Version
1.2
Last updated: April 30, 2026
FOND PRIVACY POLICY
FOND PRIVACY POLICY
DPM Labs Inc. ("Fond", "we", "us", or "our") operates the Fond platform at tryfond.co. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Service. By using Fond — including by completing Stripe checkout or connecting a third-party account such as Google Merchant Center — you agree to the practices described in this policy.
This Privacy Policy is incorporated into and forms part of our Terms of Service.
1. INFORMATION WE COLLECT
1.1 Account Information
When you create an account or complete Stripe checkout, we collect:
Name and email address
Company name and website URL
Billing information (processed and stored by Stripe — we do not store full payment card numbers)
Account credentials (passwords are hashed; never stored in plain text)
1.2 Store and Product Data
To provide the Service, we access and process data from your connected e-commerce store, which may include:
Product catalog (names, descriptions, images, prices, categories)
Store metadata (brand name, domain, store configuration)
Customer-facing content (collection descriptions, FAQs, blog posts)
You control what store data is connected and can revoke access at any time.
1.3 Usage and Analytics Data
We automatically collect data about how you use the Service:
Pages visited, features used, and actions taken within Fond
AI query inputs and outputs generated during your session
Device and browser information (browser type, OS, IP address)
Session timestamps and duration
1.4 AI Interaction Data
When you use Fond's AI features, we process the inputs you submit ("Input") and the outputs generated ("Output"). See Section 4 for how this data is handled with respect to AI model training.
1.5 Communications
If you contact us at team@dpm.co or via support channels, we retain those communications to respond to you and improve our support.
1.6 Cookies and Tracking
We use cookies and similar technologies to operate the Service, remember your preferences, and analyze usage. See Section 6 for details.
1.7 Google User Data (Merchant Center & Other Google APIs)
When you connect your Google account to Fond — for example, to authorize access to Google Merchant Center — we use Google OAuth 2.0 to obtain limited, scope-specific access to your Google account data. Fond's access is limited to the OAuth scopes you explicitly approve on Google's consent screen at the time of connection. The Google user data we may collect, access, use, and store includes:
Google account identifiers: your Google account email address and basic profile information used to identify the connected account.
Google Merchant Center data: merchant account ID and configuration; product feeds (titles, descriptions, prices, GTINs, image URLs, availability, categories); product status, disapprovals, and policy issues; account-level performance data and diagnostics; and other data exposed by the Google Content API for Shopping and Merchant API scopes you authorize.
OAuth tokens: short-lived access tokens and long-lived refresh tokens, stored encrypted at rest, used solely to make authorized API calls on your behalf.
We only request the minimum OAuth scopes required to deliver the features you have signed up for. We do not "future-proof" by requesting scopes for features that are not yet implemented. You may revoke Fond's access to your Google account at any time by visiting your Google Account permissions page at https://myaccount.google.com/permissions or by disconnecting the integration from within Fond.
2. HOW WE USE YOUR INFORMATION
We use the information we collect to:
Provide, operate, and improve the Service
Process payments and manage subscriptions via Stripe
Deliver the 60-day Satisfaction Guarantee and evaluate results
Personalize your experience and generate AI-powered recommendations
Send transactional emails (account confirmations, billing notices, usage reports)
Send product updates and marketing communications (opt out any time)
Monitor for security threats and prevent fraud
Comply with legal obligations
Analyze aggregate usage trends to improve the Service
2.1 Specific Uses of Google User Data
Google user data accessed under OAuth is used solely to provide the user-facing features you have requested in Fond, including:
Reading your Merchant Center product feeds, listings, and account diagnostics in order to analyze AI shopping visibility, surface optimization recommendations, and produce reports inside the Fond dashboard.
Where you explicitly enable write access, applying approved updates to product attributes, descriptions, or feed configurations on your behalf.
Aggregating performance and disapproval data to display dashboards and alerts inside Fond.
We do not use Google user data for any purpose other than providing and improving these user-facing features within Fond.
3. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We do not sell, rent, or transfer Google user data to any third party for advertising, retargeting, data brokerage, credit determination, or any purpose other than delivering the Service as described in this Privacy Policy. We share information only as follows:
3.1 Service Providers
We share data with trusted third-party vendors who help us operate the Service, under contracts that limit their use of the data to providing services to us:
Stripe – payment processing and subscription management
Cloud infrastructure providers (e.g., AWS, Google Cloud Platform) – hosting, storage, and compute, including encrypted storage of OAuth tokens and Google user data
AI model providers (OpenAI, Anthropic, Google Vertex AI) – processing of Inputs/Outputs to power Fond's AI features, governed by data processing agreements that prohibit these providers from using customer data to train their models
Important carve-out for Google user data: Where Fond uses third-party AI model providers to deliver a user-facing feature you have enabled (for example, generating a recommendation about your product feed), we transmit only the minimum data necessary to return the requested output, under data processing agreements that prohibit the provider from retaining the data, using it for their own purposes, or using it to train any model. We never use Google user data to train, fine-tune, or develop AI or ML models, our own or any third party's, and we never transfer Google user data to third parties for any purpose other than delivering the user-facing features described in this Privacy Policy.
3.2 Legal Requirements
We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Fond, our users, or others.
3.3 Business Transfers
If DPM Labs Inc. is acquired or merges with another company, your information may transfer as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
3.4 With Your Consent
We may share your information for any other purpose with your prior written consent.
4. AI DATA PRACTICES
4.1 No Training of AI/ML Models on Customer Content
We do not use your Customer Content (store data, product data, or other content you submit) or AI Output to train, fine-tune, or develop AI or ML models, whether our own or any third party's. This restriction applies fully and without exception to Google user data obtained through Google OAuth: Google user data is never used to train, fine-tune, or develop AI or ML models, and is never transferred to any third party for that purpose.
We also do not create databases, permanent copies, or other persistent stores of Google user data beyond what is strictly necessary to deliver the user-facing features you have requested in Fond, and we honor cache-control headers on all Google API responses.
4.2 Aggregate Improvement
We may use aggregated, de-identified usage data (not linked to you, your store, or any individual Google user data record) to improve the performance and quality of the Service.
4.3 Third-Party AI Providers
Fond uses third-party AI model providers (OpenAI, Anthropic, Google Vertex AI) to power certain features. Inputs you submit may be processed by these providers subject to data processing agreements that prohibit them from retaining your data beyond what is necessary to return a response and prohibit them from using your data for their own model training. As stated in Section 3.1, Google user data obtained via OAuth is subject to additional restrictions and is not routed to third-party AI providers for any training, evaluation, or model improvement purpose.
4.4 No Human Review of Google User Data
Fond personnel do not read, view, or otherwise access Google user data except (a) with your specific affirmative consent (for example, when you request technical support involving specific records), (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and de-identified and is used solely for internal operations consistent with applicable privacy law.
4.5 AI Limitations
AI-generated Output may be inaccurate or incomplete. Output is not a substitute for professional advice or human judgment. You are responsible for reviewing and approving any changes to your store based on Fond's recommendations.
5. DATA RETENTION
We retain your information for as long as your account is active or as needed to provide the Service. Upon termination:
Account data is retained for 90 days for recovery purposes, then deleted.
Customer Content (store and product data) is deleted within 60 days of a valid deletion request.
Google user data and OAuth tokens: When you disconnect your Google account from Fond, revoke Fond's access via your Google Account permissions, or terminate your Fond account, we revoke our copy of your refresh token and delete Google user data we have stored within 30 days, except where retention is required by law or necessary to resolve a dispute, complete an audit, or investigate abuse. Cached Google data is honored according to applicable cache-control headers and is never retained as a permanent copy beyond what is needed to deliver the Service.
Billing records are retained for 7 years as required by law.
Aggregated, de-identified analytics data may be retained indefinitely.
Request data deletion at any time by emailing team@dpm.co. You may also request immediate deletion of all Google user data associated with your account using the same address.
6. COOKIES AND ANALYTICS
Essential cookies – Required for authentication and session management. Cannot be disabled.
Analytics cookies – Used to understand how users interact with the Service (e.g., PostHog, Google Analytics). Opt out via browser settings.
Marketing cookies – Used to measure marketing effectiveness. Opt out via our cookie preferences.
7. DATA SECURITY
We use commercially reasonable technical and organizational measures to protect your information, including:
Encryption in transit (TLS/HTTPS) and at rest (including OAuth refresh tokens and Google user data)
Access controls, authentication requirements, and the principle of least privilege for personnel
Regular security reviews, dependency monitoring, and logging of access to sensitive data
Secure secret management for API credentials and OAuth client secrets
Incident response procedures for suspected unauthorized access
No method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal information or Google user data, we will notify affected users and applicable authorities as required by applicable law.
8. YOUR RIGHTS AND CHOICES
You may have the following rights regarding your personal information:
Access – Request a copy of the personal information we hold about you
Correction – Request correction of inaccurate or incomplete information
Deletion – Request deletion of your personal information (subject to legal retention requirements)
Portability – Request your data in a machine-readable format
Revoke Google access – Disconnect Fond from your Google account at any time within Fond, or via https://myaccount.google.com/permissions
Opt-out of marketing – Unsubscribe via the link in any marketing email or email team@dpm.co
To exercise any of these rights, contact team@dpm.co. We will respond within 30 days.
9. CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have rights under the CCPA including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Contact team@dpm.co to exercise your rights.
10. INTERNATIONAL DATA TRANSFERS
Fond is operated in the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the U.S. By using the Service, you consent to such transfers.
If you are in the EEA or UK and submit Personal Data governed by GDPR, you must enter into a Data Processing Agreement (DPA) with us first. Contact team@dpm.co to request a DPA.
11. CHILDREN'S PRIVACY
The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect information from children. If you believe we have, contact team@dpm.co and we will delete it promptly.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. If we make material changes — including changes to how we access, use, or share Google user data — we will notify you via email or in-app notice at least 14 days before the changes take effect, and where required will prompt you to consent to the updated terms before continuing to use affected features. Your continued use of the Service after the effective date constitutes acceptance.
13. CONTACT
Questions about this Privacy Policy or our data practices:
Email: team@dpm.co
Mail: DPM Labs Inc., 169 Madison Ave STE 11431, New York, NY 10016
Website: tryfond.co
We will respond to all privacy inquiries within 30 days.
14. GOOGLE API SERVICES USER DATA POLICY — LIMITED USE
Fond's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In summary, Fond does not:
Sell Google user data;
Transfer or disclose Google user data to third parties for purposes other than those described in this Privacy Policy — namely, providing or improving user-facing features within Fond, security purposes, compliance with applicable law, or a merger, acquisition, or asset sale with notice to affected users;
Use or transfer Google user data for serving advertisements of any kind, including targeted, retargeted, personalized, interest-based, or user advertisements;
Transfer Google user data to advertising platforms, data brokers, or information resellers;
Use Google user data to determine credit-worthiness or for lending purposes;
Use Google user data to train, fine-tune, or develop AI or ML models, our own or any third party's;
Create databases or permanent copies of Google user data beyond what is necessary to deliver requested user-facing features;
Allow humans to read Google user data, except as described in Section 4.4.
If you have questions about how Fond handles Google user data, or to exercise any of the rights described in this Privacy Policy with respect to that data, contact team@dpm.co.
DPM Labs Inc. ("Fond", "we", "us", or "our") operates the Fond platform at tryfond.co. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Service. By using Fond — including by completing Stripe checkout or connecting a third-party account such as Google Merchant Center — you agree to the practices described in this policy.
This Privacy Policy is incorporated into and forms part of our Terms of Service.
1. INFORMATION WE COLLECT
1.1 Account Information
When you create an account or complete Stripe checkout, we collect:
Name and email address
Company name and website URL
Billing information (processed and stored by Stripe — we do not store full payment card numbers)
Account credentials (passwords are hashed; never stored in plain text)
1.2 Store and Product Data
To provide the Service, we access and process data from your connected e-commerce store, which may include:
Product catalog (names, descriptions, images, prices, categories)
Store metadata (brand name, domain, store configuration)
Customer-facing content (collection descriptions, FAQs, blog posts)
You control what store data is connected and can revoke access at any time.
1.3 Usage and Analytics Data
We automatically collect data about how you use the Service:
Pages visited, features used, and actions taken within Fond
AI query inputs and outputs generated during your session
Device and browser information (browser type, OS, IP address)
Session timestamps and duration
1.4 AI Interaction Data
When you use Fond's AI features, we process the inputs you submit ("Input") and the outputs generated ("Output"). See Section 4 for how this data is handled with respect to AI model training.
1.5 Communications
If you contact us at team@dpm.co or via support channels, we retain those communications to respond to you and improve our support.
1.6 Cookies and Tracking
We use cookies and similar technologies to operate the Service, remember your preferences, and analyze usage. See Section 6 for details.
1.7 Google User Data (Merchant Center & Other Google APIs)
When you connect your Google account to Fond — for example, to authorize access to Google Merchant Center — we use Google OAuth 2.0 to obtain limited, scope-specific access to your Google account data. Fond's access is limited to the OAuth scopes you explicitly approve on Google's consent screen at the time of connection. The Google user data we may collect, access, use, and store includes:
Google account identifiers: your Google account email address and basic profile information used to identify the connected account.
Google Merchant Center data: merchant account ID and configuration; product feeds (titles, descriptions, prices, GTINs, image URLs, availability, categories); product status, disapprovals, and policy issues; account-level performance data and diagnostics; and other data exposed by the Google Content API for Shopping and Merchant API scopes you authorize.
OAuth tokens: short-lived access tokens and long-lived refresh tokens, stored encrypted at rest, used solely to make authorized API calls on your behalf.
We only request the minimum OAuth scopes required to deliver the features you have signed up for. We do not "future-proof" by requesting scopes for features that are not yet implemented. You may revoke Fond's access to your Google account at any time by visiting your Google Account permissions page at https://myaccount.google.com/permissions or by disconnecting the integration from within Fond.
2. HOW WE USE YOUR INFORMATION
We use the information we collect to:
Provide, operate, and improve the Service
Process payments and manage subscriptions via Stripe
Deliver the 60-day Satisfaction Guarantee and evaluate results
Personalize your experience and generate AI-powered recommendations
Send transactional emails (account confirmations, billing notices, usage reports)
Send product updates and marketing communications (opt out any time)
Monitor for security threats and prevent fraud
Comply with legal obligations
Analyze aggregate usage trends to improve the Service
2.1 Specific Uses of Google User Data
Google user data accessed under OAuth is used solely to provide the user-facing features you have requested in Fond, including:
Reading your Merchant Center product feeds, listings, and account diagnostics in order to analyze AI shopping visibility, surface optimization recommendations, and produce reports inside the Fond dashboard.
Where you explicitly enable write access, applying approved updates to product attributes, descriptions, or feed configurations on your behalf.
Aggregating performance and disapproval data to display dashboards and alerts inside Fond.
We do not use Google user data for any purpose other than providing and improving these user-facing features within Fond.
3. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We do not sell, rent, or transfer Google user data to any third party for advertising, retargeting, data brokerage, credit determination, or any purpose other than delivering the Service as described in this Privacy Policy. We share information only as follows:
3.1 Service Providers
We share data with trusted third-party vendors who help us operate the Service, under contracts that limit their use of the data to providing services to us:
Stripe – payment processing and subscription management
Cloud infrastructure providers (e.g., AWS, Google Cloud Platform) – hosting, storage, and compute, including encrypted storage of OAuth tokens and Google user data
AI model providers (OpenAI, Anthropic, Google Vertex AI) – processing of Inputs/Outputs to power Fond's AI features, governed by data processing agreements that prohibit these providers from using customer data to train their models
Important carve-out for Google user data: Where Fond uses third-party AI model providers to deliver a user-facing feature you have enabled (for example, generating a recommendation about your product feed), we transmit only the minimum data necessary to return the requested output, under data processing agreements that prohibit the provider from retaining the data, using it for their own purposes, or using it to train any model. We never use Google user data to train, fine-tune, or develop AI or ML models, our own or any third party's, and we never transfer Google user data to third parties for any purpose other than delivering the user-facing features described in this Privacy Policy.
3.2 Legal Requirements
We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Fond, our users, or others.
3.3 Business Transfers
If DPM Labs Inc. is acquired or merges with another company, your information may transfer as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
3.4 With Your Consent
We may share your information for any other purpose with your prior written consent.
4. AI DATA PRACTICES
4.1 No Training of AI/ML Models on Customer Content
We do not use your Customer Content (store data, product data, or other content you submit) or AI Output to train, fine-tune, or develop AI or ML models, whether our own or any third party's. This restriction applies fully and without exception to Google user data obtained through Google OAuth: Google user data is never used to train, fine-tune, or develop AI or ML models, and is never transferred to any third party for that purpose.
We also do not create databases, permanent copies, or other persistent stores of Google user data beyond what is strictly necessary to deliver the user-facing features you have requested in Fond, and we honor cache-control headers on all Google API responses.
4.2 Aggregate Improvement
We may use aggregated, de-identified usage data (not linked to you, your store, or any individual Google user data record) to improve the performance and quality of the Service.
4.3 Third-Party AI Providers
Fond uses third-party AI model providers (OpenAI, Anthropic, Google Vertex AI) to power certain features. Inputs you submit may be processed by these providers subject to data processing agreements that prohibit them from retaining your data beyond what is necessary to return a response and prohibit them from using your data for their own model training. As stated in Section 3.1, Google user data obtained via OAuth is subject to additional restrictions and is not routed to third-party AI providers for any training, evaluation, or model improvement purpose.
4.4 No Human Review of Google User Data
Fond personnel do not read, view, or otherwise access Google user data except (a) with your specific affirmative consent (for example, when you request technical support involving specific records), (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and de-identified and is used solely for internal operations consistent with applicable privacy law.
4.5 AI Limitations
AI-generated Output may be inaccurate or incomplete. Output is not a substitute for professional advice or human judgment. You are responsible for reviewing and approving any changes to your store based on Fond's recommendations.
5. DATA RETENTION
We retain your information for as long as your account is active or as needed to provide the Service. Upon termination:
Account data is retained for 90 days for recovery purposes, then deleted.
Customer Content (store and product data) is deleted within 60 days of a valid deletion request.
Google user data and OAuth tokens: When you disconnect your Google account from Fond, revoke Fond's access via your Google Account permissions, or terminate your Fond account, we revoke our copy of your refresh token and delete Google user data we have stored within 30 days, except where retention is required by law or necessary to resolve a dispute, complete an audit, or investigate abuse. Cached Google data is honored according to applicable cache-control headers and is never retained as a permanent copy beyond what is needed to deliver the Service.
Billing records are retained for 7 years as required by law.
Aggregated, de-identified analytics data may be retained indefinitely.
Request data deletion at any time by emailing team@dpm.co. You may also request immediate deletion of all Google user data associated with your account using the same address.
6. COOKIES AND ANALYTICS
Essential cookies – Required for authentication and session management. Cannot be disabled.
Analytics cookies – Used to understand how users interact with the Service (e.g., PostHog, Google Analytics). Opt out via browser settings.
Marketing cookies – Used to measure marketing effectiveness. Opt out via our cookie preferences.
7. DATA SECURITY
We use commercially reasonable technical and organizational measures to protect your information, including:
Encryption in transit (TLS/HTTPS) and at rest (including OAuth refresh tokens and Google user data)
Access controls, authentication requirements, and the principle of least privilege for personnel
Regular security reviews, dependency monitoring, and logging of access to sensitive data
Secure secret management for API credentials and OAuth client secrets
Incident response procedures for suspected unauthorized access
No method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal information or Google user data, we will notify affected users and applicable authorities as required by applicable law.
8. YOUR RIGHTS AND CHOICES
You may have the following rights regarding your personal information:
Access – Request a copy of the personal information we hold about you
Correction – Request correction of inaccurate or incomplete information
Deletion – Request deletion of your personal information (subject to legal retention requirements)
Portability – Request your data in a machine-readable format
Revoke Google access – Disconnect Fond from your Google account at any time within Fond, or via https://myaccount.google.com/permissions
Opt-out of marketing – Unsubscribe via the link in any marketing email or email team@dpm.co
To exercise any of these rights, contact team@dpm.co. We will respond within 30 days.
9. CALIFORNIA PRIVACY RIGHTS (CCPA)
If you are a California resident, you have rights under the CCPA including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Contact team@dpm.co to exercise your rights.
10. INTERNATIONAL DATA TRANSFERS
Fond is operated in the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the U.S. By using the Service, you consent to such transfers.
If you are in the EEA or UK and submit Personal Data governed by GDPR, you must enter into a Data Processing Agreement (DPA) with us first. Contact team@dpm.co to request a DPA.
11. CHILDREN'S PRIVACY
The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect information from children. If you believe we have, contact team@dpm.co and we will delete it promptly.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. If we make material changes — including changes to how we access, use, or share Google user data — we will notify you via email or in-app notice at least 14 days before the changes take effect, and where required will prompt you to consent to the updated terms before continuing to use affected features. Your continued use of the Service after the effective date constitutes acceptance.
13. CONTACT
Questions about this Privacy Policy or our data practices:
Email: team@dpm.co
Mail: DPM Labs Inc., 169 Madison Ave STE 11431, New York, NY 10016
Website: tryfond.co
We will respond to all privacy inquiries within 30 days.
14. GOOGLE API SERVICES USER DATA POLICY — LIMITED USE
Fond's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In summary, Fond does not:
Sell Google user data;
Transfer or disclose Google user data to third parties for purposes other than those described in this Privacy Policy — namely, providing or improving user-facing features within Fond, security purposes, compliance with applicable law, or a merger, acquisition, or asset sale with notice to affected users;
Use or transfer Google user data for serving advertisements of any kind, including targeted, retargeted, personalized, interest-based, or user advertisements;
Transfer Google user data to advertising platforms, data brokers, or information resellers;
Use Google user data to determine credit-worthiness or for lending purposes;
Use Google user data to train, fine-tune, or develop AI or ML models, our own or any third party's;
Create databases or permanent copies of Google user data beyond what is necessary to deliver requested user-facing features;
Allow humans to read Google user data, except as described in Section 4.4.
If you have questions about how Fond handles Google user data, or to exercise any of the rights described in this Privacy Policy with respect to that data, contact team@dpm.co.