Privacy Policy

Fomel is a private decision instrument for chief executives. It reads the material your company already produces and returns plain, specific judgement. This policy explains what data Fomel collects, how it is processed, how long it is kept, and the rights you hold over it.

Account information. When you create an account we collect your email address, your name, your role, and your company name. We store a hashed form of your password, never the password itself.

Connected Google data, read-only. If you connect a Google account through OAuth, Fomel reads metadata and content from Gmail, Google Calendar, and Google Drive on a strictly read-only basis. Fomel never sends mail, never edits or deletes your messages, never modifies calendar events, and never writes to or alters your Drive files. You choose what to connect, and you can disconnect or exclude senders, labels, folders, and date ranges at any time.

Material you upload. Documents you add to the Context Library (board decks, strategy memos, and the like) are stored so Fomel can reason over them.

Decisions and outcomes. The decisions you run through Decisions, the questions you ask the Assistant, and the outcomes you record are stored as part of your organization's history.

We use your data to operate the three Fomel surfaces: Reports, the Assistant, and Decisions. That means indexing your connected and uploaded material so it can be retrieved, generating analysis, and delivering it to you in the app and by email. We use account information to authenticate you and to administer your subscription. We do not sell your data, and we do not use it to train third-party foundation models.

Fomel relies on a small set of trusted processors to deliver the service. Each receives only the data needed for its function.

• Anthropic (Claude)

  Generates the analysis, drafts, and judgement that Fomel returns. Receives the relevant excerpts of your material at the moment of a request.

• Voyage AI

  Produces the vector embeddings used to retrieve relevant material. Receives text from your connected and uploaded content.

• Resend

  Delivers transactional and Report emails. Receives your email address and the message content.

• Supabase (Postgres)

  Hosts the primary database, including embeddings, where your organization's data is stored.

• Google

  Source of the read-only Gmail, Calendar, and Drive data you choose to connect, via OAuth.

Fomel sets exactly one cookie: a first-party, httpOnly session cookie named helm_session. It keeps you signed in and is readable only by the server, never by client-side scripts. Fomel uses no third-party analytics, advertising, or cross-site tracking cookies. Because the only cookie we set is strictly necessary to log you in, we show a brief footer notice rather than a consent gate.

We keep your organization's data for as long as your account is active. When you delete your account, we soft-delete your user record and, if you are the last owner, your organization, and we purge the ingested data tied to your organization: messages, calendar events, Drive documents, the people graph, and the embedding chunks derived from them. Limited audit records may be retained where required to meet legal, security, or accounting obligations.

Depending on where you live, you may hold rights of access, portability, correction, and erasure over your personal data. Fomel supports these directly:

• Access and export. Download a structured JSON export of your organization's data from your account settings or via the export endpoint.
• Deletion. Erase your account and purge your organization's ingested data from your account settings or via the delete endpoint.
• Correction. Update your name, role, and other profile details in settings, or contact us for corrections we cannot make in-app.

To exercise any right, or if a request cannot be completed in-app, write to hello@fomel.local.

Connected-account tokens are encrypted at rest. Access to your data is scoped to your organization at every layer of the application. We log administrative and data actions to an audit trail. No system is perfectly secure, but we hold ourselves to a standard fit for the only seat that matters.

We may update this policy as Fomel evolves. Material changes will be reflected in the date above and, where appropriate, communicated to you directly.

Questions about this policy or your data can be sent to hello@fomel.local.