Privacy Policy

Effective date: April 29, 2026

1. Who we are

Foundry ("we," "us," or "our") operates the Foundry platform, which helps professionals manage social media, CRM, and customer engagement. When you use Foundry, we process data on your behalf. This policy explains what we collect, why, and how you can control it.

2. Information we collect

  • Account data: Email address, name, and password hash when you create an account.
  • Profile data: Business information, voice preferences, and content guidelines you provide.
  • Platform connections: OAuth tokens for connected social accounts (Instagram, LinkedIn, etc.). We store the minimum scopes needed to post on your behalf.
  • Usage data: Pages visited, features used, and interaction events — used to improve the product.
  • Payment data: Handled by Stripe. We never store raw card numbers. We receive billing status and subscription tier.

3. How we use your information

  • To provide the Foundry service — generating and publishing content on your behalf.
  • To personalize AI-generated content to your voice and preferences.
  • To process billing and manage your subscription.
  • To send transactional emails (post approvals, billing receipts). We do not send marketing email without your consent.
  • To monitor for abuse and maintain platform security.

4. AI and content generation

Your profile data and writing samples are sent to AI model providers (currently Anthropic Claude) to generate content. These providers process your data under their own data-use policies. We do not sell your data to AI providers or allow them to use it to train their general models beyond what their standard data-processing agreements permit.

5. Data sharing

We do not sell your personal data. We share data only with:

  • Infrastructure providers: Supabase (database), Vercel (hosting), Railway (API hosting).
  • Payment processor: Stripe.
  • AI providers: Anthropic, for content generation only.
  • Connected platforms: Posts are sent to the platforms you have authorized (Instagram, LinkedIn, etc.).
  • Law enforcement, only when required by valid legal process.

6. Data retention

We retain account and profile data for as long as your account is active. When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., billing records).

7. Your rights

You may request access to, correction of, or deletion of your data at any time by emailing privacy@foundry.app. If you are in the EU or UK, you also have the right to data portability and to lodge a complaint with your supervisory authority.

8. Cookies

We use session cookies for authentication (managed by Supabase) and localStorage for theme/accessibility preferences. We do not use third-party advertising cookies.

9. Changes to this policy

We will notify you by email and in-app notice at least 14 days before any material change takes effect. Continued use after the effective date constitutes acceptance.

10. Contact

Questions? Email privacy@foundry.app.