1. Introduction & Scope
Feature Fast LLC (“FeatureFast,” “we,” “us,” or “our”) provides a software platform that helps software teams collect feature requests through an embeddable widget and ship them as pull requests to a connected GitHub repository. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our websites, applications, dashboards, and the FeatureFast widget (collectively, the “Service”).
This Policy does not describe the privacy practices of our customers when they deploy the widget on their own products. Customers are independently responsible for their own privacy notices and lawful processing of end-user data.
2. Personal Data We Collect
Account data
When a customer creates an account through our authentication provider (Clerk), we collect the user’s name, email address, hashed credentials, profile image (if provided), and authentication metadata such as login timestamps and session identifiers.
Billing data
Paid subscriptions are processed through Clerk Billing, which uses Stripe as the payment processor. We do not receive or store payment-card numbers. We receive plan, invoice, and subscription metadata (for example, the current plan, renewal date, and last four digits of the card) necessary to operate the subscription.
Project data
When a customer connects a GitHub repository, we collect the GitHub installation identifier, organization and repository names, scoped OAuth tokens (encrypted at rest), and metadata about pull requests we generate.
Widget submissions
When an end user submits a feature request through the widget on a customer’s product, we receive the prompt text, the page URL on which the widget was used, an optional end-user email address (only if the end user provides one), and a customer-provided hash used to associate the submission with the end user. Widget submissions are processed on behalf of the customer.
Usage and telemetry
We collect log data about how the Service is used, including agent run identifiers, request counts, error and exception traces, IP addresses, browser user-agents, and approximate timing.
3. How We Use Personal Data
- To provide, operate, and secure the Service;
- To process payments and manage subscriptions;
- To send transactional and service communications (account changes, billing events, security alerts);
- To prevent, detect, and respond to abuse and fraud;
- To comply with legal obligations and enforce our Terms;
- To understand product usage. We do not currently use any third-party product-analytics tool. If we add one in the future (for example, a self-hosted PostHog instance or equivalent), we will update this Policy and, where required, present a cookie or consent notice.
4. Legal Bases (GDPR)
For users in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases for processing: (a) contract performance, to deliver the Service a customer has subscribed to; (b) legitimate interests, to secure the Service, prevent abuse, and improve product quality; (c) consent, where required, for example for optional cookies; and (d) legal obligation, where we must retain or disclose data to comply with law.
5. Sharing & Subprocessors
We do not sell personal data and do not share personal data for cross-context behavioural advertising. We share personal data only with subprocessors that help us deliver the Service, with authorities where required by law, and with successors in the event of a corporate transaction. A current list of subprocessors is available at /subprocessors.
6. AI Processing & Training
FeatureFast uses the Anthropic API to generate code suggestions and pull requests. Per Anthropic’s API terms, prompts and other data submitted to the Anthropic API are not used to train Anthropic’s modelsor any third party’s models. FeatureFast itself does not train, fine-tune, or otherwise improve any AI model on customer data, widget submissions, or any other personal data we process.
7. Data Retention
We retain account data for as long as the account is active and for up to thirty (30) days after termination, after which the account is deleted or anonymized. Widget submissions and project data are retained according to the customer’s instructions within the dashboard. Operational logs are retained for approximately ninety (90) days. Encrypted backups follow our standard rotation and are overwritten over time.
8. International Transfers
FeatureFast is based in the United States and processes personal data in the United States. Where personal data of individuals in the European Economic Area, the United Kingdom, or Switzerland is transferred to us or to our subprocessors, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and/or applicable adequacy mechanisms (such as the EU–U.S. Data Privacy Framework where available).
9. Your Rights
Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to our processing of your personal data, and to opt out of certain disclosures (CCPA). To exercise these rights, contact support@featurefast.ai. For data submitted through the widget on a customer’s product, the customer is the controller; please direct your request to that customer, and we will assist them in responding.
10. Cookies & Similar Technologies
We currently use only essential cookies and local storage required to operate the Service, including authentication session cookies (set by Clerk) and CSRF tokens. We do not currently use third-party advertising or analytics cookies. If we add optional analytics in the future, we will obtain consent or provide a clear disclosure where required by law.
11. Children
The Service is not directed to and is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from anyone under 18. If we learn that we have collected personal data from a minor, we will delete it.
12. Security
We take reasonable administrative, technical, and physical measures to protect personal data, including encryption in transit (TLS) and at rest, scoped OAuth tokens, least-privilege access controls, audit logging, and regular review of our subprocessors. However, no system is one hundred percent secure, and we cannot guarantee absolute security.
13. Changes to this Policy
We may update this Policy from time to time. For material changes, we will provide at least thirty (30) days’ notice by email or in-product notification before the change takes effect.
14. Contact
Feature Fast LLC
[MAILING ADDRESS]
support@featurefast.ai
EU representative. An EU representative under Article 27 GDPR has not currently been appointed. EU residents may contact us using the address above for any privacy-related request.