Privacy Policy

We hate legal jargon. However, our moms asked us not to get sued. For your reading pleasure, here’s some important info that has to do with your privacy and rights, our privacy and rights, and how we can all get along nicely and look out for each other.

-Fathom Team

(Looking for our Terms and Conditions Statement? It’s equally riveting. Read that here.)

Fathom Privacy Policy

Welcome to The terms ‘’ and, hereafter, ‘Fathom’, ‘the website’, ‘us’, ‘our’, and ‘we’ refer to the team behind the Fathom brand and The term ‘you’ refers to any user or viewer of our website, services, tools, or content. The term ‘Policy’ refers to this Privacy Policy document as expressed on this web page.

Fathom Performance is a private company limited by shares with registered company number SC655292 through Companies House (UK). Fathom respects your privacy and is committed to protecting your personal data. At all times we aim to respect any personal information you share with us, or that we receive from others, and keep it safe. This Policy sets out our data processing practices and your rights and options regarding the ways in which your personal information is used and collected.

By engaging with this website or the Fathom brand in any way (browsing, becoming a member, or otherwise), you are agreeing to comply with (and be legally bound by) the following terms and conditions of use. These terms and conditions govern the relationship between Fathom and yourself. If you disagree with any part of these terms and conditions, please do not use our website or engage with the Fathom brand. If that’s the case, don’t worry – no hard feelings on our end.

This Policy contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information. The provision of your personal information to us is voluntary. Without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, your organisation will be unable to sign up for use of the Fathom Performance application and we will be unable to provide you with technical assistance.

This Privacy Policy expresses how we use and protect any information that you give us when you use this website or the Fathom Performance application.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will be used in accordance with this privacy policy.

We may change this Policy from time to time by updating this page. You are encouraged to check this page periodically to ensure that you are satisfied with any changes. This Policy is effective starting 21st February 2020.

What Information We Collect

The information we may collect could include, but not be limited to, the following: Name; contact information including email address; demographic information; payment information in the case of purchasing services or use plans; geographic information; or other information relevant to customer engagement, needs, and/or offers.

What Information We Collect

Fathom may obtain information in the following ways:

  1. When you give it to us directly. For example, personal information that you submit through the Fathom website or app, or that you give to us when you communicate with us by email or phone.
  2. When we obtain it indirectly. For example, your personal information may be shared with us by third parties including, for example, third party service providers (such as software developers who assist us with the operation of Fathom); funding organisations with which your organisation works, analytics providers and search information providers.
  3. When it is available publicly. Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us via Facebook or Twitter).
  4. When you visit our website. When you visit our website, we may automatically collect the following types of personal information:
    1. Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.
    2. Information about your visit to the websites, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page.
    3. We may collect and use your personal information by using cookies on our website – please see our Cookie information below.

In general, we may combine your personal information from these different sources set out above for the purposes set out in this Policy.

What We Do with the Information We Gather

We collect this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  1. Internal record keeping. We may use the information to improve our products and services.
  2. Promotion. We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided. We may also use your information to contact you for market research purposes.
  3. Contact. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

We retain certain information about your account in perpetuity.

Disclosures of Your Personal Data

We do not share, sell or rent your personal information to third parties for marketing purposes. However, we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Policy. These parties may include (but are not limited to):

  1. Funding or delivery organisations, as relevant;
  2. Suppliers and subcontractors for the performance of any contract we enter into with them, for example IT service providers such as software developers or cloud storage providers;
  3. Funding bodies with which we work; 
  4. Banks (for payment processing purposes);
  5. Professional service providers such as accountants and lawyers;
  6. Parties assisting us with research to monitor the impact/effectiveness of our services; and
  7. Regulatory authorities, such as tax authorities.

In particular, we reserve the right to disclose your personal information to third parties in the following cases:

  1. In the event that we sell or buy any business or assets, we will disclose your personal information to the (prospective) seller or buyer of such business or assets;
  2. If substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
  3. If we are under any legal or regulatory duty to do so; and/or
  4. To protect the rights, property or safety of Fathom, its personnel, users, visitors or others.

How Others May Share Their Data or Use Your Data

The Fathom platform enables users – in the form of both individuals, entities, and organisations – to do the following:

  1. Invite users to participate in data viewing, collection, and/or analysis activities; or
  2. Invite users to share their personal data in ways that might be accessible or viewable to others or to parties independent of and external from Fathom.

This means that the Fathom platform makes it possible for you to see and access others’ personal information, and/or to share your personal data with others.

While it does not condone illicit, harmful, deceptive, or unfitting use of your personal information in any way, Fathom is not liable for the actions or behaviours of independent individuals, entities or organisations that use the Fathom platform to acquire your personal information. It is the responsibility of each user to share their information only with individuals, entities, or organisations they trust.

Fathom beseeches every user of its platform to perform due diligence to protect any person’s personal information that is obtained through the Fathom platform and to only use others’ personal information in ways that will benefit or not harm them.

While Fathom will not be held responsible for inappropriate uses of either the Fathom platform or any personal information obtained through its use, Fathom reserves the right to, when possible and in line with its legitimate interests (see “Legitimate Interests” section below), support any user that has been wronged by another user through abuse of the Fathom platform through appropriate action.


We are committed to protecting your information. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Lawful Bases

Under the UK GDPR we will rely on one or more of the following legal bases for processing your personal data:

  1. Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to use your personal information to send you marketing or promotional information about Fathom or software developments, or to collect special categories of personal information);
  2. Where necessary so that we can comply with a legal obligation to which we are subject (for example, when we are obliged to share your personal information with regulatory bodies which govern our work and services);
  3. Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, to provide you with the software in return for the purchase price of the software); or 
  4. Where it is necessary for the purpose of our legitimate interests and your interest or fundamental rights and freedoms do not override those interests.

Legitimate Interests

Our “legitimate interests” means our interest in ensuring that the Fathom organisation operates safely, efficiently, and effectively as a software and consulting solution. In assessing our legitimate interests, we make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

Conditions of Information Collection

Where we collect and/or use special categories of your personal information, we are required by the UK GDPR to rely on at least one from an additional set of conditions. We consider the conditions below to be relevant:

  1. Where you have already made public the relevant information (for example, where you have made it public on a social media account);
  2. Where the information is required for the establishment, exercise or defence of legal claims;
  3. Where the information is necessary for reasons of substantial public interest (for example, monitoring and ensuring equality of opportunity); or
  4. Otherwise, where you have given your explicit consent for us to do so.

International Transfers

Fathom is a UK-incorporated organisation. However, our team, servers and equipment are international and thus also located in the United States. This means that your data may be stored on servers that are located internationally. Because we may also use agencies and/or suppliers to process personal information on our behalf and we have customers based around the world, it is possible that personal information we collect from you will be transferred to and stored in a location outside the UK. And regardless of your location, it is also possible that your data will be stored in a country outside your own.

Whenever we store your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  1. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
  2. Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorised access. Please contact us if you want further information on the specific mechanism used by us when storing or transferring your personal data out of the UK.

Data Retention

We will work to only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records six years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see “Right of erasure” below), we will remove it from our records at the relevant time.

If you request to receive no further contact from us, we may keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.

Exercising Your Legal Rights

Under certain circumstances, you have the right under data protection laws in relation to the use of your personal data. These rights include:

  1. Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
  2. Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so. In many cases we would propose to suppress further communications with you, rather than delete it.
  3. Right of correction – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/up to date.
  4. Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate usage.
  5. Right to object to processing– you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests basis (see “Legitimate Interests” above), (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.
  6. Right to request transfer of your personal data – to the extent required by the UK GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.
  7. Rights to withdraw consent at any time – where we are relying on consent to process your personal data. This includes the right to ask us to stop using your personal information for marketing or fundraising purposes or to unsubscribe from our email list at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. we will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us using the contact form on our website (reachable at

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee to cover administrative expenses or time spent if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We encourage you to raise any concerns or complaints you have about the way we use your personal information by contacting us using the contact form on our website. You are further entitled to make a complaint to the Information Commissioner’s Office –

How We Use Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We may use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We use this information for statistical analysis purposes and then the data is removed from the system.

Cookies can help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. So that you are aware, this may prevent you from taking full advantage of the website.


We may update this Policy from time to time. We will notify users of significant changes when reasonably possible for us to do so and by placing an updated notice on our website. This Policy was last updated December 2021.

We link our website directly to other sites. This Policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.

Please let us know if you have any questions or concerns about this Policy or about the way in which Fathom processes your personal information by contacting us through the contact channels available on this website.

This concludes our Privacy Policy. If you made it this far, we are exceedingly proud of you. Well done.

-Fathom Team