Privacy

Plain English. Nothing smuggled in.

fynn handles workspace data the way we'd want a vendor to handle ours: consent-first, minimized by default, and deletable by the member at any time. This is the full policy.

Effective: June 3, 2026 Version: 1.0 Controller: Axelerant Consulting

TL;DR

fynn reads your workspace's Slack replies that land in fynn's own DMs, threads, and channel posts — plus any channel you explicitly add to the watch list — and uses them to personalize future messages. We don't read DMs between humans. We don't train external models. We never sell data. Any teammate can DM fynn delete my profile to wipe their personalization data immediately.

Who we are

fynn is operated by Axelerant Consulting Pvt. Ltd. ("Axelerant", "we", "us"), a company registered in India with an EU presence. Axelerant is the data controller for information processed in connection with fynn for Slack.

For purposes of the GDPR (EU), UK GDPR, India's DPDP Act 2023, and the California CCPA/CPRA, Axelerant acts as controller for data it collects about you through fynn, and as processor for data your workspace administrator directs it to process on your behalf.

What we collect

From your Slack workspace

  • Member roster: Slack user IDs, names, email, avatar URL, timezone, role (member/admin/owner), guest status, display name, title, pronouns. Pulled via Slack's users:read scope.
  • Messages fynn can see: replies in fynn's DM threads, replies to watercooler posts in the channel it posted to, and messages in channels your admin explicitly adds to the Channels watch list (under the Oversight pillar). fynn does not request channels:history for channels outside this list.
  • Reactions on fynn's own posts (for engagement tracking).
  • Opt-out preferences you set via DM commands or the member portal.

From linked integrations (per-user, optional)

  • Google Calendar / Microsoft Outlook: free/busy for the next 7 days, used only to suggest mutually-free pairing windows. We do not store meeting content, attendees, or titles.
  • Zoom: permission to create meetings on your host account for pairings you approve.

These integrations are per-user and optional. You grant access from the fynn member portal and can revoke at any time.

From your admins

  • Workspace OAuth app credentials (Google, Microsoft, Zoom) — encrypted at rest.
  • Billing details via Stripe (tenant-level; Stripe holds the card, we don't).
  • Culture notes and brand-voice settings entered in the admin panel.

What we don't collect

  • Your DMs with other humans.
  • Messages in channels fynn was not explicitly added to.
  • File attachments or file contents.
  • Any data from third-party apps in your Slack workspace.
  • Browser cookies on the marketing portal beyond a single session cookie (no Google Analytics, no ad pixels, no tracking).

Why we collect it and legal basis

PurposeDataLegal basis (GDPR)
Deliver fynn's core workflows (check-ins, pairings, watercoolers)Roster, messages fynn can see, reactionsContract (Art. 6(1)(b))
Personalize follow-ups via engagement profilesParaphrased summary of your reply styleLegitimate interest (Art. 6(1)(f)) — opt-out-able anytime via delete my profile
Calendar/Zoom integration for pairingsFree/busy windows, Zoom host tokenConsent (Art. 6(1)(a))
Billing, fraud prevention, invoicingStripe customer ID, workspace emailContract; legal obligation
Service reliability, security monitoring, error reportingServer logs, error tracesLegitimate interest

Who we share with (sub-processors)

We share only with service providers we need to deliver fynn. We do not sell personal data. Current sub-processors:

Sub-processorPurposeRegion
Anthropic (Claude API)LLM inference for check-in/pairing/watercooler AI. Zero-retention by contract; not used to train models.United States
AWSApplication hosting, database, object storage.Asia-Pacific (Mumbai)
StripeSubscription billing, tax, card handling.United States
SlackThe platform fynn operates on.United States
SentryServer-side error and performance monitoring.United States
Giphy (platform-wide)Image lookup for watercooler topics (rating=g only).United States

Our sub-processor list is canonical here. We will post notice 30 days before adding a new one that processes personal data.

Storage & retention

  • Messages fynn can see: stored in your tenant's database row. Purged 90 days after your workspace uninstalls fynn.
  • Engagement profiles: held until the member types delete my profile or the workspace uninstalls. Deletion is immediate and irreversible.
  • AI traces (tokens, cost, latency): retained 12 months for cost accounting and abuse prevention.
  • Integration tokens (Google / Microsoft / Zoom): encrypted at rest. Revoked when the member disconnects or the workspace uninstalls.
  • Daily channel digests: compressed summaries; retained 90 days rolling.
  • Server logs: 30 days.
  • Audit / analytics events: 24 months.

Your rights (and how to exercise them)

Under GDPR, UK GDPR, DPDP (India), and CCPA/CPRA, you have the right to: access, rectify, delete, restrict processing, object, data portability, and withdraw consent. Specific to fynn:

  • Access your profile: DM fynn show my profile.
  • Delete your profile: DM fynn delete my profile. Instant, no admin approval needed.
  • Pause pairings: DM pause / snooze 2 weeks.
  • Block a specific person: DM don't pair me with @someone.
  • Opt out of follow-ups: DM stop DMs.
  • Disconnect integrations: open the member portal link fynn DMs you.
  • Any other request (access, rectification, portability, objection, complaint): email privacy@axelerant.com. We respond within 30 days.

If you're in the EU/UK and aren't satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

AI specifics

fynn uses large language models (Claude, from Anthropic) to write some of its output.

  • What's sent to the LLM: compressed summaries and brand-voice context — not raw messages verbatim where avoidable.
  • Zero retention: Anthropic's commercial terms guarantee inputs and outputs are not used to train their models, and are not retained beyond the duration of the request.
  • Never-discuss topics are enforced at the prompt and service layer: health, family, finances, religion, performance, politics, mental health, trending crises, identity. Rate limits cap personal follow-ups at 1/user/7 days.
  • Every AI call is logged (agent, model, tokens, cost, latency) in your tenant's ai_traces audit table — your admin can inspect what the AI has been doing.

Security

  • TLS 1.2+ in transit, AES-256 at rest (AWS-managed keys).
  • OAuth tokens and per-tenant provider secrets are encrypted application-side with Laravel's encrypted cast.
  • Tenant data isolation enforced by a global Eloquent scope — cross-tenant reads require explicit escape and are audit-visible in code review.
  • Principal-of-least-privilege: Slack bot token holds only the scopes listed in our app manifest; restricted Stripe keys in production.
  • Vulnerability reports: security@axelerant.com. We acknowledge within 72 hours.

Children's data

fynn is a workplace tool. We do not knowingly process data of anyone under 16. If you believe we have, contact privacy@axelerant.com and we will delete it.

International data transfers

Some sub-processors (Anthropic, Stripe, Slack, Sentry) are located in the United States. Transfers out of the EU/UK rely on the EU Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. We will accommodate data residency requests for Enterprise customers on request.

Changes to this policy

We'll post material changes here and notify workspace admins by email at least 30 days before they take effect. Non-material changes (typo fixes, broken-link repairs) can ship without notice; the effective date at the top of this page will update accordingly.

Contact

Privacy questions: privacy@axelerant.com
Security reports: security@axelerant.com
General: fynn@axelerant.com

Axelerant Consulting Pvt. Ltd.
India registered office: 4th Floor, Plot 10, Sector 44, Gurugram 122003, Haryana, India.

Questions before you install?

Email us. A real person on the fynn team will answer within a day.

fynn@axelerant.com
fynn vs Donut

How we compare, honestly.

Donut is a solid product. Here's where fynn is different — and where we're not.

Capability
fynn
Donut
1:1 intro pairings
✓ AI-scored by shared tags + activity balance
✓ Random shuffle
Watercooler questions
✓ Channel-aware AI, admin-approved with source permalinks
✓ Preset library
Team check-ins / check-ins
✓ Per-question DM threads, personalized greetings
Closed feedback loop
✓ 3-day post-meet DM feeds future matches
Calendar & Zoom
✓ Google / Outlook free-busy + Zoom auto-link
✓ Google / Outlook / Zoom
Per-program engagement insights
✓ Met-rate, AI lift vs rolling baseline, AI brief + starter per pair
Limited reporting
Self-serve opt-outs via Slack DM
✓ pause / snooze / don't-pair-me-with / delete-my-profile
✓ pause
Birthdays / anniversaries
✓ AI-written from channel context; HRIS-sourced dates; opt-outable
✓ Template
HRIS sync
✓ Zoho People today; direct OAuth; pluggable (Bamboo / Workday next)
Starting price
$2.50 / person / month
≈ $3.90 / person / month

Comparison reflects fynn features that are live in the codebase today. Donut rows reflect their published documentation at the time of writing. We'll update this as either product changes.