Last updated: April 14, 2026
Privacy Policy
This is the plain-language version of what we collect, why, and what we do and don't do with it. Skip to the parts that matter to you. Every section is its own thing.
- We collect only what's needed to run Fondly: your account, your business profile, your reviews, and your drafted replies.
- We never sell your data.
- We don't use your data to train third-party AI models.
- Google Business Profile data stays in your control. You can disconnect anytime.
- Questions or requests: tony@getfondly.co.
1. Who we are
Fondly, Inc. is a Delaware corporation based in San Jose, California. For the purposes of GDPR and similar laws, we are the data controller for your account information and the data processor for the Google Business Profile data we process on your behalf.
2. What we collect
Data you give us directly
- Account: name, email, password (hashed by Clerk), company name, role.
- Billing: Stripe handles all payment details. We store only a customer ID and subscription metadata, never card numbers.
- Voice profile inputs: writing samples or preferences you provide during onboarding.
Data we collect through integrations you authorize
- Google Business Profile: your business locations, reviews (reviewer name as displayed by Google, rating, comment, timestamp), and your existing replies. We request the minimum scope required (
business.manage). We do not access your Gmail, Drive, Calendar, Photos, or any other Google service.
Data we collect automatically
- Product usage: which pages you visit in the app, which drafts you approve, error logs (via Sentry), request timing. Used to improve the product and fix bugs.
- Device and log data: IP address, browser type, referring URL, timestamps.
3. Why we use it
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide the service you signed up for: ingesting reviews, drafting replies, publishing approved replies | Contract |
| Bill you and manage your subscription | Contract |
| Keep the service secure, prevent abuse, meet legal obligations | Legitimate interest / legal obligation |
| Send operational emails (receipts, escalation notices, security alerts) | Contract |
| Improve the product through aggregated usage analytics | Legitimate interest |
| Send you marketing emails about Fondly | Consent (you can unsubscribe anytime) |
4. Google User Data: our specific commitments
Fondly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- We use Google Business Profile data only to provide user-facing Fondly features: ingesting reviews, drafting replies, and publishing approved replies back to your profile.
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features (for example, sending review text to Anthropic's Claude API to draft a reply, covered by Anthropic's commercial terms), and only in aggregate, anonymized form if needed for debugging.
- We do not use Google user data for serving advertisements.
- We do not allow humans to read Google user data except (a) with your explicit consent to help you with a support issue, (b) for security purposes, (c) to comply with applicable law, or (d) in de-identified or aggregated form for internal operations.
5. Who we share with
We share data only with vendors that help us run Fondly, under contracts that require them to protect it:
| Vendor | Purpose | Region |
|---|---|---|
| Vercel | Application hosting | USA |
| Supabase | Database, file storage | USA |
| Clerk | Authentication | USA |
| Stripe | Payment processing | USA |
| Anthropic | AI reply drafting (Claude) | USA |
| Resend | Transactional email delivery | USA |
| Sentry | Error monitoring | USA |
| Google (Business Profile API) | Review ingestion, reply publishing | USA |
We'll also disclose data if required by law, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets (with notice to you).
6. How long we keep it
- Account and business profile data: as long as your account is active.
- Reviews and replies: as long as your account is active, so the dashboard and voice profile keep working. You can request deletion earlier.
- Billing records: seven years, for tax and legal reasons.
- Error logs: 90 days.
- After account closure: 30 days to allow you to export, then deleted or anonymized.
7. Your rights
Depending on where you live, you have some or all of these rights under GDPR, CCPA, and similar laws:
- Access a copy of your data
- Correct inaccurate data
- Delete your data ("right to erasure")
- Export your data in a portable format
- Object to or restrict certain processing
- Withdraw consent at any time, where consent is the basis
- Lodge a complaint with your local data protection authority
To exercise any of these, email tony@getfondly.co. We respond within 30 days.
8. California residents (CCPA)
We do not sell personal information. In the past 12 months, we have collected the categories of information described in Section 2 and disclosed them to the vendors listed in Section 5 for the purposes described above. You have the right to know, delete, and be free from discrimination for exercising these rights.
9. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access to production is limited to authorized personnel and uses multi-factor authentication. We run automated monitoring through Sentry and log security events. If we learn of a breach affecting your data, we'll notify you and the relevant authorities within the timeframes required by law.
10. International transfers
Our vendors are primarily in the United States. If you access Fondly from the EU, UK, or another region with data-transfer restrictions, your data is transferred to the U.S. under Standard Contractual Clauses or equivalent safeguards.
11. Children
Fondly is a B2B tool for business owners. We don't knowingly collect data from anyone under 18. If you believe we have, email us and we'll delete it.
12. Cookies and tracking
We use a small number of strictly necessary cookies to keep you signed in and to remember your preferences. The marketing site (getfondly.co) uses privacy-respecting analytics (no cross-site tracking, no third-party cookies, no ads).
13. Changes
We'll update this page when things change and post the new effective date at the top. Material changes will be emailed to you.
14. Contact
Fondly, Inc.
San Jose, California, USA
tony@getfondly.co