Privacy Policy

Last updated: March 7, 2026

FoundrOS ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (the "Service").

1. Information We Collect

Account Information: When you create an account, we collect your email address, name, and encrypted password hash. We never store passwords in plain text.

Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, and device information (browser type, operating system, IP address).

Business Data: Content you create through the Service, including AI agent configurations, task data, reports, and business metrics.

Payment Information: When you subscribe to paid features, payment processing is handled by Stripe. We do not store your full credit card number. We receive and store transaction IDs, subscription status, and billing metadata.

Third-Party Integration Data: When you connect third-party services (GitHub, Gmail, etc.), we store encrypted OAuth tokens necessary to maintain those connections. We access only the data required to provide the Service features you requested.

2. How We Use Your Information

We use your information to:

• Provide, maintain, and improve the Service
• Process transactions and manage subscriptions
• Execute AI agent tasks on your behalf
• Send service-related communications (account alerts, security notices)
• Analyze usage patterns to improve features and performance
• Prevent fraud and ensure platform security
• Comply with legal obligations

3. Data Sharing

We do not sell your personal information. We may share data with:

• Service Providers: Third-party services that help us operate (hosting, payment processing, analytics). These providers are bound by confidentiality agreements.
• AI Model Providers: We send task prompts and context to AI providers (e.g., Anthropic) to execute agent tasks. These providers process data according to their own privacy policies and data processing agreements.
• Legal Requirements: We may disclose information when required by law, court order, or to protect our rights and safety.
• Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred to the new entity.

4. Data Security

We implement industry-standard security measures to protect your data:

• AES-256-GCM encryption for stored OAuth tokens and sensitive credentials
• HTTPS/TLS encryption for all data in transit
• Parameterized database queries to prevent SQL injection
• Session-based authentication with secure, HTTP-only cookies
• Regular security audits and updates

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance). Anonymized usage data may be retained indefinitely for analytics purposes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data
• Restriction: Request that we limit processing of your data

To exercise these rights, contact us at privacy@foundros.com.

7. Cookies and Tracking

We use essential cookies for authentication and session management. We may use analytics cookies to understand how users interact with the Service. You can control cookie preferences through your browser settings, though disabling essential cookies may affect Service functionality.

8. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

9. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

privacy@foundros.com