Privacy Policy

1. Introduction

Fastrepl, Inc. ("we," "our," or "us") operates Char. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.

Char is a local-first application. Your notes, transcripts, and meeting data are stored locally on your device. During onboarding, an account is created so you can experience cloud-powered features (such as cloud transcription and AI summarization) at their best quality. You may choose to use Char entirely offline with a local language model. If you no longer wish to maintain an account, you can request deletion at char.com/app/account or by contacting us at privacy@char.com.

3. Information We Collect

3.1 Information You Provide

We collect information that you directly provide to us, including:

Account Information: Name, email address, password, and profile information
User Content: Notes, documents, and other content you create or upload
Payment Information: Billing details and payment card information (processed securely through third-party payment processors)
Communications: Information you provide when you contact us for support or feedback

3.2 Information Collected Automatically

When you use our Service, we automatically collect:

Usage Data: Information about how you interact with the Service, including product interaction events (for example, onboarding, downloads, note creation, transcription, summary generation, exports, and settings interactions)
Device Information: Device type, operating system, browser type, and IP address
Log Data: Access times, pages viewed, system activity, and technical diagnostics (for example, latency, status codes, and error events)
Service Telemetry Metadata: Pseudonymous identifiers (such as device fingerprint or user ID), app/browser version metadata, and cloud feature usage metadata (for example, speech-to-text duration, AI token counts, AI latency, provider/model metadata, and subscription trial events) used for operations, billing, product improvement, and abuse prevention
Cookies: See our Cookie Policy for more information

Analytics and telemetry events are designed to avoid including raw meeting audio, transcript text, note content, and summary text.

3.3 Google Calendar and Other Connected Calendar Accounts

If you connect Google Calendar or another supported calendar provider, we collect and process the data needed to sync calendars and events into Char. For Google Calendar, this may include:

Calendar Information: Calendar IDs, calendar names, colors, access or ownership metadata, primary or secondary calendar status, and source or account identifiers
Event Information: Event IDs, iCal UIDs, titles, descriptions, locations, event URLs, meeting links, start and end times, time zones, recurrence metadata, all-day status, event status metadata, organizer details, and attendee details such as names, email addresses, roles, and RSVP status
Connection Information: Provider connection IDs, connection status, reconnect or error state, and the Google account identity associated with the connection, such as email address or display name

We use this data only to provide and improve the user-facing calendar features you enable in Char, such as syncing selected calendars, showing upcoming meetings, linking notes to calendar events, displaying participants and meeting context, powering reminders, and helping you organize sessions around meetings.

We do not use Google Calendar data for targeted advertising, marketing personalization, sale to data brokers or information resellers, determining creditworthiness, or training generalized artificial intelligence or machine learning models. The use of information received from Google Workspace APIs will adhere to the Google Workspace API User Data and Developer Policy, including the Limited Use requirements.

4. How We Use Your Information

We use your information to:

Provide, maintain, and improve the Service
Process your transactions and manage your account
Send you technical notices, updates, and support messages
Send you marketing communications, including newsletters, product announcements, promotional content, and other updates about Char based on your contact details and marketing preferences (you may opt out at any time)
If you connect Google Calendar, provide and improve the calendar sync and meeting context features you requested. We do not use Google Calendar data for advertising, marketing personalization, or generalized AI model training.
Respond to your comments, questions, and requests
Protect against, identify, and prevent fraud and other illegal activities
Analyze usage patterns to improve user experience
Comply with legal obligations

5. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Your data is encrypted in transit and at rest.

For connected calendars, synced calendar and event data is primarily stored locally on your device as part of your local Char data. We may store limited connection metadata on our backend, such as integration ID, connection ID, connection status, error state, and timestamps needed to operate the integration securely. We also use an integration provider to manage OAuth connections and credentials. We protect this data in transit using HTTPS/TLS and at rest using encryption and access controls.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

6.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties, including Google user data.

6.2 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as:

Cloud hosting and infrastructure providers (e.g., Fly.io, Netlify, Cloudflare, Supabase) for hosting our application and storing your data securely
Integration providers (e.g., Nango) for OAuth connection management, credential handling, and calendar sync infrastructure when you connect Google Calendar or other supported accounts
Payment processors (e.g., Stripe) for processing payments securely
Analytics services (e.g., PostHog, Outlit) for understanding how users interact with our Service
Speech-to-text providers (e.g., Deepgram, AssemblyAI, Soniox) for cloud-based transcription when you enable this feature
AI model providers (e.g., via OpenRouter) for cloud-based AI features when you enable them
Error monitoring services (e.g., Sentry) for identifying and fixing issues
Email services (e.g., Loops) for sending transactional and marketing communications
Licensing services (e.g., Keygen) for managing software licenses

For a complete list of our sub-processors and their data protection safeguards, please see our Data Processing Agreement.

When you connect Google Calendar, we may share Google user data only:

With service providers directly involved in authenticating the connection, syncing calendars and events, and delivering the calendar features you enable
For security purposes, such as investigating abuse, preventing fraud, or fixing integration failures
To comply with applicable law, regulation, legal process, or enforceable governmental request
As part of a merger, acquisition, or asset sale, subject to applicable legal requirements and, where required, user consent

We do not sell Google user data or transfer it to third parties for advertising, marketing, or data broker purposes.

6.4 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders or government agencies).

7. Your Rights and Choices

7.1 Access and Portability

You can access and export your data at any time through your account settings.

7.2 Correction and Deletion

You can update or delete your information through your account settings. You may also request account deletion by visiting char.com/app/account or by contacting us at privacy@char.com. Your locally stored data remains on your device and is not affected by account deletion.

7.3 Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you connect Google Calendar, synced calendar and event data is retained locally on your device until you delete it, disconnect the account, or remove local Char data. On our systems, we retain limited connection metadata while the integration is active and for up to 30 days after disconnection or account deletion, except where a longer period is required by law. If you delete your account, we will delete your cloud-stored data within 30 days, except where required to retain it for legal purposes.

7.4 Analytics and Telemetry Controls

Desktop app setting: You can disable desktop usage analytics in Settings (Share usage data).
Web tracking controls: You can accept or reject non-essential website tracking from the Cookie preferences control in the website footer, as described in our Cookie Policy.
Global Privacy Control: We honor Global Privacy Control (GPC) for non-essential website tracking.
Cloud feature metadata: Disabling desktop usage analytics does not disable limited server-side operational and billing telemetry required to provide cloud requests (for example, speech-to-text and AI request metadata, and subscription trial status events).