Privacy Policy

Last updated: March 14, 2026

1. Introduction

This Privacy Policy describes how fold.run ("we", "us", "our") collects, uses, and protects your information when you use our deployment platform (the "Service"). We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

Account information. When you create an account, we collect your email address and a hashed password. Passwords are hashed using PBKDF2 and are never stored in plain text.

Deployed code. When you deploy functions to the Service, we store your code bundles in encrypted object storage. Code is associated with your account and versioned for rollback purposes.

Secrets and credentials. If you store secrets through the Service, they are encrypted at rest using AES-256. We cannot read your encrypted secrets. They are decrypted only at deploy time to inject them into your function runtime.

Usage data. We collect information about how you use the Service, including API requests, activation logs (HTTP method, status code, duration, timestamps), and feature usage. This data helps us operate, maintain, and improve the Service.

Billing information. Payment processing is handled by Stripe. We do not store your credit card numbers. Stripe's privacy policy governs the handling of your payment information.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your deployments and serve your functions globally
  • Authenticate your identity and secure your account
  • Send transactional emails (account verification, team invitations, password resets)
  • Monitor and enforce rate limits and usage quotas
  • Generate usage analytics visible in your dashboard
  • Diagnose and resolve technical issues
  • Improve the Service based on aggregate usage patterns
  • Comply with legal obligations

4. AI Features

The Service includes AI-powered features such as code generation (fold create-tool), deploy summaries, and error diagnosis. When you use these features, your prompts and relevant code context are processed by AI models to generate responses. We do not use your prompts or code to train AI models.

5. Data Sharing

We do not sell your personal information. We share information only in these circumstances:

  • Service providers. We use third-party services to operate the platform, including infrastructure providers, payment processing (Stripe), and email delivery. These providers access data only as needed to perform services on our behalf.
  • Team members. If you use team features, other members of your workspace can access shared functions, activations, and configuration within that workspace.
  • Legal requirements. We may disclose information if required by law, regulation, legal process, or governmental request.
  • Safety. We may disclose information if we believe it is necessary to prevent harm, fraud, or violations of our Terms of Service.

6. Data Retention

We retain your account data for as long as your account is active. Activation logs are retained for 30 days. Code bundles are retained for all deployed versions to support rollback. When you delete a function, its code bundles are removed from storage.

When you close your account, we delete your data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or resolving disputes).

7. Data Security

We implement security measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for secrets (AES-256) and stored code
  • Password hashing with PBKDF2
  • JWT-based authentication with short-lived tokens
  • Account isolation ensuring your data is not accessible to other users
  • Audit logging for administrative actions

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies

The fold.run marketing site does not use tracking cookies or analytics scripts. The app console (app.fold.run) uses a single httpOnly authentication cookie to maintain your session. This cookie is essential for the Service to function and is not used for tracking.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your deployed code and configuration
  • Object to or restrict certain processing of your information

To exercise these rights, contact us at hello@fold.run.

10. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. International Data Transfers

Your data may be processed in multiple regions as part of our globally distributed infrastructure. By using the Service, you consent to the transfer and processing of your data in these locations.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or our data practices, contact us at hello@fold.run.