FABRIC

Privacy Policy

Last updated · May 27, 2026

Fabric is built around private notes about other founders, so we take the “what” and “why” of data collection seriously. This policy explains what we collect, what we don’t, and what you can do about it.

What we collect

Concretely, here is every kind of data Fabric stores about you, in plain English, mapped to the tables in our database:

WhatWhy
Account. Email address, the time it was verified, your role (member or admin).To sign you in and identify you across sessions.
Profile. Name, stage, focus area, LinkedIn URL, optional Twitter, optional company URL, what you need from the room, what you offer, availability.To pair you with relevant founders during sessions and let other members understand who they’re about to meet.
Invitations. Codes you issued and codes you claimed; the email address each code is reserved for.To run the invite system and ensure each code is single-use.
Meetings. One row per 7-minute breakout you attended, with the partner ID and the timestamps.To populate your roster and the per-founder timeline at /c/conversations.
Ratings. The 1–5 stars and tags you submit after each conversation.To show you your own rating history. Other members never see ratings you write about them.
Notes. The free-text note you write about a founder you’ve met.Private to you. Encrypted at rest by our database provider. Never shared with the founder it’s about or any third party.
Event RSVPs + attendance. Which sessions you signed up for, which ones you actually attended.To pair attendees correctly and avoid inflating no-show founders’ rosters.
Waitlist (if you applied). Email, name, stage, focus, LinkedIn, the one-line answer to why you want in.To review applications. If we admit you, the row is deleted and replaced with your profile.
Technical metadata. IP address (for rate limiting only), browser type, timestamps of significant actions.To prevent abuse and debug issues. IPs are not stored long-term.

What we don’t collect

  • No passwords. Sign-in is via magic links sent to your email. We never store a password hash.
  • No analytics fingerprinting. If we use analytics, it’s privacy-friendly (Plausible-style) and never collects cross-site identifiers.
  • No video, audio, or transcripts. Sessions happen over your video provider (Zoom, Meet, etc.). We never record.
  • No selling of your data. We don’t sell, rent, or barter your personal data, ever.
  • No AI training on your data. Your notes, ratings, and profile are never used to train AI models.

Who we share with

  • Database provider: Neon (managed Postgres). Stores all the data above, encrypted at rest.
  • Email provider: Resend. Receives your email address whenever we send you a magic link or transactional email.
  • Hosting provider: Vercel or equivalent. Sees request metadata (IP, user agent) for serving pages.
  • No one else. We don’t use third-party ad networks, marketing pixels, or data brokers.

How long we keep it

  • Active accounts: until you close the account.
  • Closed accounts: profile, private notes, and unclaimed invitation codes are deleted within 30 days. Meeting and rating history that involves other members may be retained in anonymized form so those members’ rosters remain intact.
  • Backups: our database provider keeps point-in-time backups for up to 30 days. Closed-account data may persist in backups for that window before rolling out.
  • IP addresses: retained only as long as needed for rate-limit windows (≤ 1 hour).

Your rights

You can:

  • Access your data — most of it is already visible to you in the app (your profile, roster, conversations, notes, ratings). Email hello@fabrictest.us for a structured export.
  • Correct your data via the Settings pane (profile edits) or by emailing us.
  • Delete your account by emailing us — see “How long we keep it” above for what happens.
  • Object to any specific processing — email us and we’ll address it.

If you’re in the EU, UK, or California, you have additional rights under GDPR / UK GDPR / CCPA — including the right to data portability and the right to lodge a complaint with your local data protection authority. We treat these as the floor everywhere.

Security

We use TLS for all data in transit, encryption at rest via our database provider, environment-scoped secrets, and strict Content-Security-Policy headers on every page. Sign-in tokens are single-use and expire within 24 hours. We do not store payment information (Fabric is currently free).

Cookies

We use one essential cookie: the session token that keeps you signed in. We don’t use tracking cookies. No consent banner is required for essential cookies in most jurisdictions; we’ll add one if regulations change.

Changes to this policy

Material changes will be announced by email to active members. The “Last updated” date above always reflects the current version.

Contact

Privacy questions, data requests, or concerns? Email hello@fabrictest.us. We aim to respond within five business days.