Privacy

Privacy notice for FoundryOS.

This privacy notice covers the current FoundryOS pilot. It reflects the data the app actually stores today and does not claim automated compliance workflows that are not yet built.

Last updated April 19, 2026. This is the current pilot-facing policy surface and should receive counsel review before broad commercial launch.

What data is collected

Account and access data

  • Name, email address, hashed authentication credentials, verification state, and session-related access records.
  • Workspace memberships, invitation records, and role assignments.

Workspace operating data

  • Business profile fields, diagnostic runs, planning outputs, assets, SOPs, support requests, and deletion requests.
  • Administrative account-state and plan metadata used to control preview access.

Technical and security data

  • Basic request, environment, and delivery metadata required to operate the app securely.
  • Optional service data created when integrations such as Turnstile, Stripe, Resend, or analytics are enabled on a deployment.

How data is used

Authenticate users, manage workspace access, and persist generated operating artifacts.

Review support requests, deletion requests, and account-state changes manually during pilot operations.

Operate optional integrations such as transactional email, checkout, abuse prevention, and analytics when they are enabled.

Maintain product security, diagnose issues, and improve the reliability of the FoundryOS pilot.

Sharing and processors

FoundryOS shares data with infrastructure and service providers only to operate the product. See the subprocessor notice for the current list and what each provider does.

Retention and requests

Data is retained for as long as it is needed to operate the current workspace, support the pilot, and maintain a reliable audit trail.

Account and workspace deletion currently operate through tracked request flows with manual review. Authenticated users should use the support route for privacy and deletion requests.

Founder note

Before broad launch, this notice still needs lawyer review for jurisdiction-specific privacy rights, retention schedules, and any formal data processing addendum.

Related policies