Privacy Policy

We collect information to provide and improve FastFollow's AI-powered sales follow-up automation platform. The categories below describe what we collect and why.

1.1 Account & Profile Information

When you create a FastFollow account, we collect:

• Name and email address — used to identify your account and send transactional communications.
• Company name, role, and team size — used to personalize your onboarding experience and tailor AI-generated content to your sales context.
• Profile photo — optionally uploaded; displayed in the application and in AI-generated follow-up signatures.
• Billing information — collected and processed by our payment processor, Stripe. FastFollow does not store raw card numbers. We retain billing metadata (plan type, payment status, invoice history) for accounting and support purposes.
• Authentication data — we use OAuth 2.0 for authentication. We never store passwords in plaintext. If you sign in with Google or Microsoft, we receive only the OAuth access token and basic profile information permitted by that provider's scope.

1.2 Usage Data

We automatically collect certain technical and behavioral data when you use the platform:

• Log data — IP addresses, browser type, operating system, referring URLs, pages visited, timestamps, and HTTP status codes. Stored for up to 90 days for security and debugging purposes.
• Device information — device type, screen resolution, and browser version, used to optimize the user interface.
• Feature usage events — which features you use, how often, and in what sequence. Used to improve product design and prioritize engineering work.
• Error reports — stack traces and diagnostic data when the application encounters an error, used solely for debugging.
• Session recordings — if you opt into our beta feedback program, we may use privacy-preserving session replay (with all form input masked) to diagnose usability issues. Participation is always voluntary.

1.3 Meeting & Sales Data

The core purpose of FastFollow is to help you act on meeting data. When you connect a meeting source, we collect:

• Meeting transcripts and recordings — uploaded by you or pulled from integrated meeting tools (e.g., Zoom, Google Meet, Fireflies.ai). Transcripts are stored encrypted, scoped to your account, and never accessed by FastFollow employees except as required to resolve a support ticket you have opened.
• Meeting metadata — date, time, duration, participant names and email addresses, meeting title, and associated deal or contact records.
• AI-extracted insights — action items, commitments, next steps, and follow-up drafts generated by our AI models from your meeting content. These outputs are stored as part of your account data and are controlled by you.

1.4 CRM & Calendar Data

When you connect FastFollow to your CRM (Salesforce, HubSpot, Pipedrive, etc.) or calendar (Google Calendar, Microsoft Outlook), we access:

• Contact and deal records — names, email addresses, deal stage, company, phone numbers, and custom fields relevant to generating accurate follow-ups. We do not index your entire CRM; we fetch only records associated with meetings you have imported into FastFollow.
• Calendar events — upcoming and past meeting invitations, attendees, and video conference links. Used to match meetings to your deal pipeline and schedule follow-up reminders.
• Email send history — if you use our direct email send feature, we store the sent email content, recipient, timestamp, and delivery/open status returned by your email provider. We do not read your full email inbox.

1.5 Cookies & Tracking

We use session cookies, authentication tokens, and limited first-party analytics cookies. We do not use third-party advertising trackers. For full details, see our Cookie Policy.

We use the data we collect for the following purposes. We process your data only where we have a lawful legal basis to do so (legitimate interests, contract performance, consent, or legal obligation).

2.1 Service Delivery

• Authenticating your identity and maintaining your session securely.
• Processing your meeting transcripts through our AI pipeline to generate action items, follow-up drafts, and deal summaries.
• Syncing AI-generated outputs back to your connected CRM and calendar as configured by you.
• Delivering email follow-ups via your connected email account or our transactional email provider (Resend) when you approve and trigger sends through the platform.
• Providing role-based access control so that the correct team members have access to the appropriate deal information.

2.2 AI Processing & Model Inference

Our AI features process meeting content to extract meaning. Specifically:

• Transcripts and deal context are submitted to large language model (LLM) APIs for inference. We use providers that operate under strict data processing agreements that prohibit training on submitted data.
• Your data is never used to train any AI model — by FastFollow or by our AI providers. This is a contractual commitment with our model providers, not just a policy preference.
• AI outputs (follow-up drafts, action items) are suggestions only. They require your review and approval before any action is taken on your behalf.

2.3 Analytics & Product Improvement

• Analyzing aggregated, anonymized usage patterns to understand which features provide value and where users encounter friction.
• Measuring platform reliability, error rates, and performance metrics to maintain our 99.9% uptime target.
• Conducting A/B testing on new features with your consent, where applicable. You can opt out of non-essential analytics at any time from your account settings.

2.4 Communication & Support

• Sending transactional emails: account confirmations, password resets, billing receipts, and critical security alerts. These cannot be opted out of while your account is active.
• Sending product update emails, feature announcements, and educational content. You can unsubscribe from these at any time using the unsubscribe link in any such email or from your notification preferences in-app.
• Responding to customer support requests, which may require our support team to access limited account metadata (never your transcript content unless you explicitly share it in a support ticket).

2.5 Legal & Compliance

• Complying with applicable laws, regulations, and legal processes, including valid subpoenas and court orders.
• Enforcing our Terms of Service and protecting the rights, property, and safety of FastFollow, our users, and the public.
• Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity on our platform.

3.1 Infrastructure & Hosting

• Amazon Web Services (AWS) — our primary cloud infrastructure provider. All production data is stored in the us-east-1 region. AWS operates under our Data Processing Addendum and is a GDPR-compliant processor.
• Vercel — frontend hosting and edge delivery. Vercel processes request logs and may store session data in edge regions for performance purposes.
• Neon / PostgreSQL — managed database provider for structured application data. Data is encrypted at rest and in transit.

3.2 Email Delivery

• Resend — we use Resend to send transactional emails (account notifications, billing receipts, security alerts). Resend receives the recipient email address, subject, and email body for the purpose of delivery. Resend does not use this data for advertising or profiling.

3.3 CRM & Calendar Integrations

• Salesforce — when you connect Salesforce, we read and write contact and opportunity records as authorized by your Salesforce OAuth token. We adhere to Salesforce's ISV data use policies.
• HubSpot — similar to Salesforce: we read and write contact and deal records using the scopes you authorize during the OAuth connection flow.
• Google Calendar API — we access your Google Calendar events to detect meetings and match them to deals. We request the minimum required scopes (read-only calendar events). We do not read your email via the Google API.
• Microsoft Graph API — used to access Outlook calendar events when you connect a Microsoft 365 account. Same read-only scope principle applies.
• Zoom & other meeting tools — accessed only if you explicitly connect them. We retrieve transcript data from these platforms using the minimum required permissions.

3.4 AI Model Providers

• We submit meeting content and deal context to LLM API providers (including Anthropic and/or OpenAI) for inference. All providers are contractually bound by zero-data retention agreements — they process the data in memory for the duration of the API call and do not store it.
• Your data is explicitly excluded from any model training under these agreements.

3.5 Analytics & Monitoring

• Sentry — error monitoring. Error reports may contain stack traces and limited metadata. No personal or meeting data is included in error payloads.
• Internal analytics — we operate our own anonymized event tracking pipeline. We do not use Google Analytics, Mixpanel, or other third-party behavioral analytics tools that share data with ad networks.

3.6 Payment Processing

• Stripe — all payment card data is collected and processed directly by Stripe. FastFollow does not receive, process, or store credit card numbers. Stripe is PCI-DSS Level 1 compliant.

3.7 Legal Disclosures

We may disclose your information when required by law, including:

• In response to a valid subpoena, court order, or government request.
• To protect the rights or safety of FastFollow, our users, or the public.
• In connection with a merger, acquisition, or sale of all or substantially all assets — in which case we will notify affected users and provide choices where legally required.

Security is a core product value at FastFollow, not an afterthought. We implement technical and organizational safeguards appropriate for the sensitivity of the data we process.

Despite our best efforts, no security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law (no later than 72 hours after becoming aware, where required by GDPR or comparable regulation) and will take immediate steps to contain and remediate the incident.

If you discover a security vulnerability in our platform, please report it responsibly to security@fastfollow.ai. We operate a responsible disclosure program and will work with you to verify and address the issue promptly.

Depending on your location, you may have some or all of the following rights regarding your personal data. We honor all of these rights regardless of whether you are legally entitled to them — we believe data control belongs to you.

To exercise any of the above rights, contact us at legal@fastfollow.ai. We will respond within 30 days (or sooner as required by applicable law). We may ask you to verify your identity before fulfilling a data request.

We retain your data only as long as necessary to provide the service or as required by law. The following table describes our default retention periods.

If you request deletion of your account, we will initiate deletion within 5 business days and complete the permanent removal of all personally identifiable data within 30 days. You will receive a confirmation email when deletion is complete. We may retain anonymized, aggregated data that cannot be linked back to you.

FastFollow is headquartered in the United States, and our primary data infrastructure runs on AWS us-east-1 (Northern Virginia). If you access FastFollow from the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States.

We rely on the following legal mechanisms to authorize such transfers:

• Standard Contractual Clauses (SCCs) — For transfers from the EEA, we rely on the European Commission's approved Standard Contractual Clauses as incorporated into our Data Processing Addendum (DPA). Enterprise customers may request a signed DPA by contacting legal@fastfollow.ai.
• UK International Data Transfer Agreements (IDTA) — For transfers from the United Kingdom, we use the UK IDTA addendum to the EU SCCs.
• Adequacy decisions — Where the European Commission or UK ICO has recognized a third country as providing adequate data protection, we rely on the applicable adequacy decision.

EU data residency (storage in eu-west-1) is on our product roadmap for late 2026. If EU data residency is a hard requirement for your organization today, please contact us to discuss options.

8. Children's Privacy

FastFollow is a B2B sales automation platform intended exclusively for use by professionals and businesses. Our services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 16.

If we become aware that we have inadvertently collected personal data from a person under 16, we will take immediate steps to delete that information. If you believe a minor has provided us with personal information, please contact us at legal@fastfollow.ai so we can investigate and remediate promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page.
• Send an email notification to the primary email address associated with your account at least 14 days before the changes take effect.
• Display a prominent in-app banner notifying you of the update.

For non-material changes (corrections, clarifications, formatting improvements), we will update the “Last updated” date without separate notification. In all cases, the most current version of this policy governs our practices.

Your continued use of FastFollow after a policy change becomes effective constitutes your acceptance of the updated terms. If you do not agree to the updated policy, you must stop using the service and may request deletion of your account and data.

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us through any of the following channels:

We aim to respond to all privacy-related inquiries within 5 business days. For urgent security matters, please use security@fastfollow.ai for a faster response.