The list of nos.
Privacy by design is what we don't do. This post is the complete list.
Most privacy pages describe an aspiration. Ours describes a constraint. The product is shaped by what we refuse to build, because most of the ways a forensic intelligence platform can betray its customers are well-trodden paths that we have to actively decline to walk down.
What follows is the working list. It is short on purpose. Each item is a decision we have made and can defend in writing.
1. We do not train shared models on customer content.
No meeting audio, no transcript, no contradiction graph, no report, no acoustic feature vector ever enters a training corpus that is reused across workspaces. The council models we ship are trained on public, licensed, and synthetic data only. The per-workspace memory layer that retains context for your sessions is keyed to your workspace and isolated at the storage layer; it is not a training signal for anyone else.
This is the first no because it is the one customers ask about most, and because it is the one that has, industry-wide, been broken most often. We do not have a "limited research exception". We do not have an opt-out for it because there is nothing to opt out of.
2. We do not pipe your content to a third-party LLM without BYOK.
By default, every model call in the council pipeline runs on hardware we operate. If you want to route deep-analysis passes through OpenAI, Anthropic, or another provider, you bring your own key, you agree to that provider's terms, and the request goes directly from our infrastructure to theirs under your account. We do not aggregate customer traffic behind a shared third-party key. We do not have a "free tier subsidized by a hyperscaler reading your meetings" model.
If BYOK is configured, the workspace settings page shows it, the audit chain records it, and the report header marks which sections were generated under your key.
3. We do not retain audio past your workspace window.
Live transcription chunks are written to ephemeral session storage for the duration of post-session processing and then deleted. Final reports retain the transcript, the contradiction graph, the attestation chain, and short voice samples for speaker identification — never the raw continuous audio. Workspace administrators can shorten the retention window further, including to zero for sessions that should not be persisted at all.
"We delete the audio" is a load-bearing claim, so we wrote it down in the data handling page with the actual storage paths and lifecycle, not a paragraph of legalese.
4. We do not run third-party trackers.
The marketing site has no Google Analytics, no Segment, no Mixpanel, no Facebook pixel, no LinkedIn insight tag, no Hotjar, no session replay. The app has no telemetry sent to a third party. Our product analytics are server-side counters on our own infrastructure, scoped to anonymous aggregate metrics like "how many sessions were started this week".
If you open the developer tools on this page and watch the network tab, you will see requests to felarity.com and fonts.googleapis.com. The fonts request is the one third-party call we make; if that is unacceptable for your environment, we will ship a self-hosted font build on request.
5. We do not store card data.
Stripe holds the card. We hold a customer ID and a subscription status. Our billing endpoints (/billing/create-checkout, /billing/portal, /billing/status) are thin wrappers around Stripe's hosted flows. If our database were exfiltrated tomorrow, there would be no card numbers in it, because there have never been any.
6. We do not allow workspace cross-contamination.
Every storage path, every database row, every cache key, every model context, every search index, every report file is scoped to a workspace ID. There is no admin UI inside the product that can read across workspaces. Internal support access is gated, logged, and requires a customer-initiated ticket — we do not browse customer data to "see how it's going". When we run aggregate health checks, they read counts, not content.
This is the kind of claim that is easy to write and hard to keep. The way we keep it is by not building the cross-workspace tooling in the first place. The fastest way to leak data between tenants is to have a debug page that can do it; we don't have one.
7. We do not silently degrade encryption.
TLS 1.3 in transit. AES-256 at rest. Ed25519 for attestation signatures. If any of those change — for a hardware migration, a library upgrade, a discovered weakness — we publish the change on the security page and the changelog before it ships. There is no "we quietly turned off the strong cipher because it was slow on the new fleet". If you read those pages today and they say AES-256 and Ed25519, that is what is running.
8. We do not promise what we cannot prove.
SOC 2 Type II is in observation, with the Type II report expected Q1 2027. HIPAA BAAs are available on request for Professional and Enterprise plans. A third-party penetration test is scheduled. We do not claim certifications we do not hold. We do not claim a customer count, an uptime number, or a contradiction-detection accuracy figure that we cannot back with a measurement procedure.
The attestation chain is the most concrete version of this principle: every report ships with eight signed nodes that a customer (or a customer's lawyer, or a customer's regulator) can verify against our published public key at /.well-known/felarity-signing-key.pem without trusting us at all. The verifier is at /api/verify. It is the same verifier we use internally.
9. We do not sell data.
There is no data sale program. There is no anonymized aggregate sold to a research partner. There is no advertising network. There is no insight product built on customer content. The only commercial transaction in this company is "you pay us a subscription, we operate the platform for you". That is the entire business model and it is the entire revenue line.
The list is short on purpose.
A privacy posture made of forty bullet points is a privacy posture nobody can keep in their head, which means it is a privacy posture nobody can enforce on a Tuesday afternoon when a deadline is closing. Nine nos fit on a single page. An engineer can read them, hold them, and notice the day a code review starts to violate one. That is the actual mechanism — not the policy document, but the fact that the people writing the code remember the list.
If you want to push on any of these — to ask how a specific edge case is handled, to request the data handling page in more detail, to get the security page in PDF for a procurement review — write to hello@felarity.com. If you have found something we are doing that contradicts the list, write to security@felarity.com and we will treat it as a vulnerability report.
Private. Remembered. Defended. The middle word is the one that has to be defended hardest, because remembering things about meetings is exactly the capability that, in the wrong hands, becomes the surveillance product we refuse to build.