Privacy policy

The short version

Fathom is a small, intentionally minimal SaaS. Your reflections and voice notes are synced to your Fathom account and stored encrypted (AES-256-GCM) on our servers, so they survive device loss and appear on every device you sign in to; a copy is also cached on your device for offline use. Your reading progress and preferences stay on your device. The other data we hold on a server is what we need to give you a real account, accept payment, and send a sign-in link: your email, your subscription record, and a short security audit trail. We do not run advertising, retargeting, or cross-site tracking. By default our only analytics is Plausible, which sets no cookies and cannot identify you; with your explicit consent we also enable Google Analytics 4 and Google Tag Manager to measure traffic.

What we store server-side, and why

Account: your email, a creation timestamp, and (after first sign-in) a Stripe Customer ID. This is required to give you a persistent account across devices.

Magic-link tokens: a hashed, single-use, 15-minute token whenever you request a sign-in link, along with the requesting IP and user-agent for abuse prevention. Tokens are deleted after use or expiry.

Subscription: when you pay, we store the Stripe subscription ID, the price you bought, the current period end, and whether you have asked to cancel at period end. We do not store card numbers; those live with Stripe.

Security audit log: sign-ins, subscription events, and admin actions are logged with timestamp, IP, user-agent, and action type. This exists to detect abuse and meet our security obligations.

Where your data lives

Synced to your account (encrypted on our servers): your reflections and voice notes. We encrypt them at rest with AES-256-GCM so they survive device loss and sync across your devices; only you can read them while signed in.

localStorage (on your device) holds your active session token, your reading progress, your subscription preferences, a local cache of your reflections, and any coupons you have created or redeemed.

IndexedDB (on your device) caches your voice notes (audio) for offline playback.

Service-worker cache holds the static assets needed for offline use.

If you uninstall the app or clear browser storage, your on-device cache is cleared - but your reflections, voice notes, account, and subscription remain safe on the server; sign in from any device to restore them.

Analytics

By default we use Plausible Analytics, a privacy-first service. Plausible counts page views and outbound clicks using a daily-rotating hash that cannot identify you. It does not set cookies, does not store persistent identifiers in your browser, and does not share data with any other service. We see country, referrer, browser type, and which pages are popular - nothing more.

With your explicit consent (via the cookie banner) we additionally load Google Analytics 4 and Google Tag Manager, provided by Google LLC. These set first-party cookies and help us measure traffic and conversions; the data is processed by Google under its own terms. They load only after you click "Accept analytics" and never if you decline. We do not use a Meta Pixel, Mixpanel, or Segment, and we do not embed advertising or retargeting pixels.

Newsletter

If you submit your email to the newsletter form, the email is sent to Resend (our transactional email provider) and added to a single broadcast audience. We send approximately one essay every fortnight. Every email contains a one-click unsubscribe link that takes effect immediately. We will never sell, rent, or share email addresses with third parties.

Payment data

Card payments are processed by Stripe or, if you prefer, PayPal. We never see your card number. The payment processor returns a customer ID and subscription state, which we store as described above. UTM parameters from your landing page (if any) are passed to Stripe as metadata so we can attribute revenue to marketing channels.

Children

Fathom's content is for adults. We do not knowingly process information from anyone under 16. The course material assumes adult capacity to consent to reading about adult relational topics including breakups, infidelity, widowhood, and family-of-origin difficulty.

Your rights (GDPR / CCPA)

You have the right to access, port, correct, or delete the data we hold about you. Two endpoints in the app let you exercise these rights yourself, immediately:

• Export (Me → Your data → Export): downloads a single JSON file containing your local data and everything on the server (account, subscription, audit trail).
• Delete everything (Me → Your data → Delete everything): anonymizes your audit log, deletes your magic-link tokens, subscriptions, and account row on the server, then wipes local storage on the device. This is the "right to erasure" under GDPR Article 17.

You can also unsubscribe from the newsletter at any time via the link in any newsletter email, and cancel a subscription from your account page.

Data retention

Account, subscription, and audit-log rows are retained while your account is active and for 30 days after deletion (to allow accidental-deletion recovery), after which they are permanently purged. Magic-link tokens expire after 15 minutes. Stripe holds payment records under its own retention policy (typically 7 years for tax/regulatory reasons).

Contact

Privacy questions can be sent to privacy@fathom.courses. Security disclosures: security@fathom.courses (see security.txt). For data-subject requests, email privacy@fathom.courses from the address associated with your account.