Privacy policy

What we collect

When you request access or sign up, we collect your email address, name, and (optionally) organization and message. When you sign in, we collect authentication state from your chosen identity provider (Google OAuth or magic-link email) and your IP address.

When you use Fulcrum, we store the conversations you have with the assistant, the queries the engine composes on your behalf, and the data you connect — only within your tenant.

How we use it

We use your email and name to communicate about your account. Connected data is used to answer your questions and is never shared across tenants. Row-level security in our database enforces tenant isolation at every query.

What we don't do

We don't sell your data. We don't train models on your data without explicit opt-in. We don't share your data with third parties beyond the providers we use to operate (AWS, our identity providers, our email provider).

Healthcare data

If your tenant connects healthcare data (e.g. via athenahealth), Fulcrum will sign a Business Associate Agreement (BAA) with you before any real PHI flows. Until a BAA is in place, only sandbox / synthetic data is permitted in healthcare connectors.

Contact

For data-access, deletion, or any other privacy questions, email hello@fulcrum.io.