Legal

Privacy policy

Last updated: 2026-05-12

The short version

Fathom is a small, intentionally minimal SaaS. Your reading progress, reflections, and voice notes stay on your device. The only data we hold on a server is what we need to give you a real account, accept payment, and send a sign-in link: your email, your subscription record, and a short security audit trail. We do not run advertising, retargeting, or behavioral tracking. The one analytics tool we use (Plausible) does not set cookies and cannot identify you.

What we store server-side, and why

Account: your email, a creation timestamp, and (after first sign-in) a Stripe Customer ID. This is required to give you a persistent account across devices.

Magic-link tokens: a hashed, single-use, 15-minute token whenever you request a sign-in link, along with the requesting IP and user-agent for abuse prevention. Tokens are deleted after use or expiry.

Subscription: when you pay, we store the Stripe subscription ID, the price you bought, the current period end, and whether you have asked to cancel at period end. We do not store card numbers; those live with Stripe.

Security audit log: sign-ins, subscription events, and admin actions are logged with timestamp, IP, user-agent, and action type. This exists to detect abuse and meet our security obligations.

What stays on your device only

localStorage holds your active session token, your reading progress, your reflections, your subscription preferences, and any coupons you have created or redeemed.

IndexedDB holds voice notes (audio blobs encoded as base64) and any files you have explicitly saved through the app.

Service-worker cache holds the static assets needed for offline use. No personal content is cached server-side.

If you uninstall the app or clear browser storage, your device data is gone. Your account record on the server is unaffected - sign in from any device to recover access.

Analytics: Plausible

We use Plausible Analytics, a privacy-first analytics service. Plausible counts page views and outbound clicks using a daily-rotating hash that cannot identify you. It does not set cookies, does not store persistent identifiers in your browser, and does not share data with any other service. We see country, referrer, browser type, and which pages are popular - nothing more.

We do not use Google Analytics, Meta Pixel, Mixpanel, Segment, or any equivalent. We do not embed advertising or retargeting pixels.

If you submit your email to the newsletter form, the email is sent to Resend (our transactional email provider) and added to a single broadcast audience. We send approximately one essay every fortnight. Every email contains a one-click unsubscribe link that takes effect immediately. We will never sell, rent, or share email addresses with third parties.

Payment data

Card payments are processed by Stripe or, if you prefer, PayPal. We never see your card number. The payment processor returns a customer ID and subscription state, which we store as described above. UTM parameters from your landing page (if any) are passed to Stripe as metadata so we can attribute revenue to marketing channels.

Children

Fathom's content is for adults. We do not knowingly process information from anyone under 16. The course material assumes adult capacity to consent to reading about adult relational topics including breakups, infidelity, widowhood, and family-of-origin difficulty.

Your rights (GDPR / CCPA)

You have the right to access, port, correct, or delete the data we hold about you. Two endpoints in the app let you exercise these rights yourself, immediately:

Export (Me → Your data → Export): downloads a single JSON file containing your local data and everything on the server (account, subscription, audit trail).
Delete everything (Me → Your data → Delete everything): anonymizes your audit log, deletes your magic-link tokens, subscriptions, and account row on the server, then wipes local storage on the device. This is the "right to erasure" under GDPR Article 17.

You can also unsubscribe from the newsletter at any time via the link in any newsletter email, and cancel a subscription from your account page.

Data retention

Account, subscription, and audit-log rows are retained while your account is active and for 30 days after deletion (to allow accidental-deletion recovery), after which they are permanently purged. Magic-link tokens expire after 15 minutes. Stripe holds payment records under its own retention policy (typically 7 years for tax/regulatory reasons).

Contact

Privacy questions can be sent to privacy@fathom.courses. Security disclosures: security@fathom.courses (see security.txt). For data-subject requests, email privacy@fathom.courses from the address associated with your account.