Where does Fathom house data?

All our data is stored in the AWS cloud data centres within the United States and Canada. All customer data pertaining to United States based organizations is housed from United States based servers. We use the AWS US West (Oregon) region for storage of our data as well as all our cloud infrastructure resources. 

Do you encrypt data in flight and at rest?

Yes we encrypt data in flight/transit as well as at rest. In flight/transit, data to and from our servers goes over HTTPS which provides an encryption layer. Data at rest is stored in two places: RDS database and S3 buckets. Amazon RDS encrypts data stored at rest in the underlying storage, as well as its automated backups, read replicas, and snapshots. RDS encryption uses the industry standard AES-256 encryption algorithm to encrypt the data. S3 data is also encrypted using the industry standard AES-256 encryption method. The objects are encrypted using server-side encryption with Amazon S3-managed keys (SSE-S3) 

Does Fathom offer SSO/two-factor authentication for customers? Yes! 

How are employees trained?

Fathom is committed to ensuring all of our employees understand their obligations under applicable data privacy laws. All new hires are trained on privacy and security during onboarding, and Fathom conducts regular refreshers to ensure continued adherence to best practices and regulatory frameworks. In particular, employees will reference the most up to date guidelines for PII; will use multi-factor authentication on all platforms; and will report any suspicious communication immediately. Our Code of Conduct also requires that our employees treat all information as confidential and adhere to additional security guidelines as provided by the organization.

Are you SOC2 Certified? Yes! Our SOC 2 certification underscores our dedication to rigorous data security and privacy standards, ensuring your sensitive information is protected by industry-leading practices.

How does Fathom handle personal information?

Personal information (PI), collected in the course of business is very limited. We do not collect any information which is not required for providing the service, we do not collect any end user or respondent information on behalf of customers, and we do not sell any consumer information. The text analytics functionality in Fathom does not require the use of personal information. It is entirely up to each customer to control what if any personal information is uploaded to the platform. Fathom uses industry standard technical, organizational, and administrative security measures to protect any information (including Personal Information) we hold in our records from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Fathom keeps Personal Information until it is no longer necessary for the purpose for which it was collected, for legitimate business purposes, or to comply with our legal obligations. 

How does Fathom work with sub-processors or external vendors?

Fathom has closed-APIs with OpenAI and Anthropic. The terms of use of these closed APIs enable Fathom to leverage their capabilities, but restrict either OpenAI or Anthropic from retaining, accessing or training on Fathom or Fathom customer data. Fathom uses AWS Cloud Offerings for its technical infrastructure. All the data stored and processed on AWS Cloud is encrypted and can’t be accessed by AWS.

How does Fathom leverage customer data for product improvement?

In order to provide the highest quality product possible, our terms of use grant Fathom the ability to improve our internal capabilities, models and product features with the use of customer data, but require the omission of any PI for training or refinement purposes. Customers can choose to exclude their data from use for training or product improvement, in whole or in part, by submitting a request via Customer Support.

Fathom’s agreements with OpenAI and Anthropic prohibit either organization from retaining, accessing or training on Fathom or Fathom customer data, of any kind. 

Can customers request the deletion of their data ?

Fathom supports customer choice with regards to data use by the organization. Customer's can request that their data be removed in part or in whole at any point. Upon receiving a request, Fathom will securely delete the specified data (except when required by law to retain) within 15 days. Customers can manage their data requests, including deletion of data, through our Customer Support team.

How does Fathom monitor AI produced insights for veracity and accuracy?

Our products embrace human supervision as an essential component of responsible AI. Fathom leverages a human supervised AI tech stack that empowers human guidance in the theme generation, and human review and refinement in the theme application and insight creation. We see human involvement in the application of AI as a feature that is core to the ethical development and deployment of our AI capabilities. Further, the Fathom platform builds transparency into the customer experience. Customers can easily validate the accuracy of every theme and insight in their dashboard.

Where can I find your privacy policy?

For more information, please reference the Fathom privacy policy and terms of use.

For questions related to this policy, data security to report a suspected security vulnerability, contact COO Tovah Paglaro (tovah@fathomthat.ai) or Data Security Lead (raman@fathomthat.ai).