Effective date: April 19, 2026

Last updated: April 19, 2026

Fabric, LLC ("Fabric," "we," "us," or "our") operates the Fabric desktop application (the "App") and the website at https://www.fabric.studio (the "Website"). This Privacy Policy explains how we handle information for each.

The short version. The Fabric App runs entirely on your computer. It does not send your data to Fabric. It does not have user accounts. We do not collect telemetry, analytics, or crash reports from the App. The only information Fabric receives about you is what you share with us through the Website or by emailing our support address.

Because the App and the Website are different products, this policy has two parts. Read the part that applies to what you're using

Part 1: The Fabric Desktop App

1.1 Our core principle: local-first

The Fabric desktop application is a local-first tool. When you install it, all of your data — projects, agents, tasks, comments, settings, and work history - is stored in a SQLite database file on your own computer. Fabric does not operate a server that stores this data, and the App does not transmit it to us.

There is no sign-in, no account, and no user identifier associated with the App.

1.2 What stays on your device

The following never leaves your computer unless you explicitly configure it to:

• Your project goals, workflow instructions, agent configurations, tasks, subtasks, comments, and worker activity history

• OAuth access and refresh tokens for services you connect (encrypted at rest using your operating system's secure credential store, via Electron's safeStorage API)

• Browser sessions created by agent browser automation, stored in ~/.orchestrator/browser-profiles/ on your machine

• Git clones, worktrees, and any files your agents produce

If you uninstall the App, or delete the database file at ~/Library/Application Support/Orchestrator/data.db (macOS), this data is gone.

1.3 What leaves your device

The App performs network requests in four situations. In each, the data goes directly from your computer to the third party you chose - Fabric is not in the path and does not see the contents.

(a) Anthropic (Claude API). Agents in Fabric are powered by Anthropic's Claude models. You supply your own Anthropic API key or Anthropic account credentials in the App. When an agent runs, the relevant task content, tool results, and conversation context are sent directly from your computer to Anthropic's API to generate the agent's response. Anthropic's terms describe how they handle this data; we recommend you review them at https://www.anthropic.com/legal. Fabric receives nothing about these calls.

(b) Services you connect (currently Google Drive, Docs, and Sheets; GitHub; Linear). When you connect one of these services through the App's OAuth flow, the authorization redirect uses a loopback address on your own machine (http://localhost:19361/oauth/callback). The resulting access and refresh tokens are stored on your device. When an agent calls one of these services, the request goes directly from your computer to that provider's API using your stored token. Fabric receives none of the data returned.

(c) Update checks. About once an hour and when the App launches, the App checks GitHub Releases to see if a newer version is available. This request is made directly to api.github.com. Fabric operates no update server and does not log or count these checks. GitHub may log the request as it would any API call.

(d) Browser automation targets. If an agent uses browser automation, your local Chromium instance loads the web pages that agent visits. Session data is stored in a local browser profile on your machine. Nothing about the browsing is sent to Fabric.

1.4 What we do not do

The App does not include any of the following:

• No analytics, product telemetry, or usage tracking

• No automatic crash reporting

• No user accounts, sign-in, or device fingerprinting

• No advertising or ad-identifier collection

• No background uploads of your data to any Fabric-operated service

If you contact us for help and choose to share diagnostic information (for example, by attaching a file to a support email), we will treat that information as described in Part 2 below.

1.5 Google API Services - Limited Use disclosure

Fabric's use and transfer to any other app of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• What we access. Only the Google Drive, Docs, and Sheets files that you explicitly select through the Google Picker, plus files that Fabric creates on your behalf inside a folder you have designated. Fabric requests the narrowest scopes that enable the feature (drive.file, documents, spreadsheets). The App does not have access to your entire Google Drive.

• How it is used. Google user data is used solely on your own machine to provide and improve the user-facing features of the App (for example, so an agent can read a document you selected, or create a new spreadsheet at your request). The content is passed to Anthropic's API as part of the agent's prompt when needed; it is not transmitted to Fabric.

• What we do not do. We do not transfer your Google user data to any party other than as necessary for you to use the App (for example, passing file content to Anthropic's API in order to generate an agent response). We do not use Google user data for advertising. We do not allow humans to read your Google user data.

• Storage. Fabric does not store the content of your Google Drive files on any server. File content is fetched from Google's APIs when an agent needs it and passes through the App's in-memory processing on your device. The App retains only references (file IDs, names, URLs) locally, to maintain links between your projects and the files you have selected.

1.6 Retention and deletion

Because the App stores your data locally, you control retention. To delete your data, delete the database file or uninstall the App. To revoke an integration, disconnect it from Project Settings; the stored tokens are removed from your machine immediately. You can also revoke Fabric's access at each provider's account-permissions page (Google, GitHub, Linear).

1.7 Security

OAuth tokens are stored using your operating system's secure credential store (Keychain on macOS) via Electron's safeStorage API. All network requests to third-party services use TLS. Because the App runs on your computer, the overall security of the App's data depends on the security of your device.

Part 2: The Fabric Website (fabric.studio)

The website at https://www.fabric.studio is a simple marketing page with a download button, a newsletter signup, and a link to email us. It does not give access to the desktop App's data.

Analytics. We use Plausible Analytics to understand aggregate traffic patterns on the Website — pages visited, referrer, country-level location, and device type. Plausible does not use cookies, does not collect or store IP addresses in identifiable form, and does not track visitors across sites. No cookie-consent banner is required because no personal data is collected.

Newsletter and support. If you subscribe to our newsletter or email support@fabric.studio, we receive your email address and anything you send. Newsletter delivery is handled by Resend. Our support inbox runs on HEY (37signals, LLC). Newsletter subscribers can unsubscribe at any time using the link in any email; contact support@fabric.studio to delete your subscriber record or your support-email history.

Subprocessors (Website only). The desktop app has no Fabric subprocessors. The Website relies on the following: