PolicyFoundry
Terms

Privacy

Privacy Policy

Last updated: October 14, 2025

1. Introduction

PolicyFoundry ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect
2.1 Personal Information

When you create an account, we collect:

  • Name and email address (from your Google account if you sign in with Google)
  • Profile information (avatar, if provided)
  • Payment information (processed securely through Stripe)
2.2 Document Content

We collect and process the policy documents you upload to generate illustrations. This may include:

  • Document text and content
  • File metadata (filename, file type, file size)
  • Generated images and illustrations
2.3 Usage Information

We automatically collect certain information when you use our Service:

  • Device information (browser type, operating system)
  • Usage patterns and interaction with the Service
  • Session information and timestamps
  • IP address and general location data
3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, maintain, and improve our Service
  • To process your uploaded documents and generate illustrations
  • To manage your account and credits
  • To process payments and prevent fraud
  • To communicate with you about your account and Service updates
  • To analyze usage patterns and improve our AI models (using anonymized data)
  • To comply with legal obligations
4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your data:

  • Data is stored securely using Supabase infrastructure with encryption at rest and in transit
  • Uploaded documents and generated images are stored in secure cloud storage
  • Payment information is processed through Stripe and is never stored on our servers
  • Access to personal data is restricted to authorized personnel only

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We work with third-party service providers (Supabase for database, Stripe for payments, Google Gemini for AI processing) who need access to your information to provide services on our behalf
  • Legal Requirements: We may disclose your information if required by law or in response to valid legal requests
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity
6. Third-Party Services

Our Service uses the following third-party services:

  • Google OAuth: For authentication (subject to Google's Privacy Policy)
  • Stripe: For payment processing (subject to Stripe's Privacy Policy)
  • Supabase: For data storage and management
  • Google Gemini: For AI-powered image generation

These third parties have their own privacy policies and we encourage you to review them.

7. Data Retention

We retain your personal data and uploaded content for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. You may request deletion of your data at any time.

When you request deletion or close your account:

  • Your account information will be deleted
  • Your uploaded documents and generated images will be removed from our servers
  • Some information may be retained for legal or business purposes (e.g., transaction records for tax purposes)
8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request a copy of your data in a machine-readable format
  • Objection: Object to processing of your personal data
  • Withdraw Consent: Withdraw consent for processing where consent was provided

To exercise these rights, please contact us at [email protected].

9. Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain your session and keep you signed in
  • Remember your preferences
  • Analyze how you use our Service

You can control cookies through your browser settings, but disabling cookies may affect your ability to use certain features of the Service.

10. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at [email protected].