Privacy Policy

The fatcat agent reads hardware and operating-system metadata only: CPU model and speeds, RAM modules and channels, GPU model and PCIe link state, storage devices and SMART attributes, motherboard and BIOS version, kernel and OS version, temperatures, fan speeds, and kernel/diagnostic log excerpts (dmesg, OOM kills, NVIDIA Xid codes, PSI stalls, systemd failures).

• No personal files, documents, photos, or user-directory contents.
• No passwords, keys, SSH credentials, browser cookies, or browsing history.
• No keyboard input, clipboard contents, screenshots, microphone, or camera data.
• No network scanning of other hosts on your LAN.

Scan results are uploaded over HTTPS to fatcat.fit and stored in our managed Postgres database. Data is transmitted only to Anthropic (Claude) and OpenAI when you explicitly request AI analysis: in that case, only the hardware metadata above is sent, never your identity.

The agent authenticates with a machine token scoped to a single machine in your account. The token is stored using the OS keychain on Windows (DPAPI via Electron safeStorage) and with file permissions 0600 on Linux. Lose the token or revoke it at any time from your dashboard: we will immediately reject any further uploads from that machine.

Scan records and analysis outputs are retained for the lifetime of your account. You can delete any individual scan, machine, or your entire account at any time: deletions are hard deletions in our primary database; backups are purged within 30 days.

No third-party analytics, ad trackers, or session recording is used on fatcat.fit. Server logs retain request metadata (URL, status, timing) for up to 30 days to support debugging and abuse prevention.

The fatcat agent source is published on our repository: you are invited to audit what it reads. The code that runs on your machine is the code in the repo.

Privacy questions, deletion requests, or security disclosures: security@fatcat.fit.