Fathom

    Privacy Policy

    Effective Date: 12 March 2026

    This Privacy Policy ("Policy") explains how Fathom, owned and operated by Level Group Ltd ("we," "us," or "our"), collects, uses, shares, and protects your personal information when you access or use our website and services (collectively, the "Services"). By using the Services, you consent to the collection, use, and sharing of your personal information as described in this Policy.

    1. Information We Collect

    1.1 Personal Information:

    We collect personal information such as your name, email address, postal address, phone number, and other contact information when you voluntarily provide it to us through the Services.

    1.2 Usage Information:

    We automatically collect certain information about your device, browser, IP address, and usage patterns when you access and use the Services. This helps us to improve our Services and enhance user experience.

    2. Use of Information

    2.1 Provide and Improve Services:

    We use the collected information to deliver, maintain, and improve the Services, including personalizing your experience, providing customer support, and developing new features.

    2.2 Communication:

    Your contact information is used to communicate with you about your account, respond to inquiries, send updates about the Services, and provide marketing materials. You can opt-out of marketing communications at any time.

    2.3 Legal Compliance and Protecting Rights:

    We use your information to comply with laws, respond to legal processes, or protect our rights and safety, as well as that of our users.

    3. Information Sharing

    3.1 Service Providers and Third Parties:

    We share your information with trusted third-party service providers to help us operate, manage, and improve the Services. Efforts are made to anonymise the data shared and exclude personally identifiable information such as full names and email addresses. These providers are contractually obligated to protect your information and use it only as necessary to provide their services.

    3.2 Legal Requirements:

    We may disclose your information as required by law or in response to legal requests.

    3.3 Business Transfers:

    Your information may be transferred during mergers, acquisitions, or asset sales. We will notify you of any such changes.

    3A. Third-Party Data Processors

    We use the following third-party service providers to operate Fathom. Each acts as a Data Processor under GDPR and processes data only as necessary to deliver their service.

    • Supabase - Database hosting and user authentication. Data is hosted in EU (eu-west-2) and US regions. SOC 2 Type II compliant. Encryption at rest and in transit.
    • Stripe - Payment processing. All card data is handled directly by Stripe and never touches Fathom's servers. PCI DSS Level 1 certified.
    • OpenAI - Powers the Fathom Advisor AI responses. No personally identifiable information (names, emails) is transmitted beyond the session context you provide in your query.
    • Resend - Transactional email delivery (assessment results, account notifications). Receives only your email address and the content of the specific email.
    • Google Analytics 4 - Anonymised usage analytics to understand how the site is used. Only activated with your explicit consent via our cookie banner. Data retention set to 14 months maximum.

    4. Google Calendar Integration

    Fathom integrates with Google Calendar to provide a unified productivity experience. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Fathom's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

    4.1 Scope and Purpose

    When you choose to connect your Google Calendar, we request the https://www.googleapis.com/auth/calendar.events scope. This permission allows us to read, create, update, and delete events on your primary Google Calendar.

    4.2 Data We Access

    We access event titles, descriptions, start and end times, locations, attendee information, and event metadata. This data is used exclusively for the productivity features described above.

    4.3 Data Storage and Retention

    We store minimal calendar data necessary for synchronization purposes. Event details are fetched from Google in real-time. We do not create permanent, detailed copies of your calendar events.

    4.4 Event Deletion Policy

    When you choose to delete a calendar event through Fathom, we delete it from your Google Calendar. All deletions require your explicit confirmation and cannot be undone.

    4.5 Data Sharing and Third-Party Access

    We do not share, sell, rent, or transfer your Google Calendar data to any third parties. Your calendar information is used exclusively within Fathom for the productivity features you've enabled.

    4.6 Your Control and Disconnection

    You can disconnect your Google Calendar from Fathom at any time through your account settings or by revoking permissions in your Google Account.

    4.7 Security and Compliance

    We implement industry-standard security measures to protect your Google Calendar data, including encryption in transit and at rest, secure token storage, and access controls.

    5. Data Security

    5.1 Security Measures:

    We implement reasonable security measures to protect your personal information. However, no method of transmission over the internet is completely secure.

    5.2 Data Retention:

    We retain personal information according to the following schedule:

    • Active account and profile data: Retained for the duration of your subscription plus 30 days post-cancellation.
    • Assessment results: Retained for the life of your account.
    • Inactive accounts (no login for 24 months): Flagged for deletion with a 30-day notice email before removal.
    • Payment and subscription records: Retained for 7 years as required by UK tax law.
    • Analytics data: Governed by Google Analytics 4 retention settings, set to a maximum of 14 months.

    You can request deletion of your account and all associated data at any time via Account Settings.

    6. Your Rights

    6.1 Access and Updates:

    You have the right to access and correct your personal information by contacting us.

    6.2 Opt-Out:

    You can opt-out of marketing communications by following the instructions in the communications.

    6.3 Cookies and Tracking:

    We use cookies and similar technologies to enhance your experience. You can manage these settings through your browser.

    7. Third-Party Websites

    Our Services may include links to other websites. We are not responsible for their privacy practices.

    8. Children's Privacy

    We do not knowingly collect personal information from children under 16. If we learn we have, we will delete it.

    9. Updates to This Policy

    We may update this Policy and will post the revised version on our Services.

    10. Contact Us

    If you have any questions about this Policy, or wish to make a Data Subject Access Request, contact us at info@fathom.coach. We aim to respond to all data requests within 30 days.

    11. Indemnification

    Users are responsible for their own use of the site and sharing of confidential information. Fathom is not liable for any misuse of the Services by users.

    We use analytics cookies to understand how Fathom is used. You can change this at any time on our Cookie Policy page.