Privacy Policy
Foundry is a taste-first design generator. We keep what we need to run the product, improve the model, and understand basic product usage. We tell you which third parties handle your data, and we do not use third-party analytics, ad networks, or tracking cookies.
1. What we collect
Your email (via magic-link sign-in), an optional handle for your public profile, the prompts and feedback you submit, your A/B picks, the designs we generate for you, basic usage metadata for each generation, and first-party product analytics such as pageviews, CTA clicks, and coarse prompt length buckets. We store a pseudonymous analytics session ID in localStorage so those first-party events can be grouped across a browser session. If you chat with Foundry inside a project, those turns are stored and scoped to your account so the next generation can see the session history.
2. What we don’t do
No third-party analytics, ad networks, tracking pixels, session replay, or keystroke logging. The only cookies we set are your authentication session and the CSRF token needed to keep you signed in. Payment information goes directly to Stripe; we never store card numbers, CVVs, or billing addresses. Anonymous landing-page prompt text is not sent to Slack or first-party analytics.
3. Who processes your data
- Supabase — authentication and database.
- Railway — hosts the API and worker services.
- Vercel — hosts this website.
- Anthropic, Google Gemini, and OpenRouter — receive your prompts and feedback to generate designs and extract preference signals.
- Stripe — handles billing if you subscribe to a paid plan.
- Resend — sends operational emails such as magic links and account notices.
- Slack — receives redacted operational alerts and digests, such as signup counts, email domains, cost summaries, and error counts.
4. How long we keep it
Your data is retained as long as you have an account. Designs, picks, and feedback are kept so your Taste Card can keep improving over time. When you schedule account deletion, your public profile and gallery are hidden immediately and the hard delete runs after the grace period; rows keyed to your user ID are cascade-deleted.
5. Public versus private
Your account is private by default. Two explicit toggles in Settings can change that: a public profile (your Taste Card at /@your-handle) and a public gallery (the designs you’ve picked, shown under your public profile). Your email, prompts, chat history, and losing variants are never made public.
6. Your rights
You can export your data, correct your handle or artifacts, or delete your account from Settings or by emailing us. Deleting your account removes your data from the aggregate training set used to improve the generator.
7. Children
Foundry is not directed at children under 13. If you are under 13, please do not create an account. If we discover an account belongs to a child under 13, we will delete it.
8. International transfers
Foundry’s infrastructure runs in the United States. If you access Foundry from outside the US, your data is transferred to and processed in the US.
9. Security
Authentication is handled by magic-link; we never see your password because there isn’t one. Database access is gated by row-level security. Preview iframes are sandboxed and do not share an origin with your signed-in session. If you discover a vulnerability, please report it to the contact address below before disclosing publicly.
10. Changes to this policy
We date-stamp every version. If we make a material change, we’ll email account holders at least 14 days before it takes effect.
11. Contact
Questions, data requests, or security reports: hello@tryfoundry.design.