← Back to Fern

Privacy Policy

Fern is built for sensitive company communication data.

Last updated: June 22, 2026

Fern is an organizational intelligence system. That means privacy has to be explicit, practical, and honest: we process private communications to create useful client memory, and we design the system to minimize unnecessary exposure.

What Fern processes

Fern connects to approved sources like Slack, Gmail, Google Calendar, Google Drive, and meeting transcripts so it can extract client-related operational intelligence: topics, risks, blockers, commitments, decisions, sentiment, and timelines.

Google Workspace data use

When a customer connects Google, Fern requests read-only access to Gmail, Google Calendar, and Google Drive so Fern can identify client emails, meetings, and source documents relevant to that customer's relationship intelligence workspace. Fern uses Google user data only to provide and improve user-facing Fern features requested by the customer, including sync, evidence display, summaries, risk signals, and client timelines.

Third parties we share Google user data with

Fern transmits selected content from Google Workspace (Gmail, Calendar, Drive) to the following third-party service providers solely to operate and improve the service.

ProviderPurposeData shared
Anthropic (Claude API)AI classification, summarisation, and signal extractionExcerpts of emails, calendar events, and Drive documents selected for processing
OpenAI (GPT-4o API)AI classification and summarisation (fallback / supplementary)Same as above, when routed to OpenAI models
SupabaseDatabase and file storage hosting for extracted intelligence and source evidenceStructured intelligence derived from Google data; raw excerpts used as evidence
ResendTransactional email delivery (alerts, digests)Email addresses and notification content; no raw Google data
PolarSubscription billing and customer portalAccount identifiers; no Google user data

All providers are contractually bound to process data only as directed by Fern and in compliance with applicable privacy law. Neither Anthropic nor OpenAI uses data submitted via their API to train their general models. Fern does not sell Google user data to any third party, and does not share it with advertisers, data brokers, or analytics platforms.

Retain intelligence, not conversations

Our product principle is to retain structured client memory rather than build a permanent archive of unrelated company communications. Raw communications are used for processing and evidence display while we continue to roll out customer-controlled retention windows and raw-data minimization.

Data retention

  • By default, Fern retains Google-sourced data (raw excerpts and derived intelligence) indefinitely — data is not automatically deleted on a fixed schedule.
  • Manual deletion — organization admins can request full deletion of all Google-sourced data at any time by contacting support@usefern.ai.
  • Retention window setting — within Fern's Settings → Privacy, admins can configure a rolling retention window (e.g. 90 days, 180 days, 1 year). Once set, data older than the configured window is automatically purged on a nightly basis.

Data deletion

  • Self-serve: Settings → Privacy → "Delete all organization data" in the Fern dashboard.
  • Email request: Send a deletion request to support@usefern.ai from an admin account email address.
  • Fern will complete deletion of Google user data within 30 days of a confirmed request and send an email confirmation once deletion is complete. Backups containing the data are purged within the same 30-day window.

AI processing and model training

Fern sends selected communication content to enterprise AI APIs (Anthropic and OpenAI) through our AI gateway to classify, summarize, and score client relationship signals for the customer. Fern does not sell Google user data, does not use Google Workspace API data to train generalized AI or ML models, and does not transfer Google user data except as necessary to provide or improve user-facing Fern features, comply with law, or protect users and the service.

Google API Services User Data Policy

Fern's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Customer control

Admins can disconnect integrations and request deletion of organization data, including Google-sourced data. Self-serve controls available today include: configurable retention windows, excluded channels, paused sync, and full deletion. Export and uncertain-item review workflows are on our roadmap.

Security and protection

Fern protects Google user data with organization-scoped access controls, encrypted transport (TLS in transit, AES-256 at rest via Supabase), restricted internal access, and operational security controls described on our security page.

Human access

Internal access to customer data is restricted to operating and supporting Fern. Our intended support model is customer-approved, time-boxed access with audit logging; until those controls are fully self-serve, support access is handled manually and only for legitimate support needs.

Contact

For privacy questions, data deletion requests, or concerns about how your Google data is handled, contact support@usefern.ai or jason@usefern.ai.

Plain-English commitment: Fern will never sell your data. Fern does not use Google Workspace API data to train generalized AI or ML models, and our use of Google user data follows Google's API Services User Data Policy, including Limited Use. You can delete your organization's data at any time.