Privacy Policy
Effective Date: June 30, 2026
Last Updated: July 15, 2026
This Privacy Policy describes how FahmAI (“we,” “our,” or “us”) collects, uses, stores, and shares information about you when you use our website at https://fahm-ai.com and our AI-powered product delivery platform (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Who We Are
FahmAI is an AI-powered product delivery platform that helps software teams move from feature request to shipped code through a structured, AI-guided workflow covering product requirement documents (PRDs), task generation, code review, human approval, and shipping. Our registered contact for privacy matters is reachable at support@fahm-ai.com.
2. Information We Collect
We collect the following categories of information:
a) Account & Identity Information
Name, email address, and profile picture when you create an account, sign in with Google OAuth, or update your profile. If you sign in via Google, we receive the information that Google shares with us based on your Google account permissions, which may include your name, email address, and profile photo.
b) Organization & Team Data
Organization name, member email addresses, member roles, and invitation records when you create or manage a workspace.
c) Project & Feature Content
Feature titles, descriptions, product requirement documents (PRDs), task lists, AI-generated review outputs, approval decisions, comments, and associated GitHub pull request metadata (PR titles, branch names, author usernames, diff statistics).
d) GitHub Integration Data
When you connect a GitHub repository via our GitHub App, we receive webhook events including pull request metadata, issue comments, branch names, and repository identifiers. We do not store raw source code beyond what is necessary to generate AI code reviews.
e) Third-Party Integration Data
When you connect optional integrations — your GitHub account, Slack, or Linear — to grant the AI chat agent access, the connection is brokered through Composio, our integration infrastructure provider, which securely stores the OAuth credentials needed to keep that integration active on our behalf. We store the specific data synced through each integration (e.g. Linear issue titles, descriptions, and status; Slack channel discussions pulled in as feature requests). This data is only collected for organizations that choose to connect the integration, and only for as long as it stays connected.
f) Usage & Billing Data
Subscription plan and payment transaction identifiers processed via our payment provider. We do not store full card numbers or sensitive payment details on our servers.
g) Technical & Log Data
IP address, browser type, operating system, pages visited, timestamps, error logs, and other diagnostic data automatically generated when you use the Service.
3. How We Use Your Information
We use the information we collect to:
- Create and manage your account and organization workspace.
- Authenticate you via Google OAuth and maintain your session.
- Provide the core Service: generating PRDs, tasks, AI code reviews, and approval workflows.
- Send transactional emails (account verification, password reset, team invitations) via Resend.
- Process payments and manage subscription plans via our payment provider.
- Monitor and enforce plan usage limits (AI usage budgets and feature request limits).
- Improve the reliability, performance, and security of the Service.
- Respond to your support requests and communications.
- Comply with applicable legal obligations.
We do not use your data to serve advertisements. We do not sell your personal data to third parties.
4. Google User Data
If you choose to sign in with Google, we access your Google account data solely to authenticate you and create your FahmAI account. Specifically:
- Data accessed: Your name, email address, and profile picture as provided by Google.
- Purpose: To identify you, create your account, and display your name and avatar within the Service.
- Storage: We store your name and email in our database to maintain your account. Your Google access token is used only during the authentication session and is not stored beyond what is necessary for session management.
- Sharing: We do not share your Google user data with any third party except as required to operate the Service (see Section 5).
- Transfers and sales: We do not transfer or sell Google user data to advertising platforms, data brokers, or any party for advertising purposes.
Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. Third-Party Service Providers
We share data with the following categories of trusted third-party providers strictly to operate and deliver the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| OpenAI | AI chat, PRD and task generation, AI code review | Chat messages, feature descriptions, PR code diffs, task context |
| Dodo Payments | Payment processing and subscription billing | Name, email, billing details, transaction identifiers |
| Google (OAuth) | User authentication | Name, email, profile photo |
| GitHub | Repository integration (GitHub App) and optional account connection for AI chat access | PR metadata, issue comments, branch info; account access only when connected |
| Composio | Brokers and stores OAuth credentials for optional GitHub account, Slack, and Linear connections, used to grant the AI chat agent access | OAuth connection credentials — only for organizations that connect an integration |
| Slack | Pulls ongoing Slack discussions in as feature requests, optional per organization | Channel messages and sender identity — only when connected |
| Linear | Issue tracking sync, optional per organization | Issue titles, descriptions, and status — only when connected |
| Resend | Transactional email delivery | Recipient email address, email content |
| Inngest | Background job orchestration | Job payload (feature IDs, trigger events) |
| Vercel / Render | Cloud hosting and infrastructure | All application data (processed in-region) |
| Neon (PostgreSQL) | Database storage | All persistent user and project data |
We do not permit these providers to use your data for their own marketing or advertising purposes.
6. AI Data Processing
FahmAI uses large language model (LLM) APIs to power its core features. When you trigger an AI-powered action (e.g., generate a PRD, generate tasks, or request a code review), relevant content from your workspace — such as feature descriptions, task context, or pull request diffs — is sent to a third-party AI provider (currently OpenAI) to generate a response.
- OpenAI: Used for AI chat, PRD generation, task planning, and AI code review. Data is processed under OpenAI's Privacy Policy. API data is not used to train OpenAI models by default. If we add or change AI providers, we will update this policy.
- No automated decisions with legal effect: AI outputs are suggestions for human review. No automated decisions with legal or similarly significant effects are made solely by AI.
- Usage logging: We log token usage and cost per AI action to enforce your plan's AI budget and for billing. We do not log the full content of AI prompts or responses in our own database beyond what is displayed in the UI.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account or a workspace, the associated data is removed from our production systems immediately; residual copies in encrypted backups are purged within 30 days, except where we are required to retain records for legal, compliance, or fraud-prevention purposes.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS/HTTPS), hashed passwords, environment-isolated credentials, and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: You can permanently delete your account and personal data (“right to be forgotten”) at any time from your profile page — no request needed. Workspaces you solely own are deleted with all their data; workspaces with other owners simply remove your membership. Workspace owners can also delete an entire workspace from the workspace settings page.
- Portability: Download your data in a structured, machine-readable (JSON) format at any time — no request needed. Your account profile and workspace memberships can be exported from your profile page; workspace owners can export a workspace’s full data (projects, features, PRDs, tasks, pull requests, and more) from that workspace’s settings page.
- Objection: Object to processing of your personal data in certain circumstances.
- Revoke consent: Revoke Google OAuth access at any time via your Google Account Permissions.
To exercise any of these rights, email us at support@fahm-ai.com. We will respond within 30 days.
10. Cookies and Tracking
We use cookies and similar technologies to maintain your authenticated session. We do not use third-party advertising cookies or tracking pixels. You can control cookies through your browser settings; disabling cookies may affect your ability to log in and use the Service.
11. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@fahm-ai.com and we will promptly delete it.
12. International Data Transfers
Our servers and service providers may be located in multiple countries, including the United States and Singapore. By using the Service, you consent to your information being transferred to and processed in these countries, which may have different data protection laws than your country of residence. We take steps to ensure appropriate safeguards are in place.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated “Last Updated” date and, where appropriate, by sending you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: