Privacy Policy

Folio ("the Service", "we", "us") is operated by an individual based in the United Kingdom. For data protection purposes under UK GDPR, we are the controller of your personal data.

To contact us about your data, email feedbackfolioapp@gmail.com.

We collect the minimum data necessary to provide the Service:

• Account data — your email address and name, collected when you create an account via Clerk.
• Account status — whether you have an active account. If we introduce paid tiers in the future, payment details will be processed directly by Stripe and never stored by us.
• Saved content — bookmarks and personal notes you save within the Service, stored in our database.
• Server logs — standard request logs generated by our hosting provider (Vercel), including IP addresses and pages visited. These are retained for up to 30 days.

We use Vercel's privacy-friendly analytics to measure aggregate page views and general usage trends. It does not use cookies, does not track you across other websites, and does not build an advertising profile of you.

With your consent (via the cookie preferences banner shown on first visit), we also use PostHog to understand how the Service is used at a per-user level — for example, which features new users find first and where in the sign-up journey people drop off. PostHog stores event data (page views, clicks on key features, your Clerk user ID), uses cookies for session continuity, and is hosted in the European Union. Analytics is OFF by default; you can change your choice any time from the “Cookies” link in the footer.

We do not use cross-site tracking tools such as Google Analytics, and we do not sell your data to anyone.

We use your data solely to:

• Create and manage your account
• Authenticate you and keep you signed in
• Send transactional emails (e.g. welcome email, payment receipts)
• Provide and improve the Service
• Respond to support requests

Our legal basis for processing is contract performance (providing the service you signed up for) and, where applicable, legitimate interests.

We use the following trusted third-party services to operate the Service:

• Clerk — authentication and account management. Stores your email and name.
• Stripe — payment processing. Handles all card details under PCI-DSS compliance. We use Stripe for payment processing when applicable.
• Upstash (Redis) — cloud database for account data, bookmarks, and cached content.
• Vercel — hosting and serverless infrastructure. Processes request data as part of serving the site.
• Resend — transactional email delivery.
• ElevenLabs / Anthropic / Tavily — used for generating briefing content and audio. No personal data about you is sent to these services.
• Vercel Analytics — privacy-friendly, cookieless measurement of aggregate page views. Does not track you across other sites or build an advertising profile.
• PostHog (EU Cloud) — product analytics for understanding how features are used, loaded only with your explicit consent. Data is stored in the European Union. See PostHog's Data Processing Agreement for details on how they handle the data.

Some of our providers (including Clerk, Vercel, Stripe, Anthropic, and Upstash) process data on servers outside the United Kingdom, including in the United States. Where personal data is transferred outside the UK, that transfer is covered by the provider's data processing agreement incorporating UK-approved safeguards (such as the UK International Data Transfer Agreement or Standard Contractual Clauses with the UK Addendum).

We use two categories of cookies and similar storage:

• Strictly necessary — a session cookie set by Clerk to keep you signed in, plus a small local-storage entry recording your cookie-preferences choice. These cannot be turned off because the Service cannot function without them.
• Analytics (opt-in) — PostHog uses cookies to maintain a consistent identity across page navigations so we can measure feature usage. These only load if you explicitly accept analytics on the cookie banner. You can change your choice any time via the “Cookies” link in the footer.

Vercel Analytics (our basic page-view counter) is cookieless and does not set any cookies on your device. We do not use advertising cookies or tracking pixels.

We retain your account data for as long as your account is active. If you request deletion of your account, we will delete your personal data within 30 days, except where we are required to retain records for legal or financial reasons (for example, Stripe transaction records).

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict our processing
• Data portability (receive your data in a portable format)
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at feedbackfolioapp@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

We may update this policy from time to time. Material changes will be communicated by email or by a notice on the Service. The date at the top of this page reflects the most recent update.