Privacy Policy
Iofold Labs Privacy Policy
Last updated: July 9, 2026
This Privacy Policy explains how Iofold Labs ("Iofold", "we", "us", or "our") collects, uses, shares, and protects personal information when you use Iofold Labs cloud services, websites, hosted applications, APIs, and related services, including Artifact Use (the "Services").
This policy applies to Iofold-operated cloud services. It does not apply to third-party deployments of open-source Iofold software, customer websites or artifacts hosted through the Services, or third-party services that we do not control.
Information we collect
We collect information you provide to us, information generated when you use the Services, and information needed to operate cloud infrastructure and product features.
- Account and workspace information. Name, email address, authentication identifiers, organization or workspace identifiers, role, team invitations, and related account metadata.
- Service content. Artifacts, files, pages, documents, images, code, comments, feedback, allowlists, share-link labels, and other content you or your agents publish, upload, submit, or configure.
- Viewer and collaboration information. Viewer email addresses, verification status, share-link recipients, comments, replies, resolved status, and artifact feedback targets.
- Usage and technical information. View events, timestamps, artifact URLs, referrers, browser or user-agent data, approximate request metadata, hashed IP-derived values, logs, device and network information, and diagnostic information.
- Agent and API information. API tokens, token labels, token source, expiry and revocation metadata, device-connect requests, OAuth metadata, and MCP/API activity needed to authenticate and operate agents.
- Billing and commercial information. Plan, subscription, invoice, payment status, and limited billing metadata. Payment details may be processed by payment providers rather than stored directly by Iofold.
- Support and communications. Messages you send us, refund requests, support requests, feedback, and related contact information.
How we use information
We use information to provide, secure, maintain, and improve the Services. This includes authenticating users, publishing and serving artifacts, enforcing access gates, enabling comments and share links, showing workspace analytics, sending transactional emails, providing support, processing payments, preventing abuse, debugging issues, complying with law, and communicating service updates.
We may use aggregated or anonymized statistics to understand usage patterns and improve the product. We do not use customer content or personal information for advertising, targeted advertising, or sale to advertisers.
Customer content and viewer data
Customers decide what to publish through the Services and who can access it. If you view, comment on, or otherwise interact with a customer artifact, your email address, comments, viewing activity, and related access metadata may be visible to that customer, the artifact owner, and their workspace administrators.
For personal information contained inside customer content, the customer is usually the party that decides why and how that information is processed. We process that content to provide the Services and follow the customer's configuration and instructions, subject to this policy, our Terms, and applicable law.
Cookies and similar technologies
We use cookies, tokens, and similar local storage only as needed for product functionality, including sign-in sessions, viewer access gates, security, preferences, and operational analytics. We do not use advertising cookies or cross-site advertising trackers in the Services.
How we share information
We share information only as needed to operate the Services, comply with law, and support customer-directed sharing.
- With workspace users and viewers. Content, links, comments, view activity, and access information may be shown according to the artifact's sharing and access settings.
- With service providers. We use providers for cloud hosting, storage, databases, authentication, email delivery, payments, analytics, support, security, and other operational needs. They may process information for us under appropriate contractual restrictions.
- For legal, safety, and security reasons. We may disclose information if required by law or if we believe disclosure is necessary to protect users, customers, Iofold, or the public.
- In business transactions. Information may be transferred as part of a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections.
Retention and deletion
We keep information for as long as needed to provide the Services, maintain security, comply with legal obligations, resolve disputes, and enforce agreements. After a verified deletion request or account closure, we aim to delete or anonymize personal information and deleted Service content within 30 days, unless retention is required for legal, security, fraud-prevention, tax, accounting, backup, or legitimate operational reasons.
Information already downloaded, copied, cached, or shared by you or your viewers may remain outside our control. Backup copies may persist for a limited period until overwritten or expired.
Security
We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, and alteration. No internet service can guarantee absolute security. You are responsible for protecting your account, access tokens, API keys, and the content you choose to publish or share.
International processing
Iofold Labs may process and store information in India and other countries where we or our service providers operate. When information is transferred internationally, we use safeguards designed to protect it as required by applicable law.
Your choices and rights
You may contact us to request access, correction, deletion, export, restriction, withdrawal of consent where applicable, or to raise a privacy grievance. These rights depend on your location, your relationship to the Services, and applicable law. We may need to verify your identity and may redirect requests about customer-controlled content to the relevant customer.
For privacy requests, grievances, and questions, contact hello@iofold.com.
Children
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If applicable law requires a higher minimum age or parental consent, you may use the Services only if you meet that requirement. If you believe a child has provided personal information to us without appropriate consent, contact us at hello@iofold.com.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. If changes are material, we may provide additional notice through the Services or by email.