Effective April 2026

Privacy Policy

Version 1.0 · Last updated April 2026

1. Introduction

Sol Foundry, Inc. (“Sol Foundry,” “we,” “us,” or “our”) operates the solfoundry platform, accessible at solfoundry.app and hellosol.app (the “Service”). This Privacy Policy describes how we collect, use, store, protect, and share your personal information when you use our Service.

By using solfoundry, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Data Type	Description	Purpose
Name	Your display name from Google account	Account identification, in-app display
Email address	Your Google account email	Account identification, communication
Profile image URL	Your Google profile photo URL	In-app display

2.2 Information Collected Automatically

Data Type	Description	Purpose
Usage data	Features used, actions taken within the platform	Service delivery, product improvement
Device and browser information	Browser type, operating system (via standard HTTP headers)	Service compatibility, troubleshooting
Error and performance data	Application errors, stack traces (no PII included)	Service reliability, bug fixing
Application telemetry	Request traces, response times, system metrics (no PII included)	Performance monitoring, service optimization

2.3 Information Created Through Your Use of the Service

Data Type	Description	Purpose
Callouts (tasks)	Tasks and action items you create or are assigned	Core service functionality
Loops	Recurring items you configure	Core service functionality
Topics	Conversation topics and threads	Core service functionality
Contacts	Contact information you add to the platform	Core service functionality
File attachments	Files you upload to the platform	Core service functionality

3. How We Use Your Information

We use the information we collect to:

Provide the Service — Deliver core solfoundry functionality including task management, topic identification, and integrations
Improve the Service — Analyze usage patterns and error data to fix bugs and improve features
Communicate with you — Send service-related notifications and respond to support requests
Ensure security — Detect and prevent unauthorized access, fraud, and abuse
Comply with legal obligations — Meet applicable legal and regulatory requirements

We do not use your personal information for advertising, sell it to third parties, or share it for purposes unrelated to providing and improving the Service.

4. How We Store and Protect Your Information

4.1 Data Storage

Our primary infrastructure is hosted in the United States (AWS us-east-1 region). Some third-party service providers listed in Section 5 may process limited data in other regions as part of their service delivery. We require all providers to maintain appropriate security safeguards regardless of processing location.

Storage System	Data Stored	Encryption
Amazon Aurora PostgreSQL	User accounts, callouts, loops, topics, contacts	AWS KMS encryption at rest
Amazon S3	File attachments	AWS KMS encryption at rest
Amazon DynamoDB	LLM response metadata (no PII)	AWS-managed encryption at rest

4.2 Encryption

At rest: All databases and storage systems use AWS KMS or AES-256 encryption
In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Database connections require SSL.

5. Third-Party Services

Provider	Data Shared	Purpose	Compliance
Amazon Web Services (AWS)	All application data (encrypted)	Cloud infrastructure hosting	SOC 2 Type II, ISO 27001
Google / Firebase	Email, name, profile image (via Google OAuth)	User authentication	SOC 2 Type II, ISO 27001
Composio	OAuth tokens for Gmail/Slack integrations	Integration token management	Vendor security reviewed annually
OpenAI / LLM Providers	Conversation context for AI processing (PII is minimized before transmission)	AI-powered features	SOC 2 Type II (OpenAI)
Sentry	Application errors and stack traces (no PII)	Error tracking and monitoring	SOC 2 Type II, ISO 27001
SigNoz	Application telemetry data (no PII)	Performance monitoring	Vendor security reviewed annually
HetrixTools	Health check endpoint URL and response status	Uptime monitoring	N/A (no user data shared)

6. Cookies and Tracking

solfoundry uses only essential cookies required for authentication (Firebase Authentication session). We do not use advertising or marketing cookies, third-party tracking cookies, analytics cookies, or social media tracking pixels.

7. Data Retention

Data Type	Retention Period	Deletion Method
User account data	Duration of account	Hard delete on account deletion
Callouts, loops, topics, contacts	Duration of account	Hard delete on account deletion
File attachments	Duration of account	Deleted from S3 on account deletion
Application logs	14 days (staging), 365 days (production)	Automatic expiration
Error tracking data	90 days	Automatic expiration (Sentry retention)

When you delete your account, we initiate deletion of your personal data from our active systems promptly. Residual copies in encrypted backups are purged within 30 days. Data already transmitted to third-party services (e.g., error logs in Sentry) will be deleted according to the retention schedules listed above. Account deletion is permanent and cannot be reversed.

8. Your Rights

Right	Description	How to Exercise
Access	Request a copy of the personal data we hold about you	Contact us at the email below
Correction	Request correction of inaccurate personal data	Update your profile in the app, or contact us
Deletion	Request deletion of all your personal data	Use the account deletion feature in the app, or contact us
Data portability	Request your data in a portable format	Contact us at the email below
Objection	Object to processing of your personal data	Contact us at the email below

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users and applicable regulatory authorities as required by law. We aim to provide notification within 72 hours of becoming aware of a qualifying breach, including a description of the breach, the types of data affected, and the steps we are taking in response.

10. Your Rights Under Applicable Law

Depending on your location, you may have additional rights under applicable data protection laws, including the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR).

California Residents (CCPA)

Right to know what personal information we collect and how it is used
Right to request deletion of your personal information
Right to opt out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your privacy rights

EU/EEA Residents (GDPR)

Right of access, rectification, erasure, and data portability
Right to restrict or object to processing
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at the email listed below. We will respond to verifiable requests within the timeframes required by applicable law.

11. Children’s Privacy

solfoundry is not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date and notify users via email or in-app notification for significant changes. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Sol Foundry, Inc.
Email: anish@solfoundry.co