Privacy Policy

Fidant.AI ("we," "us," or "the Service") is an AI assistant with persistent memory for executives. This Privacy Policy explains what data we collect, why we collect it, how we use and store it, and the choices you have. By using Fidant.AI, you agree to the practices described here.

00Trust Architecture

Before the legal detail below, a plain summary of how we think about your data:

• User-controlled memory — your context files live on your Google Drive, not our servers. You can view, edit, export, or delete them at any time.
• Source transparency — every fact Fidant remembers is linked to the message, note, document, or sync that produced it. Inside the product, you can open the source, mark the fact wrong, hide it from active focus, or forget it entirely.
• Scoped Google access — we request the minimum Google scopes necessary to operate the product: drive.file (which limits us to files the application itself creates on your Drive) and calendar.events.readonly (read-only access to events on your calendars, used only to generate briefings and meeting preparation in your active session). We do not list, read, or modify any other files on your Drive, and we do not modify your calendar in any way.
• Sovereign Trust Gate (roadmap) — a stricter storage mode for cases where even our servers should not hold encryption keys. Not available today; we will publish details before any user-visible change.

We do not describe Fidant as "zero-knowledge" or promise that we can "never see anything". As detailed in Section 06, our current optional encryption protects data at rest on Google Drive but our servers do transiently process plaintext to generate responses. The roadmap above is how we expect to tighten that over time.

01Information We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile picture as provided by Google. We do not collect or store your Google password.

Google Drive Data

Fidant.AI creates a dedicated folder on your personal Google Drive to store your context files (structured memory). We access Google Drive solely to read and write files within this folder. We do not access, read, or modify any other files on your Google Drive. The specific scope we request is limited to files created by the application (drive.file).

Google Calendar Data

If you grant Calendar access, Fidant.AI uses the calendar.events.readonly scope to read events from your calendars. We read event fields including event title, start and end time, location, description, attendees, and your response status. We use this data exclusively to:

• Generate context-aware morning briefings that show your meetings alongside your tasks and priorities.
• Prepare pre-meeting context by cross-referencing attendees and topics against information you have previously shared with Fidant (for example, prior decisions, relationships, and open questions involving the same people or companies).
• Surface follow-up prompts after meetings have ended.

Calendar event data is fetched on demand and processed within your active session. We do not store raw calendar event data on our servers. We never write to, modify, create, or delete events on your calendar. If, as part of a normal product interaction, you choose to save a fact derived from a calendar event into your memory (for example, "follow up with Anna on Q3 budget"), that derived fact is written to your memory files on your own Google Drive, not to our servers. You can review and remove any such fact at any time.

We do not use Google Calendar data to train AI models. We do not share Google Calendar data with any third party other than the AI model provider you select to generate the response in front of you, and only the minimum data required for that response.

Conversation Data

Your conversations with the AI are stored as JSON files within your Google Drive folder. Structured memory (facts, preferences, decisions) is extracted from conversations and stored as markdown files in the same folder. This data resides on your Google Drive, not on our servers.

Voice Input

If you use voice input, audio recordings are sent to OpenAI's Whisper API for transcription. The audio is processed in real time and is not stored by us. Transcribed text is treated the same as typed messages. OpenAI's API terms govern the processing of audio data.

Wearable Device Data

You may optionally connect wearable devices such as Whoop or Oura Ring. When you connect a device, we store an OAuth access token and refresh token on our servers to maintain the connection. We retrieve health metrics (recovery scores, sleep data, heart rate, HRV, SpO2, workout data, and body measurements) from these services on your behalf. This data is used to generate AI responses and may be stored in your context files on Google Drive. You can disconnect a device at any time from your profile settings.

Server-Side Data

We store the following on our servers: your email address, name, and profile picture (for authentication); a reference to your Google Drive folder ID (so we can locate your files); usage event logs (message counts, model selection, feature interactions) with associated metadata; billing information (managed by Stripe); and encryption keys if you enable the encryption feature. We do not store the content of your conversations, your memory files, or your Google Calendar event data on our servers, except when you explicitly create a shared conversation link (see Section 05).

Usage & Device Data

We automatically collect standard telemetry: IP address, browser type, device information, and interaction patterns. This helps us maintain service quality and diagnose issues.

02How We Use Your Data

We use the information we collect to:

• Provide, maintain, and improve the Fidant.AI service, including building and updating your persistent memory layer.
• Send your messages to AI model providers (Anthropic, OpenAI, Google) along with your context files to generate personalized responses.
• Generate vector embeddings of your context data via OpenAI to enable semantic search and deduplication within your memory — this occurs regardless of which chat model you select.
• Transcribe voice input via OpenAI's Whisper API when you use voice messaging.
• Retrieve health and biometric data from connected wearable devices (Whoop, Oura) to include in your AI context.
• Read events from your Google Calendar (with your authorization) to generate morning briefings, prepare context for upcoming meetings, and prompt follow-ups after meetings.
• Authenticate your identity and manage your account.
• Process payments through Stripe.
• Communicate with you about your account and service updates.
• Ensure security, prevent fraud, and enforce our Terms of Service.

03Google API Services User Data Policy

Fidant.AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

This applies to all Google user data we access, including Google Drive data (via the drive.file scope) and Google Calendar event data (via the calendar.events.readonly scope).

Specifically:

• We only access Google Drive data to create, read, and update files within the Fidant.AI folder that the application itself created. We do not access any other files on your Drive.
• We only access Google Calendar data to read events on your calendars in order to provide the briefing, meeting preparation, and follow-up features described in Section 01. We never write to, modify, create, or delete calendar events.
• We do not use Google user data — including Drive files and Calendar events — for advertising or to serve ads.
• We do not transfer Google user data to third parties except as necessary to provide the Service (sending context to the AI model provider you select for response generation, and to OpenAI for embeddings and voice transcription where you use those features) or as required by law.
• We do not use Google user data — including Drive files and Calendar events — to train AI models. Your data is used only to generate responses in your active sessions.
• Humans do not read your Google user data unless you give us explicit permission for support purposes, or we are required to do so for security or legal compliance.

04Data Sharing with AI Providers

To generate AI responses, we send your messages and relevant context (which may include your messages, recent conversation history, your context files on Drive, and — where relevant to the response — Google Calendar events you have authorized us to read) to the AI model provider you select:

• Anthropic (Claude models) — subject to Anthropic's usage policy.
• OpenAI (GPT models) — subject to OpenAI's usage policy.
• Google (Gemini models) — subject to Google's API terms.

We send only the data necessary to generate a response. We use API access (not consumer products), which means these providers do not use your data to train their models under their standard API terms.

Additionally, certain features send data to OpenAI regardless of your selected chat model: voice transcription (audio sent to the Whisper API) and semantic memory operations (text sent to the Embeddings API for vector search and deduplication). Only the minimum data required for each operation is transmitted.

05Shared Conversations

You may optionally share a conversation by generating a unique link. When you create a shared link, a snapshot of the conversation is stored on our servers and is accessible to anyone who has the link. Shared conversations display your name and the conversation content. You can revoke a shared link at any time, which immediately removes public access to that conversation.

06Encryption

Fidant.AI offers an optional encryption feature that encrypts your context files before they are written to Google Drive using AES-256-GCM. When enabled, your encryption key is generated server-side and stored on our servers; encryption and decryption are performed server-side. This protects your data at rest on Google Drive but does not constitute end-to-end encryption — our servers have access to the key and plaintext during processing. All data in transit between your browser and our servers is protected by TLS 1.2+.

07Data Storage & Security

Your memory files and conversations are stored on your personal Google Drive, protected by Google's security infrastructure. Server-side data (account records, usage event logs, wearable device tokens, encryption keys) is stored in a PostgreSQL database hosted on Railway, encrypted in transit (TLS 1.2+). Access to production systems is restricted to authorized personnel. Calendar event data is fetched on demand from Google and is not persisted on our servers.

While no system is impervious, we implement industry-standard safeguards and continuously review our security posture.

08Data Retention

Your memory files and conversations live on your Google Drive — you control their retention directly. You can view, edit, or delete any file at any time through the Fidant.AI interface or directly via Google Drive.

Google Calendar event data is not retained on our servers — it is fetched on demand and discarded after the response is generated. Any insight derived from calendar data and saved to your memory at your initiative lives on your Drive and is under your control.

Server-side account data is retained for as long as your account is active. Upon account deletion, we purge your server-side records (including wearable device tokens, encryption keys, and shared conversation snapshots) within 30 days. Your Google Drive files remain under your control and are not affected by account deletion.

09Your Rights & Choices

Depending on your jurisdiction, you may have rights including:

• Access — request a copy of the personal data we hold about you.
• Correction — update or correct inaccurate data.
• Deletion — request that we delete your data.
• Portability — your memory files are already on your Google Drive in standard formats (Markdown, JSON).
• Withdrawal of consent — revoke Google Drive or Google Calendar access at any time through your Google Account settings.

To exercise any of these rights, contact us at hello@fidant.ai. We will respond within 30 days.

10Revoking Access

You can revoke Fidant.AI's access to your Google Account at any time by visiting myaccount.google.com/permissions and removing Fidant.AI. This immediately stops our access to your Google Drive and your Google Calendar. Your files remain on your Drive and your calendar events remain untouched. You can disconnect Whoop or Oura from your profile settings at any time, which deletes the stored tokens from our servers.

11Cookies & Tracking

We use essential cookies to maintain your authentication session. We do not use advertising trackers, and we do not participate in cross-site tracking networks. We may add privacy-respecting analytics (such as Plausible) in the future — this policy will be updated before that happens.

12Children's Privacy

Fidant.AI is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly.

13International Data Transfers

Fidant.AI operates globally. Your data may be processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place to protect your data regardless of where it is processed.

14Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect. Your continued use of the Service after such notice constitutes acceptance of the updated policy.

The most recent material change was on May 14, 2026, adding Google Calendar coverage following the introduction of the Calendar briefing and meeting preparation features.

15Contact

If you have questions, concerns, or requests related to this Privacy Policy, reach us at hello@fidant.ai.

© 2026 Fidant.AI. All rights reserved.