Privacy Policy

Last updated: May 12, 2026

This Privacy Policy explains how FML Labs Inc. ("FML," "we," "us," or "our") collects, uses, discloses, and otherwise processes information when you use our websites, apps, command-line tools, plugins, integrations, and related services (collectively, the "Services"), including via https://app.fml.inc.

If you do not agree with this Privacy Policy, please do not use the Services.

Contact us

Email: support@fml.inc

FML Labs Inc.
2261 Market St STE 78415
San Francisco, CA 94114

1) Scope

This Privacy Policy applies when you:

  • Visit fml.inc or any page linking to this Privacy Policy
  • Use the FML product, including the web app, FML plugin, CLI, Panopticon sync, automations, development environments, integrations, and related features
  • Connect third-party accounts or services, such as GitHub or Slack
  • Communicate with us (support, sales, marketing, events)

If you use FML on behalf of a company or other organization, your organization may be able to control and administer your account, manage access and settings, connect integrations, view usage and billing information, and access agent activity or telemetry associated with that organization. In those cases, an organization's policies may also apply.

2) Information We Collect

We collect information in four primary ways: (A) information you provide, (B) information we collect automatically, (C) information collected through the FML plugin, Panopticon, and related local software, and (D) information from third parties you connect.

A) Information you provide

Depending on how you use the Services, you may provide:

  • Account information: name, email, username, password (if applicable), authentication factors, organization/team details
  • Billing information: billing contact details, subscription metadata, invoices, organization member seat counts, promo or trial metadata, and transaction metadata (payments are generally processed by our providers; we typically do not store full card numbers)
  • Support and communications: messages you send, requests, and attachments
  • Customer Content: content you submit to the Services or authorize us to access via integrations, which may include code, repository files, prompts, instructions, automations, memory content, configuration, documentation, issues/PRs, and related materials

B) Information collected automatically

When you use the Services, we may collect:

  • Log and usage data: IP address, timestamps, pages/features used, clicks/actions, referrer URLs, and error/crash logs
  • Device and browser data: device type, OS, browser type, app version, language and settings
  • Approximate location: inferred from IP address (e.g., city/region level)
  • Cookies and similar technologies: identifiers used for login/session, preferences, analytics, and advertising (see "Cookies & tracking")

C) FML plugin, Panopticon, and local software data

If you install or use the FML plugin, CLI, local hooks, sync daemons, Panopticon components, or FML-managed development environments, we may collect and sync agent observability data such as:

  • Session start/end times, summaries, prompts, messages, and conversation events
  • Tool calls, tool inputs and outputs, shell command events, and file edit events
  • Repository names, branch names, working directories, file paths, and code provenance
  • Git user names and emails where present in local Git or repository metadata
  • Model names, token counts, cost data, CLI/plugin versions, errors, and diagnostics
  • Local and repository configuration snapshots, such as enabled plugins, hooks, commands, rules, skills, permissions, approvals, and memory file metadata
  • OpenTelemetry-style logs, metrics, and spans associated with agent activity

Local software may also store local state on your device and use access or refresh tokens to authenticate with FML. Removing local software may not delete information already synced to the Services.

D) Information from third parties and connected services

If you connect a third-party service, we may receive information from that service depending on the permissions you grant and the actions you request or automate.

GitHub (OAuth/GitHub App) data may include:

  • Account profile information (e.g., username, avatar, email if available)
  • Organization and member metadata
  • Repository and contributor metadata from connected services
  • Repository content you authorize us to access
  • Commit and activity metadata (which can include author names/emails where present in commit history)
  • Issues, pull requests, comments, checks, deployments, and related artifacts
  • Access tokens/installation tokens used to access GitHub on your behalf or in authorized development environments (stored securely)

Other connected service data may include:

  • Slack channels, users, messages, and message metadata
  • Linear, GitLab, Notion, support, and ticketing records you authorize
  • Sentry errors, exceptions, releases, and project metadata
  • Product analytics, advertising, feature flag, and experimentation data
  • Stripe or other billing-provider customer, subscription, invoice, and revenue data

Repository copies and development environments

Some features may clone, mirror, cache, or temporarily host repository content in FML-controlled infrastructure or customer-authorized development environments so we can analyze code, run agents, execute commands, run checks, or create pull requests. This Privacy Policy applies to that content.

3) How We Use Information

We process information for the following purposes:

Provide, operate, and maintain the Services

  • Create and manage accounts, authenticate users, and administer subscriptions
  • Administer organization access, member seat rosters, trials, invoices, and billing
  • Connect integrations you enable and perform actions you request or automate
  • Process Customer Content to provide features (e.g., agent observability, code analysis, suggestions, summaries, workflow automation, or other development assistance)
  • Measure agent activity, cost, provenance, reliability, and outcomes across repositories, agents, models, and teams
  • Provision and operate development environments, service tokens, plugin sync, and connected-service workflows

Improve and develop the Services

  • Debug, troubleshoot, and improve performance and reliability
  • Understand usage and feature adoption
  • Build and improve product functionality, dashboards, automations, search, provenance, cost attribution, and reporting (see also "AI features")

Security and fraud prevention

  • Protect the Services, users, and our business
  • Detect, prevent, investigate, and respond to abuse, fraud, or security incidents

Communications

  • Send service-related messages (account, security, billing, and product updates)
  • Respond to support requests
  • Send marketing messages where permitted (you can opt out; see "Your choices" below)

Legal and business operations

  • Comply with legal obligations and lawful requests
  • Enforce our terms, resolve disputes, and maintain records
  • Evaluate or complete business transactions (e.g., financing, acquisition)

4) AI Features and Model Providers

FML may offer features powered by artificial intelligence or machine learning ("AI Features"). When you use AI Features, we may process certain inputs (which may include Customer Content, Panopticon Data, Connected Service data, or excerpts of those materials) to generate outputs such as suggestions, summaries, reports, automated steps, code changes, or pull requests.

Third-party AI providers

Some AI Features may be provided using third-party AI services, including Anthropic's Claude (including "Claude Code") and potentially other model providers. When you use AI Features, we may send the necessary information (which can include code or code snippets, repository context, prompts, and related content you provide or authorize) to those providers to generate outputs and return them to you.

Training and improvement (plan-based)

Training and improvement practices can vary by subscription tier, Order Form, feature configuration, and settings:

  • We may use usage data, metadata, feedback, Output, and limited Customer Content to debug, evaluate, secure, and improve FML features, including agent observability, search, provenance, summaries, automations, and product quality.
  • Where feasible, we aim to minimize the Customer Content used for improvement and may use aggregated or de-identified data.
  • If your plan, Order Form, or settings restrict model improvement or training, those restrictions govern. We may still process information to provide, maintain, secure, support, and comply with law.
  • When we send data to third-party AI providers, their handling of that data is governed by our agreements and the feature configuration. Provider training or retention treatment may vary by provider, tier, and configuration.

You should avoid submitting secrets (e.g., passwords, API keys) via prompts or Customer Content unless necessary. If your repositories contain secrets, you should rotate them and use secret-scanning tools.

5) Cookies & Tracking (Analytics and Ads)

We use cookies and similar technologies (e.g., pixels, SDKs) for:

  • Essential purposes: authentication, session management, security
  • Preferences: remembering settings
  • Analytics: understanding usage and improving the Services (e.g., PostHog)
  • Advertising: measuring and delivering ads (e.g., Meta/Facebook and Google)

You can control cookies through browser settings. Some cookie controls may also be available through in-product mechanisms where required.

Do Not Track (DNT)

Browsers may offer a "Do Not Track" signal. There is no universal standard for DNT, so we do not respond to DNT signals at this time.

6) How We Share Information

We share information in the following situations:

Service providers ("processors")

We share information with vendors that help us run the Services, such as:

  • Cloud infrastructure and hosting
  • Analytics providers (e.g., PostHog)
  • Customer support tools
  • Security and fraud prevention services
  • Payment, subscription, billing, metering, and revenue operations providers (e.g., Stripe)
  • Advertising partners (e.g., Meta and Google) for measurement and ad delivery
  • AI service providers (e.g., Anthropic and others) when you use AI Features
  • Connected Service providers when needed to perform integration actions you request or automate

These providers are authorized to access information only as needed to provide services to us and are required to protect it.

With your organization (if applicable)

If your account is managed by an organization, administrators, owners, billing managers, and other authorized organization users may be able to access and manage account information, Connected Service data, billing and member seat information, agent activity, prompts, messages, tool events, cost data, provenance, summaries, automation results, and other information associated with that organization, subject to the organization's settings and policies.

Legal and safety

We may disclose information if we believe in good faith it is necessary to:

  • Comply with law or legal process
  • Protect rights, safety, and security of FML, our users, or others
  • Prevent fraud, abuse, or security issues

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

7) Data Retention

We retain information as long as reasonably necessary to provide the Services and for legitimate business purposes, including security, compliance, and dispute resolution.

  • We retain account and billing records as required for legal/accounting purposes.
  • We may retain logs and analytics data for security and product improvement.
  • Customer Content retention depends on how the Services function and your settings/integration state. For example, we may keep cached data needed to operate features, and backups may persist for limited periods.
  • Raw agent telemetry, Panopticon session data, and related event records may be retained for shorter operational periods than account, billing, security, support, derived summary, or aggregated records.

If you request deletion, we will take reasonable steps to delete your information consistent with applicable law and our operational requirements (for example, backups and legal retention).

8) Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9) Your Choices and Rights

You may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing, depending on where you live.

To exercise your rights, contact us at support@fml.inc. We may need to verify your identity.

Marketing opt-out

You can opt out of marketing emails by using the unsubscribe link in the emails we send. You may still receive service-related communications (billing, security, account messages).

Plugin and integration controls

You may be able to stop local sync, uninstall the FML plugin, log out of the CLI, revoke service tokens, or disconnect Connected Services through FML, the connected provider, or your local device. These controls may stop future collection or access, but they may not delete information already synced to the Services or retained by your organization.

Opt-out of targeted advertising

Depending on your location and applicable law, you may have the right to opt out of targeted advertising/sharing. You can request this by contacting support@fml.inc and indicating "Opt out of targeted advertising."

10) U.S. State Privacy Disclosures (Including California)

If you are a resident of certain U.S. states (including California), you may have additional rights regarding personal information, such as the right to know, delete, correct, and opt out of certain processing.

Categories of personal information we may collect

Depending on your use, we may collect:

  • Identifiers (name, email, IP address, account IDs)
  • Commercial information (subscription, billing, invoice, payment, and member seat metadata)
  • Internet/network activity (usage logs, interactions with the Services, plugin telemetry, agent session events, and Connected Service interactions)
  • Approximate geolocation (from IP)
  • Professional information (organization, role/title, Git metadata)
  • Customer Content you provide or authorize via integrations (which may include personal data contained within repositories)
  • Inferences and derived information, such as summaries, classifications, cost attribution, provenance, and activity analytics

Sale / sharing

We do not sell personal information for money. We may use advertising and analytics tools that could be considered "sharing" under some state laws when used for targeted advertising. You can opt out by contacting support@fml.inc.

11) International Users

If you access the Services from outside the United States, your information may be processed and stored in the United States or other countries where we or our service providers operate. We take steps designed to provide appropriate safeguards for cross-border transfers where required.

12) Children's Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 where applicable). If you believe a child has provided personal information, contact us at support@fml.inc.

13) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date indicates when this Privacy Policy was last revised. If changes are material, we may provide additional notice (for example, via the Services or email).

14) Contact Us

FML Labs Inc.

2261 Market St STE 78415
San Francisco, CA 94114

Email: support@fml.inc

Privacy Policy | FML