Privacy Policy

1. What we collect

Account

When you sign in we store your email address (via Supabase magic-link authentication) and the optional handle you claim for your public profile. We also store the timestamp of your account creation and an internal user ID.

Design artifacts

Every generation you trigger creates rows in our database: the prompt text you submit, the TSX source code Claude returns, the derived theme JSON, and the Anthropic token usage for that call. These live in the design_versions, contexts, and usage_ledger tables.

Taste signals

Your A/B picks, thumbs ratings, and any free-text feedback you leave are written to an append-only taste_events log. Free-text feedback is also sent to Claude Haiku to extract structured preference signals (palette preferences, typography leanings, density). The signals are stored in preference_signals. A worker recomputes a single user_memory document that powers your Taste Card.

Conversation log

If you chat with Foundry inside a project, those turns are stored in conversation_turns scoped to your user ID and context, so the next generation can see the session history.

Operational data

Rate-limit counters, pair-generation history (used to enforce the rolling 7-day quota), and standard server request logs (IP, user-agent, path, status, latency). Request logs are held on our hosting providers' infrastructure for their standard retention window and are not used for product analytics.

2. What we don't collect

• No third-party web analytics (no Google Analytics, PostHog, Segment, Mixpanel, Plausible, or similar).
• No marketing or cross-site tracking cookies. The only cookies we set are your Supabase authentication session and CSRF tokens required to keep you signed in.
• No ad networks, no pixels, no fingerprinting.
• No keystroke logging, mouse-movement capture, or session replay.
• Payment information is handled by Stripe if you subscribe to the Hobby plan. Foundry never stores full card numbers, CVVs, or billing addresses on our servers — Stripe receives them directly. We keep only the minimal records required to match a subscription to your account (Stripe customer id, subscription id, status, plan tier).

3. Who processes your data

We use the following sub-processors. Each receives only the data required to provide its service.

• Supabase — authentication, Postgres database, and object storage. Stores your email, handle, design artifacts, taste events, and user memory.
• Railway — hosts the API and worker services that process your generations.
• Vercel — hosts this website.
• Anthropic (Claude API) — your prompt text and any free-text feedback you submit are sent to Anthropic to generate designs and to extract preference signals. Anthropic's own data policy governs that processing.
• Cloudflare Turnstile — dormant. If we enable it as an abuse gate, Cloudflare will receive the standard Turnstile challenge metadata (IP, user-agent, page URL) on the sign-in form and pair-generation endpoint.

4. How long we keep it

• Design versions (both winners and losers of each A/B pair) are retained indefinitely. They form the training set that makes future generations match your taste.
• Taste events are append-only and retained indefinitely so the memory algorithm can be re-run against the full history when it is tuned.
• Rate-limit buckets expire within hours of creation.
• When you delete your account, every row keyed to your user ID is cascade-deleted from the database. This includes contexts, design versions, pair events, ratings, conversation turns, preference signals, user memory, and your profile row.

5. Public versus private

Your account is private by default. Two explicit toggles in Settings change that:

• Public profile — when on, /@your-handle renders your Taste Card to anyone with the link. When off, that URL returns 404.
• Public gallery — when on, the designs you've picked appear below your public Taste Card. Only takes effect when the profile itself is public.

Your email, prompts, chat history, and losing variants are never made public. The preview iframes that render your designs are served with a one-hour HMAC-signed token so they cannot be crawled at scale.

6. Your rights

• Access & export. Email us and we will return every row we hold keyed to your account.
• Correction. You can change your handle, toggle profile visibility, and edit your own artifacts from Settings.
• Deletion. Email us to delete your account. Cascading deletion runs immediately and removes your data from the training set used to improve the generator.

Your picks, prompts, and feedback may be used in aggregate to evaluate and improve the design generator. The per-user Taste Card you see in the app is derived from your own memory document; the aggregate training set draws on everyone's picks together. Deleting your account removes your rows from both.

7. Children

Foundry is not directed at children under 13. If you are under 13, please do not create an account. If we discover an account belongs to a child under 13, we will delete it.

8. International transfers

Foundry's infrastructure runs in the United States. If you access Foundry from outside the US, your data is transferred to and processed in the US. By using the service you consent to that transfer.

9. Security

Authentication is handled by Supabase magic-link; we never see your password because there isn't one. Database access is gated by row-level security policies that restrict each row to its owning user. Preview iframes are sandboxed with a strict Content-Security-Policy and do not share an origin with your signed-in session.

No system is perfectly secure. If you discover a vulnerability, please report it to the contact address below before disclosing publicly.

10. Changes to this policy

We date-stamp every version of this page. If we make a material change — adding a sub-processor, expanding what we collect, changing retention — we will email account holders at least 14 days before it takes effect.

11. Contact

Questions, data requests, or security reports: hello@tryfoundry.design.