Privacy Policy
Last updated June 15, 2026
This Privacy Policy explains how Fabricant (“we,” “us”) collects, uses, and protects personal data in connection with Indy (the “Service”). It covers two kinds of people: account holders who sign up to use Indy, and recipients — people whom account holders share artifacts with.
1. Who is responsible for your data
For account-holder data (your account, your billing), Fabricant is the data controller. For recipient data (the emails and engagement data of people you share with), the account holder is the controller and Fabricant acts as a processor, handling that data on the account holder’s instructions to provide the sharing and analytics features.
2. Information we collect
From account holders
- Account details — name, email address, and authentication identifiers (e.g. if you sign in with Google).
- Workspace & billing — workspace name, plan tier, and a payment-processor (Stripe) customer reference. We do not store your full card details; Stripe does.
- Content you create — the artifacts (HTML), READMEs, collections, and settings you upload or configure.
- Usage & device data — product analytics events, log data, browser/device information, and cookies.
From recipients
- Email address — entered to verify access to, or to view, a shared artifact (including via lead-capture or domain-access links).
- Engagement data — view events such as opens, time spent on sections (“dwell”), sign-offs, and signals used to detect when a link is forwarded (such as device/user-agent and network information).
- Session cookie — a token that keeps a verified recipient signed in to a shared link for a limited period.
3. How we use information
- To provide, operate, secure, and improve the Service.
- To authenticate users and recipients and enforce access gates.
- To render preview images, deliver shared links, and produce engagement analytics for the account holder.
- To send transactional email (verification, invites, shared artifacts, and notifications you enable).
- To process payments and manage subscriptions.
- To prevent abuse, fraud, and spam, and to comply with legal obligations.
4. Cookies
We use a small number of cookies: an authentication cookie for signed-in account holders, a session cookie for verified recipients, and analytics cookies to understand product usage. We do not sell your data or use third-party advertising cookies.
5. Service providers (subprocessors)
We share data with the following providers strictly to operate the Service. Each processes data on our behalf under its own security and privacy commitments.
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and file storage |
| Vercel | Application hosting and delivery |
| Resend | Transactional email delivery |
| Stripe | Subscription billing and payments |
| PostHog | Product analytics |
| Optional sign-in (OAuth) | |
| Screenshot rendering provider | Generating PNG preview covers of artifacts |
We do not sell personal data, and we do not share it with third parties for their own marketing.
6. Data retention
We keep account and content data for as long as your account is active. When you delete an artifact or your account, we delete or de-identify the associated data within a reasonable period, except where we must retain it to comply with law, resolve disputes, or enforce our agreements. Recipient data is retained on behalf of the account holder and is removed when the account holder deletes it or their workspace.
7. Security
We use row-level security, encryption in transit, access controls, and reputable infrastructure providers to protect data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your rights
Depending on where you live (for example, under GDPR or the CCPA/CPRA), you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, email alex@fabricantgtm.com. We will respond within the timeframe required by applicable law.
9. A note for recipients
If you received a link to an artifact, the person or organization that shared it decides what data is collected about your viewing and how long it is kept. To request access to, or deletion of, your data, contact the sender directly, or email us at alex@fabricantgtm.com and we will route your request to the relevant account holder.
10. International transfers
We and our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards for international transfers.
11. Children
The Service is not directed to children under 18, and we do not knowingly collect their personal data.
12. Changes to this policy
We may update this policy from time to time. We will update the date above and, for material changes, take reasonable steps to notify you.
13. Contact
Privacy questions or requests? Email alex@fabricantgtm.com.