Legal

Privacy Policy

How FM Dojo collects, uses, protects, exports, deletes, and shares data for the service.

FM Dojo treats privacy and customer content handling as part of the product, not as a separate paperwork exercise. This notice is written to support customer security review and DPA discussions without claiming a completed legal certification or audit.

1 - Scope and roles

  • This Privacy Policy applies to fmdojo.com and FM Dojo products or services that link to it. It does not apply to third-party websites, applications, or services that publish their own privacy notices.
  • FM Dojo may act as a controller for account, billing, marketing, and support information. For customer content submitted to the service, FM Dojo generally acts as a processor or service provider according to the customer agreement, order form, or DPA in place.
  • FM Dojo is a live and evolving service. We update product behavior, vendors, and data flows as the service changes, and we keep this notice and our security packet aligned with those changes.

2 - Information we collect

  • Account and contact information, such as name, email address, company details, billing contact details, and support communications.
  • Subscription and payment information needed to process purchases, renewals, invoices, taxes, fraud checks, refunds, and account administration. FM Dojo does not store full payment card numbers.
  • Product content you choose to submit, including chat messages, FileMaker schema or script content, diagrams, snapshots, server metadata, validation requests, attachments, and voice dictation audio or transcripts.
  • Usage, device, log, and security information, including IP address, browser, operating system, timestamps, request metadata, feature usage, error details, cookie or similar identifiers, and authentication events.
  • Information from third parties that support account access, billing, analytics, error monitoring, email delivery, customer support, fraud prevention, or customer-requested integrations.

3 - How we use information

  • To provide, secure, maintain, debug, and improve FM Dojo and related support workflows.
  • To provision accounts, authenticate users, process payments, manage subscriptions, provide customer support, and send administrative messages.
  • To send product updates or marketing messages when permitted. You can unsubscribe from promotional messages, but we may still send transactional or service messages.
  • To comply with legal obligations, enforce our agreements, protect users and FM Dojo, investigate abuse, and preserve records needed for legitimate business or legal purposes.
  • To generate AI-assisted responses, validation results, summaries, transcripts, and other product outputs requested by users.

4 - AI processing and customer content

  • FM Dojo may send prompts, messages, attachments, validation requests, diagrams, FileMaker reference context, voice dictation audio, and related metadata to third-party AI or transcription providers so the service can respond to your request.
  • Customer content is used to provide the service to you. FM Dojo does not sell, publish, or use your code, conversations, diagrams, snapshots, or other customer content to train FM Dojo-owned AI models.
  • FM Dojo selects AI providers that offer business or API data-use commitments designed to avoid training on submitted API inputs, but provider-specific terms may apply. Customers should avoid submitting secrets, passwords, payment card numbers, health information, government identifiers, or other sensitive data unless their agreement expressly permits it.
  • Voice dictation audio is used to generate a transcript and is not intended for account-history storage.

5 - When we share information

  • We share information with subprocessors and vendors only as needed to operate FM Dojo, including hosting, database, payment, email, analytics, error monitoring, authentication, security, AI processing, and customer-requested integrations.
  • Our vendors may process data under their own privacy, security, and subprocessors terms. We review vendors for fit, limit their access to the service they provide, and maintain a subprocessor list for customer review.
  • We may share information when required by law, legal process, security investigation, corporate transaction, or to enforce our agreements and protect rights, safety, or service integrity.
  • We do not sell personal information.

6 - Security and retention

  • FM Dojo uses reasonable administrative, technical, and organizational safeguards, including access controls, encryption in transit, encryption at rest where supported by the platform, password hashing, logging, and least-privilege practices.
  • No internet service or storage system is perfectly secure. FM Dojo cannot guarantee absolute security, but we work to reduce risk and respond to security issues that materially affect users.
  • We retain personal information and customer content for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support ordinary business records.
  • When information is no longer needed, we delete, anonymize, or aggregate it unless retention is required or permitted by law, security, backup, audit, dispute, or billing needs.

7 - Deletion and export requests

  • You may request access, correction, export, or deletion of personal information by emailing [email protected]. We may need to verify your identity, account authority, and the scope of the request before acting.
  • Administrators may request account-level exports or deletion for their organization where permitted by the applicable agreement and law. Some information may be retained for billing, fraud prevention, security logs, backups, legal compliance, dispute handling, or other legitimate business needs.
  • Product surfaces may also let users delete certain conversations, diagrams, snippets, snapshots, or other content directly. In-product deletion affects the active service record first; backup and log copies age out under the relevant retention process.
  • If FM Dojo acts as a processor for customer content, we handle data subject requests according to the customer agreement, DPA, and the customer controller instructions that apply.

8 - International processing

  • FM Dojo and its vendors may process information in the United States and other countries where FM Dojo or its subprocessors operate.
  • For customers that need a data processing addendum or transfer terms, FM Dojo can provide a DPA-ready packet describing current processing roles, subprocessors, request handling, and security posture. This packet is readiness documentation and is not a statement that FM Dojo has completed a legal certification such as SOC 2, ISO 27001, or another audit unless separately stated in a signed agreement.

9 - Contact and updates

  • Questions, privacy requests, security concerns, and vendor review requests can be sent to [email protected].
  • We may update this Privacy Policy as FM Dojo changes. Material changes take effect when posted or otherwise communicated as required by law or contract.

Effective July 1, 2026