consumer Privacy Act / CPRA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and similar statutes;
- Japan’s Act on the Protection of Personal Information (個人情報の保護に関する法律, “APPI”), including Article 28 (cross-border transfer of personal information).
Where the GDPR or UK GDPR applies, our legal bases for processing are: (a) performance of a contract (operating your Account and providing the Service), (b) legitimate interests (security, fraud prevention, abuse review), (c) consent (opt-in usage analytics, bug reports), and (d) legal obligation (responding to lawful government requests).
7. Data residency and international transfers
Account data and operational logs are stored on infrastructure located in Canada and the United States. Farpoint-hosted inference endpoints, when used, may process Inputs and Outputs at facilities in Canada and the United States.
For users subject to APPI (Japan), GDPR (EU), or UK GDPR, this represents a cross-border transfer of personal information. Farpoint relies on the following safeguards for such transfers:
- Adequacy decisions where applicable (Canada has been recognized as having adequate protection by the European Commission and by the Personal Information Protection Commission of Japan);
- Standard Contractual Clauses for transfers to or from the United States;
- Customer-specific commitments under signed Side Letters or Enterprise Agreements (e.g., commitments to make a Japan-resident deployment available on request).
Enterprise customers who require strict in-country data residency can contract for the Customer-Controlled Cloud Tier or the On-Premises Tier under a separate Order Form, as described in Section 9 of the Terms of Service.
8. How we use personal information
Farpoint uses personal information only for the following purposes:
- to operate, maintain, and improve the Service;
- to authenticate you and protect your Account;
- to provide customer support;
- to process payments and send billing communications;
- to investigate suspected violations of the Terms of Service or applicable law;
- to comply with legal obligations and respond to lawful government requests;
- to communicate with you about Service updates, security advisories, and important changes;
- (with your consent) to send product announcements and marketing communications, which you may unsubscribe from at any time.
We do not use Customer Code, Inputs, or Outputs to train, fine-tune, develop, improve, or evaluate any machine-learning model. This is a contractual prohibition, not a privacy preference, and applies to all deployment tiers by default. It is also flowed down to every model provider and subprocessor we use.
We do not sell personal information. We have not sold personal information in the preceding twelve (12) months and we have no plans to do so.
9. Data retention
We retain personal information only as long as we need it for the purposes set out in Section 8, or as required by law. Specifically:
- Account data:retained for the lifetime of your Account. When you request deletion through support, a 90-day grace period applies to allow recovery of accidental deletions. When you delete your account yourself in the Fabric mobile app (Settings → Delete account), your account record, API access, and associated personal information are deleted immediately and irreversibly, except for billing records retained under the bullet below.
- Billing records: retained for the period required by Canadian tax law (currently six (6) years).
- Bug reports: retained for a maximum of 90 days after the issue is resolved.
- Security and audit logs: retained for twelve (12) months; abuse-review logs (where any review under Section 5.4 of the Terms of Service occurred) retained for the same period.
- Inputs and Outputs transiting hosted inference: not retained as content — only ephemeral processing during the request lifecycle.
- Marketing communications: retained until you unsubscribe or request deletion, whichever is sooner.
10. Your rights
Subject to applicable law, you have the following rights with respect to your personal information:
- Access: to obtain a copy of the personal information we hold about you.
- Correction: to correct inaccuracies in your personal information.
- Deletion: to request that we delete your personal information, subject to our legal retention obligations. You can also delete your account yourself, at any time, in the Fabric mobile app under Settings → Delete account.
- Portability: to receive a machine-readable copy of personal information you have provided to us.
- Objection: to object to certain processing activities, including direct marketing.
- Withdrawal of consent: to withdraw any consent you have given (e.g., for opt-in usage analytics or marketing communications).
- Restriction: to request that we limit the processing of your personal information.
- Complaint:to lodge a complaint with the Office of the Privacy Commissioner of Canada, the Information Commissioner’s Office (UK), the data protection authority in your EU member state, the Personal Information Protection Commission of Japan, or any other supervisory authority with jurisdiction.
To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days, or sooner if required by applicable law. We may need to verify your identity before fulfilling certain requests.
11. Security
Farpoint maintains administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These include:
- encryption of data in transit (TLS 1.3) and at rest (AES-256);
- multi-factor authentication for Farpoint personnel accessing production systems;
- role-based access control with the principle of least privilege;
- regular security training for personnel;
- incident response procedures;
- third-party security assessments.
No security program is perfect. If you believe your Account has been compromised, contact us immediately at [email protected].
12. Children’s privacy
Fabric is not directed to children under the age of majority in their jurisdiction (which is 19 years in British Columbia). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact [email protected] and we will delete it promptly.
13. Cookies and similar technologies
The Fabric desktop application does not use cookies. The Fabric website at codewithfabric.com uses essential cookies for authentication and session management, and (with your consent) analytics cookies. You can manage cookie preferences through your browser settings.
14. Changes to this Privacy Policy
Farpoint may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email at least thirty (30) days before they take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.
15. Contact
For any questions or requests regarding this Privacy Policy, contact:
Privacy Officer
Farpoint Technologies Inc.
2015 Main Street #2, Vancouver, BC V5T 3C2, Canada
Email: [email protected]
For data protection inquiries from EU residents, you may also contact our EU Representative (when designated) — contact details available on request from the address above.
This Privacy Policy is published under the Farpoint Terms of Service v1.0, effective 14 April 2026.