Your data, treated like it belongs to you.

Foundry is a B2B platform operated by ArcheForge, LLC, a limited liability company. Throughout this policy, references to "Foundry," "we," "us," or "our" refer to ArcheForge, LLC and the Foundry platform it operates.

If you have any privacy question or want to exercise a data right described below, email privacy@foundryagents.ai.

We collect only what we need to run Foundry for you:

• Account information — your name, email, password hash, profile photo (if you upload one), and the organisations / teams you create or join.
• Workspace content — anything you and your team create inside Foundry: conversation messages, documents, brand assets, audit results, mission outputs, scheduled posts.
• Customer-supplied API keys — if you connect your own OpenAI, Brave, Perplexity, or Kie.ai keys, we store them encrypted at rest and use them only to fulfil your requests.
• Audit lead data — when a visitor submits the public Signal Audit form (name, business name, work email, website URL, and optionally phone + focus area).
• Usage logs — request timestamps, the endpoints called, your IP address, and basic device / browser info, retained for security and abuse-prevention.
• Payment information — handled entirely by Stripe; we never see or store your full card number.

We use the data above to:

• Provide the Foundry service you signed up for — running agents, generating audits, sending PDFs, etc.
• Keep your account secure (login alerts, rate limiting, fraud detection).
• Send you transactional emails (welcome, password reset, audit-ready notifications, billing receipts).
• Send you optional product updates and occasional follow-ups only if you opted in. You can unsubscribe from any non-essential email at any time.
• Improve Foundry — aggregated, de-identified usage metrics help us spot bugs and prioritise features. We never use the content of your workspace (conversations, documents, audit details) for product analytics.

We do not sell your data to advertisers or data brokers. Ever.

Foundry is an AI platform, which means parts of your workspace interactions are passed to third-party AI providers to generate responses, audits, and assets. We use these providers under paid API tiers, which means:

• Your data is NOT used to train their models.
• Providers may retain inputs and outputs for a limited window (typically 30 days) for abuse-monitoring, then delete them.

For the complete list of sub-processors we use and their data policies, see our Sub-processors page. That list is the authoritative version and is kept up to date when we add or remove a provider.

Workspace content (conversations, documents, brand assets, audit history, custom agents) is stored in our managed MongoDB cluster and object storage, located in the United States. Backups are encrypted at rest. Access is restricted to the small operations team needed to run the service, logged, and audited.

File uploads (logos, documents, brand assets) stay in our storage. They are only sent to an AI provider if you explicitly reference them in a request that needs them processed.

• Active accounts — retained for as long as your account is active.
• Cancelled accounts — workspace content is retained for 30 days after cancellation so you can reactivate, then permanently deleted.
• Public Signal Audit leads — retained for up to 24 months unless you ask us to delete them sooner.
• Security / audit logs — retained for up to 12 months.
• Billing records — retained for the period required by U.S. tax / accounting law (typically 7 years).

Enterprise customers on the Refine plan can negotiate custom retention windows as part of their build engagement.

Regardless of where you live, you may ask us to:

• Access the personal data we hold about you.
• Correct data that is inaccurate or incomplete.
• Delete your account and the personal data associated with it.
• Export your data in a portable format.
• Restrict or object to certain processing.
• Withdraw consent at any time where we relied on consent.

Email privacy@foundryagents.ai with your request. We respond within 30 days. EU/UK residents have the additional right to lodge a complaint with their local data protection authority. California residents have the rights described in the CCPA / CPRA.

Foundry encrypts all data in transit (TLS 1.2+) and at rest. We use per-org authorization on every API endpoint so members of one organisation can't see another's data. Our credential vault is designed so that even our admins can't read your API keys back. See the Security page for the current posture — it's updated in lockstep with the running code.

Foundry is a B2B tool and is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be announced via email to account holders and on the platform at least 14 days before they take effect. The "Last reviewed" date at the top reflects the most recent change.

ArcheForge, LLC
Attn: Privacy
privacy@foundryagents.ai