Legal
Effective Date: May 1, 2026 · Last Updated: May 11, 2026
ProquBe AI ("Company," "we," "us," or "our") operates the Faro Agentic Operating System accessible at app.faro.so and the early access registration page at earlyaccess.faroos.ai. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.
By registering for early access or using the Platform, you consent to the practices described in this Policy.
When you register for early access, we collect: your first name, work email address, and your stated intent for using Faro (e.g., business departments, personal routines). This information is stored in our database with a timestamp of registration.
When you log in to the Platform, we use Firebase Authentication with Google OAuth. We receive your Google profile information (name, email, profile picture, and a unique identifier called openId). We store your name, email, login method, and role in our database. We do not store your Google password.
We automatically collect information about how you interact with the Platform, including: task descriptions and execution logs, browser screenshots captured during agent execution (stored temporarily in Redis at 150ms intervals), file artifacts generated during tasks, API request logs, and error reports.
We collect standard technical information including IP address, browser type and version, operating system, referring URLs, and session duration. This data is collected via our analytics service (Umami) and server logs.
If you connect third-party services (Gmail, Slack, GitHub, etc.), we store OAuth tokens and credentials in encrypted form. These credentials are used solely to execute tasks on your behalf and are never shared with third parties beyond what is necessary to perform the requested action.
We use the information we collect to:
We do not sell your personal information to third parties. We do not use your data to train AI models without your explicit consent.
Your data is stored in a TiDB serverless MySQL database with 52 tables. All database queries use Drizzle ORM with parameterized queries — no raw SQL is executed. Every query is scoped to your organization ID, making cross-tenant data access technically impossible.
Chat messages are encrypted using AES-256-GCM before storage. API keys are stored as bcrypt hashes and shown to users only once. Connector credentials (OAuth tokens) are encrypted in the database and injected at runtime via environment variables — never stored in plaintext, logs, or code.
Files and artifacts generated during task execution are stored in S3-compatible object storage. File bytes are stored in S3; metadata (path, URL, owner, MIME type) is stored in the database. Files are accessible via presigned URLs.
The Platform enforces HTTPS via HSTS (1-year policy), Content Security Policy (CSP), X-Frame-Options: DENY to prevent clickjacking, X-Content-Type-Options: nosniff, and a strict Referrer-Policy.
Early access registration data is retained indefinitely until you request deletion. Workspace containers have a 24-hour idle timeout and a 7-day maximum age, after which container data is destroyed. Task execution logs are retained for 90 days. Session cookies expire after 7 days of inactivity.
You may request deletion of your personal data at any time by contacting us at [email protected]. We will process deletion requests within 30 days.
We use the following third-party services that may process your data:
| Service | Purpose |
|---|---|
| Firebase Auth (Google) | Identity verification and OAuth |
| TiDB Serverless | Primary database |
| GCP Cloud Run | API server hosting |
| Redis | Session management and real-time streaming |
| S3-compatible storage | File and artifact storage |
| Resend | Transactional email delivery |
| Umami Analytics | Privacy-friendly usage analytics |
| Anthropic Claude | AI task execution (primary LLM) |
| OpenAI GPT-4o | AI task execution (fallback LLM) |
| Groq Llama | AI task execution (speed-optimized fallback) |
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, contact us at [email protected].
The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.
The Platform is operated from the United States (GCP us-central1 region). If you are accessing the Platform from outside the United States, your data may be transferred to, stored, and processed in the United States. By using the Platform, you consent to this transfer.
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last Updated" date at the top of this Policy reflects the most recent revision. Continued use of the Platform after changes take effect constitutes acceptance of the revised Policy.
For privacy-related inquiries or to exercise your rights, contact us at:
ProquBe AI — Privacy
Email: [email protected]
Platform: app.faro.so