Privacy Policy

1) Scope

This Privacy Policy applies when you:

• Visit fml.inc or any page linking to this Privacy Policy
• Use the FML product (including web app, integrations, and related features)
• Connect third-party accounts (like GitHub)
• Communicate with us (support, sales, marketing, events)

If you use FML on behalf of a company or other organization, your organization may be able to control and administer your account (for example, managing access and settings). In those cases, an organization's policies may also apply.

2) Information We Collect

We collect information in three ways: (A) information you provide, (B) information we collect automatically, and (C) information from third parties you connect.

A) Information you provide

Depending on how you use the Services, you may provide:

• Account information: name, email, username, password (if applicable), authentication factors, organization/team details
• Billing information: billing contact details and transaction metadata (payments are generally processed by our providers; we typically do not store full card numbers)
• Support and communications: messages you send, requests, and attachments
• Customer Content: content you submit to the Services or authorize us to access via integrations, which may include code, repository files, configuration, documentation, issues/PRs, and related materials

B) Information collected automatically

When you use the Services, we may collect:

• Log and usage data: IP address, timestamps, pages/features used, clicks/actions, referrer URLs, and error/crash logs
• Device and browser data: device type, OS, browser type, app version, language and settings
• Approximate location: inferred from IP address (e.g., city/region level)
• Cookies and similar technologies: identifiers used for login/session, preferences, analytics, and advertising (see "Cookies & tracking")

C) Information from third parties (GitHub and future integrations)

If you connect a third-party service, we may receive information from that service depending on the permissions you grant.

GitHub (OAuth/GitHub App) data may include:

• Account profile information (e.g., username, avatar, email if available)
• Organization and repository metadata
• Repository content you authorize us to access
• Commit and activity metadata (which can include author names/emails where present in commit history)
• Issues, pull requests, comments, and related artifacts
• Access tokens/installation tokens used to access GitHub on your behalf (stored securely)

Mirroring/hosting copies of repositories

Today, we primarily access repositories through GitHub connections you authorize. In the future, we may offer features that involve mirroring or storing copies of some repository content in FML-controlled infrastructure (including potentially a private code hosting instance) to provide the Services. If we do so, we will use reasonable safeguards and this Privacy Policy will apply to that content.

3) How We Use Information

We process information for the following purposes:

Provide, operate, and maintain the Services

• Create and manage accounts, authenticate users, and administer subscriptions
• Connect integrations you enable (e.g., GitHub) and perform actions you request
• Process Customer Content to provide features (e.g., code analysis, suggestions, summaries, workflow automation, or other development assistance)

Improve and develop the Services

• Debug, troubleshoot, and improve performance and reliability
• Understand usage and feature adoption
• Build and improve product functionality (see also "AI features")

Security and fraud prevention

• Protect the Services, users, and our business
• Detect, prevent, investigate, and respond to abuse, fraud, or security incidents

Communications

• Send service-related messages (account, security, billing, and product updates)
• Respond to support requests
• Send marketing messages where permitted (you can opt out; see "Your choices" below)

Legal and business operations

• Comply with legal obligations and lawful requests
• Enforce our terms, resolve disputes, and maintain records
• Evaluate or complete business transactions (e.g., financing, acquisition)

4) AI Features and Model Providers

FML may offer features powered by artificial intelligence or machine learning ("AI Features"). When you use AI Features, we may process certain inputs (which may include Customer Content or excerpts of it) to generate outputs such as suggestions, summaries, or automated steps.

Third-party AI providers

Some AI Features may be provided using third-party AI services, including Anthropic's Claude (including "Claude Code") and potentially other model providers. When you use AI Features, we may send the necessary information (which can include code or code snippets, repository context, prompts, and related content you provide or authorize) to those providers to generate outputs and return them to you.

Training and improvement (plan-based)

Training and improvement practices can vary by subscription tier and settings:

• Pro and Enterprise plans can opt out of having their Customer Content and related usage data used to train or fine-tune FML models. If you opt out, we will not use that data for training or model improvement. We may still process it to provide, maintain, secure, and support the Services (for example, to deliver features you request, prevent fraud/abuse, and comply with law).
• For other tiers, we may use limited data from use of the Services to improve FML (for example, evaluating outputs, debugging, safety testing, or improving feature quality). Where we do so, we aim to minimize the amount of Customer Content used and may use de-identified or aggregated data where feasible.
• When we send data to third-party AI providers, their handling of that data is governed by our agreements and the feature configuration. Depending on your tier and provider controls, data may be restricted from being used to train provider models, but this can vary.

You should avoid submitting secrets (e.g., passwords, API keys) via prompts or Customer Content unless necessary. If your repositories contain secrets, you should rotate them and use secret-scanning tools.

5) Cookies & Tracking (Analytics and Ads)

We use cookies and similar technologies (e.g., pixels, SDKs) for:

• Essential purposes: authentication, session management, security
• Preferences: remembering settings
• Analytics: understanding usage and improving the Services (e.g., PostHog)
• Advertising: measuring and delivering ads (e.g., Meta/Facebook and Google)

You can control cookies through browser settings. Some cookie controls may also be available through in-product mechanisms where required.

Do Not Track (DNT)

Browsers may offer a "Do Not Track" signal. There is no universal standard for DNT, so we do not respond to DNT signals at this time.

6) How We Share Information

We share information in the following situations:

Service providers ("processors")

We share information with vendors that help us run the Services, such as:

• Cloud infrastructure and hosting
• Analytics providers (e.g., PostHog)
• Customer support tools
• Security and fraud prevention services
• Payment and billing providers (e.g., Stripe and Orb)
• Advertising partners (e.g., Meta and Google) for measurement and ad delivery
• AI service providers (e.g., Anthropic and others) when you use AI Features

These providers are authorized to access information only as needed to provide services to us and are required to protect it.

With your organization (if applicable)

If your account is managed by an organization, administrators may be able to access and manage account information and certain usage data, subject to the organization's settings and policies.

Legal and safety

We may disclose information if we believe in good faith it is necessary to:

• Comply with law or legal process
• Protect rights, safety, and security of FML, our users, or others
• Prevent fraud, abuse, or security issues

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

7) Data Retention

We retain information as long as reasonably necessary to provide the Services and for legitimate business purposes, including security, compliance, and dispute resolution.

• We retain account and billing records as required for legal/accounting purposes.
• We may retain logs and analytics data for security and product improvement.
• Customer Content retention depends on how the Services function and your settings/integration state. For example, we may keep cached data needed to operate features, and backups may persist for limited periods.

If you request deletion, we will take reasonable steps to delete your information consistent with applicable law and our operational requirements (for example, backups and legal retention).

8) Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9) Your Choices and Rights

You may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing, depending on where you live.

To exercise your rights, contact us at support@fml.inc. We may need to verify your identity.

Marketing opt-out

You can opt out of marketing emails by using the unsubscribe link in the emails we send. You may still receive service-related communications (billing, security, account messages).

Opt-out of targeted advertising

Depending on your location and applicable law, you may have the right to opt out of targeted advertising/sharing. You can request this by contacting support@fml.inc and indicating "Opt out of targeted advertising."

10) U.S. State Privacy Disclosures (Including California)

If you are a resident of certain U.S. states (including California), you may have additional rights regarding personal information, such as the right to know, delete, correct, and opt out of certain processing.

Categories of personal information we may collect

Depending on your use, we may collect:

• Identifiers (name, email, IP address, account IDs)
• Commercial information (subscription/billing metadata)
• Internet/network activity (usage logs, interactions with the Services)
• Approximate geolocation (from IP)
• Professional information (organization, role/title)
• Customer Content you provide or authorize via integrations (which may include personal data contained within repositories)

Sale / sharing

We do not sell personal information for money. We may use advertising and analytics tools that could be considered "sharing" under some state laws when used for targeted advertising. You can opt out by contacting support@fml.inc.

11) International Users

If you access the Services from outside the United States, your information may be processed and stored in the United States or other countries where we or our service providers operate. We take steps designed to provide appropriate safeguards for cross-border transfers where required.

12) Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 where applicable). If you believe a child has provided personal information, contact us at support@fml.inc.

13) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date indicates when this Privacy Policy was last revised. If changes are material, we may provide additional notice (for example, via the Services or email).

14) Contact Us