Privacy Policy

Last Updated: January 23, 2026

This Privacy Policy describes how Fracton ("we", "us", or "our") handles your information. Our fundamental principle is privacy by design. We have architected our services to ensure that we cannot see your data, and your privacy is always in your control.

1. Data Storage: Your Choice, Your Privacy

Fracton provides two ways to store your data map, both designed for maximum security.

• Local Vault (Default): When you first use Fracton, your data is stored exclusively in your browser's local storage on your device. It is never transmitted to us or any third party. This is a 100% offline-first approach.
• Cloud Vault (Optional): For backup and multi-device access, you can opt-in to our Cloud Vault. This feature is built on a zero-knowledge architecture. Your data is encrypted on your device using your private encryption key *before* it is sent to our servers. We only store the encrypted, unreadable data blob. We do not have your key and cannot decrypt your data under any circumstances.

2. Email Scan Feature (Google API Services)

To help you build your data map, Fracton offers an optional Email Scan feature that uses the Google Gmail API. Our use of this service and any data from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

What We Access and Why

• We request temporary, read-only access to your Gmail messages' metadata.
• The specific information we access is the sender, subject line, and date of your emails.
• The sole purpose of this access is to programmatically scan the sender information (the 'From' address) of your emails. This allows us to identify the unique domains of companies and services that have contacted you, creating a comprehensive list of potential services for your data map without reading the email content.

What We Do Not Access

• We never read the body content of your emails.
• We never store your emails or any of the accessed metadata on our servers.
• The entire scanning process happens locally in your browser. The results of the scan (a list of suggested services) are shown only to you.

The information obtained via the Gmail API is used solely to provide this service discovery feature and will not be transferred to any other app or third party.

3. Third-Party API Usage

To provide our services, we interact with the following APIs:

• HaveIBeenPwned: To check for data breaches, we send only the domain name of a service (e.g., "company.com") to the public HaveIBeenPwned API. We never send your personal information.

4. Data We Do Not Collect

Beyond the encrypted data blob you choose to store in the Cloud Vault, Fracton does not collect personal information. We do not use tracking cookies, advertising cookies, or third-party analytics services (like Google Analytics) within the application workspace.

5. Data Security & Retention

We take reasonable measures to protect the information we store. For the optional Cloud Vault, we retain your encrypted data as long as your account is active. You can delete your data at any time by clearing your data within the application. For the Local Vault, your data remains on your device until you clear your browser's storage.

6. Children's Privacy

Fracton is not intended for use by children under the age of 13, and we do not knowingly collect any personal information from children under 13.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions about this Privacy Policy, please don't hesitate to reach out.