Privacy Policy

Our Promise

NO BS Privacy: We collect only what's necessary, protect it fiercely, and never sell your data. Period.

Developer Tools (faf-cli)

faf-cli runs 100% locally on your machine. When you run faf init, faf auto, or faf score:

• No source code is read, collected, or transmitted
• No data leaves your machine — no API calls, no telemetry, no phone-home
• The WASM scoring kernel runs locally — no cloud processing
• Your project.faf file contains only metadata you control — never source code
• Private repos stay private — we never see them

No training. No retention. No exceptions.

FAF has no training pipeline. Your code, your data, and your project metadata are never used to train any AI model, improve any service, or feed any analytics system. We do not have access to your code — faf-cli is an offline tool.

MCP Servers (claude-faf-mcp, faf-mcp, grok-faf-mcp, gemini-faf-mcp)

FAF MCP servers run as local processes on your machine, invoked by your AI tool (Claude, Cursor, etc.). They read your local project.faf file and serve it via the MCP protocol to your AI. No data is sent to FAF servers — the MCP connection is between your AI tool and your local filesystem.

WASM Scoring Kernel

The faf-scoring-kernel (Rust to WASM) and Zig WASM ghost binary run entirely in-process — inside your Node.js runtime, your browser, or your edge function. No network calls. No data exfiltration. The WASM binary scores your .faf YAML locally and returns a result. Nothing leaves the process.

Web Properties (faf.one, builder, mcpaas.live)

When you visit our websites:

• Vercel Analytics: Anonymous page view counts — no personal data, no cookies, no tracking
• FAF Builder: When you score a public GitHub repo, we fetch its file tree via the GitHub API. We do not store the results or your repo data
• MCPaaS: Edge location logging (Cloudflare data center code only — e.g. "ATL") for our Globe visualization. No personal data is logged

Email

If you provide your email (namepoint claims, contact forms, or purchases), we use it only to:

• Communicate about your account or purchase
• Send important product updates (rare, no spam)

We never sell, share, or use email addresses for marketing without consent. Unsubscribe anytime.

1. Information We Collect

When You Sign Up:

• Email address (for account access)
• Payment information (processed by Stripe - we never see your card details)

When You Use .faf:

• Project metadata (to calculate your FAF score)
• Usage statistics (to improve the service)
• Error logs (to fix bugs)

2. How We Use Your Information

• Process your subscription
• Send important updates (no spam, ever)
• Improve the .faf format and tools
• Provide customer support

3. Data Storage & Security

• Encryption: All data encrypted in transit and at rest
• Location: Stored on secure servers in the United States
• Access: Limited to essential personnel only
• Retention: Deleted 30 days after account closure

4. Third-Party Services

We use trusted partners:

• Stripe: Payment processing (PCI compliant)
• Formspree: Email capture (GDPR compliant)
• Vercel: Website hosting (SOC 2 compliant)

Each has their own privacy policy. We chose them for their security standards.

5. Your Rights

You can always:

• Access your data
• Correct inaccuracies
• Delete your account
• Export your information
• Opt-out of communications

Email team@faf.one for any data requests.

6. Cookies

We use minimal cookies:

• Essential cookies for authentication
• Analytics to improve the service (anonymous)
• No tracking cookies
• No advertising cookies

7. Children's Privacy

The Service is not intended for users under 13. We don't knowingly collect data from children.

8. Changes to This Policy

We'll notify you of significant changes via email. Continued use means acceptance of updates.

9. Contact Us

Privacy questions or concerns?

Email: team@faf.one

Location: Atlanta, GA, USA