Privacy Policy

Our Commitment

Fast prioritizes your privacy. We collect minimal information necessary to enable our services, monitor stability and performance, and improve our offerings. We do not sell user data, show ads, or collaborate with third-party traffic monetization services or platforms. Limited analysis of activity is done to prevent abuse, ensure a high level of service performance, and detect bugs. If you have questions, please contact us at privacy@fast.io.

Fine Print

This Fast Technologies ("Fast") Privacy Policy, in conjunction with the Terms of Service, Data Processing Agreement (DPA), and other terms and conditions of use which are incorporated herein by reference and may be posted and applicable to specific services, collectively referred to as the "Agreement", governs your use of this website, content, apps, software, products and services provided to you on, from, or through the Fast website or platform (collectively, the "Services"). Fast may modify the Agreement, and any significant changes will become effective 30 days after posting on the website. We will notify you directly via email or through a prominent notice on our website and require your acceptance of any significant changes to this Privacy Policy. Your continued use of the website and any associated services, the "Services", indicates your acceptance of the Agreement.

Personally Identifiable Information (PII) includes, but is not limited to, names, addresses, email addresses, IP addresses, or any other identifier used to identify or track an individual. We store PII to enable upload and download services, prevent abuse, ensure high service levels (performance and error monitoring), and provide customer support. Under the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other applicable privacy laws, you have the right to access, rectify, delete, restrict processing of, and object to the processing of your PII. To exercise these rights, please contact us at privacy@fast.io.

This Privacy Policy governs your use of the Fast Services, regardless of how you access it, and by using our Services you consent to the limited collection, processing, and storage as described in this Privacy Policy. We automatically receive limited types of information when you interact with our website, apps, services, and platform. This information includes your computer, tablet, mobile, or other digital device's IP address, access times, your browser type and language. We may also collect information about the type of operating system you use, your account activity, and accessed pages. This data is collected in compliance with GDPR and CCPA, ensuring minimal collection and processing. Personal and non-personally identifiable information may be shared with third parties who assist us in providing services. These third parties are contractually obligated to protect your data and use it only for the purposes we specify. In general, Fast.io collects data for the purpose of customer services, general business analytics, and platform debugging. Our services are not intended for individuals under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete the account and the information. If we become aware that a child under 16 has provided us with personal information, we will suspend the account. For assistance, contact us at help@fast.io.

Your personal information may be used to correspond with you regarding the services, provide customer support, and communicate important updates. We retain data only as long as necessary to provide requested services, comply with legal obligations, and enforce our agreements. When you choose to make Content available, Fast will collect information from other parties for the purpose of preventing abuse, billing, and, in some cases, reporting to you. Some information is retained only as long as necessary to provide requested Services; other information may be retained longer to comply with our legal obligations and enforce our Agreements. Under GDPR and CCPA, you have the right to request the deletion of your personal data when it is no longer necessary for these purposes.

Fast will display your avatar, full name, and email address on various pages of the service to facilitate the services and user identification. Fast is not responsible for any personal information published online through your directed use of the Services. You may receive unsolicited messages from other parties or it may be used in a manner that violates the law, your personal privacy or your safety. By using the Services and publishing Content, you assume the risks and sole liability arising as a result of such information being displayed.

If you are not a resident of the United States, you understand and agree that Fast stores and processes your information on servers located in the United States and potentially other jurisdictions. By providing any data to Fast, you consent to the transfer of such information to the United States and other jurisdictions. Fast ensures that such transfers comply with GDPR requirements, including the use of standard contractual clauses or other appropriate safeguards to protect your personal data.

We will not rent or sell your personally identifiable information to third parties. However, we may disclose your personal information or any of its log file information when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request; (b) co-operate with investigations of purported unlawful activities; (c) identify persons who may be violating the law or legal notice; (d) protect and defend the rights or property of Fast or third parties; (e) protect the safety of an individual or group; (f) prevent fraud or abuse of Fast or its users. Any such disclosures will comply with GDPR and CCPA requirements, and where possible, we will notify you before disclosing your personal information.

The services require cookies to function properly. These cookies are not used for tracking outside of the services and are not shared with third parties. Cookies help us save your preferences and session information to enhance your user experience. A cookie is a small data file that we transfer to your digital device. We may use "persistent cookies" to save your ID and related information. We may use "session cookies" and "local storage" to enable certain features of the Service. You are solely responsible for the privacy and security of your digital devices receiving this technology.

Fast utilizes Hotjar for analytics and service improvement. Hotjar collects and receives data through your use of our Services to provide analytics services including heatmaps and session recordings. This data collection helps us understand how users interact with our Services, improve user experience, and diagnose technical issues. Hotjar is configured to suppress sensitive data fields. For more information about how Hotjar processes your data, please review the Hotjar Privacy Policy.

Additionally, third parties may collect Personal Data from individuals using Fast Services. These third parties are bound by their own privacy policies and terms of service. We require our third-party service providers to maintain appropriate security standards for protecting your personal information and to use the data only for specified purposes.

The security of your information is important to us. Fast operates its own SOC 2 Type II and ISO 27001 compliant datacenters and employs comprehensive measures to protect information collected from loss, destruction, disclosure, unauthorized access, misuse, and alteration. These measures include encryption of data at rest and in transit, access controls, regular security audits, and employee security training. Although we strive to protect your personal information, Fast cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Sensitive data is stored in an encrypted form. Fast does not store, collect, or transmit your payment data. Under GDPR and CCPA, you have the right to be informed about data breaches that may affect your personal data.

In the event that Fast is acquired, sold or merged with a third party entity, we reserve the right to transfer or assign the information we have collected from you as part of any change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors' rights generally, Fast may not be able to control how your personal information is treated, transferred or used.

Fast utilizes third-party services to provide and improve the Services. By using our services, you agree that data, including PII, may be shared with these third parties as necessary:

• Google Cloud Platform (GCP) — Cloud infrastructure and data storage
• Google Vertex AI and Gemini AI — AI-powered features including content analysis and intelligent services. Content processed by AI services is used only to provide the features you request. Under our enterprise agreements, Google does not use your content to train its AI models.
• Cloudflare — Content delivery, security services, and edge computing via Cloudflare Workers
• Stripe — Payment processing and billing
• Bugsnag — Error tracking and application monitoring
• Hotjar — Analytics, heatmaps, and user experience improvement

For a complete list of sub-processors and their purposes, please refer to our Data Processing Agreement.

Desktop Applications

When you use our desktop applications for macOS, Windows, or Linux ("Desktop Client"), we may collect additional information to provide synchronization services and improve performance. This includes: file metadata (names, sizes, modification dates, and folder structure) for files you choose to synchronize; application logs and crash reports; device information including operating system version, hardware identifiers, and application version; and synchronization status and performance metrics. The Desktop Client stores authentication tokens locally on your device to maintain your session. We do not access or analyze the contents of your synchronized files except as necessary to provide the Services or as described in our Terms of Service. You can uninstall the Desktop Client at any time, which will remove locally stored application data but will not automatically delete your data from our servers.

Programmatic Access and Agent Accounts

When you access our Services through APIs, MCP (Model Context Protocol) servers, SDKs, or other programmatic methods, or when you register and operate Agent Accounts, we collect and process additional data to ensure platform security and prevent abuse. This includes: API keys and authentication tokens; request logs including timestamps, endpoints accessed, IP addresses, and request parameters; usage patterns and rate limit metrics; and information about the application, agent, or system making requests (such as user-agent strings and client identifiers). We actively monitor programmatic access for anomalous patterns, potential abuse, and security threats. This monitoring may involve automated analysis of access patterns, request frequencies, and behavioral signals. Data from programmatic access may be retained longer than standard user data for security analysis, abuse prevention, and legal compliance purposes. If you operate Agent Accounts, you acknowledge that all actions taken by those agents are attributable to you, and associated data will be processed accordingly.

Legal Basis for Processing

Under GDPR and UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide you with the Services you requested, including account creation, file storage, synchronization, and customer support.
• Legitimate Interests: Processing for platform security, fraud prevention, abuse detection, service improvement, and analytics, where our interests do not override your fundamental rights.
• Legal Obligation: Processing required to comply with applicable laws, regulations, or legal processes.
• Consent: Where required, we obtain your consent for specific processing activities such as marketing communications or optional AI features.

Data Retention

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy. Our general retention practices include:

• Account Data: Retained while your account is active. Upon account deletion, data enters a soft-delete period (generally 15-90 days depending on data type) before permanent removal to allow for account recovery and prevent accidental data loss.
• Content and Files: Deleted according to your instructions or upon account termination, subject to the soft-delete recovery period.
• Server and Application Logs: Generally retained for a short period (days to weeks) for debugging and security purposes.
• Billing Records: Retained as required by tax and financial regulations, typically for several years.
• Audit Records: Retained for compliance purposes, typically up to three years.

Retention periods may vary based on legal requirements, platform operations, and the nature of the data. We periodically review and update our retention practices. For specific retention inquiries, contact us at privacy@fast.io.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising as defined under CCPA/CPRA.

To exercise your California privacy rights, contact us at privacy@fast.io or use the contact information below. We will verify your identity before processing your request.

Cookie Consent

When you first visit our website from a jurisdiction that requires cookie consent (such as the European Union or United Kingdom), we display a cookie consent banner allowing you to accept or manage your cookie preferences. Essential cookies required for the functioning of the Services are set automatically. Analytics and optional cookies are only set with your consent where required by law. You can manage your cookie preferences at any time through your browser settings or our cookie management tools.

Your Right to Complain

If you are located in the European Union or United Kingdom and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first at privacy@fast.io so we can attempt to resolve your concerns directly.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights under GDPR, UK GDPR, CCPA, or other applicable privacy laws, contact us by mail c/o Privacy Policy, 4747 Research Forest Dr., Ste 180-265, The Woodlands, TX 77381-4902 or by email at privacy@fast.io.