Findry
Get started
Legal · 02

Privacy Policy

Version 1.0 (draft)·Last updated 18 April 2026

01One-paragraph summary

Findry collects the minimum data needed to run the service — your email, the workspace content you create, and product telemetry so we can fix bugs. We never sell it. We never train models on it. We share it only with the integration partners you personally connect. You can export or delete everything at any time. If you live in the EU, UK, or California, you have the rights listed in section 06.

02What we collect

Account data

Your email address, workspace name, role, and timezone. This is what we need to let you sign in and display dates correctly.

Content you create

Signals, hypotheses, tests, bets, outcomes, comments, attachments, and anything else you type into the app. This is your content — we store it for you.

Integration data

If you connect PostHog, Amplitude, Linear, Slack, or any other tool, Findry stores the OAuth tokens plus a cache of the data you've explicitly linked — for example, the specific PostHog experiment result attached to a Bet. We don't pull anything else.

Product telemetry

Page views, feature usage, error traces, and performance timings. Used to fix bugs and decide what to ship next. Not tied to your name or content — tied to an anonymised workspace ID.

What we do not collect

We do not track you across the web. We do not use advertising cookies. We do not profile you for sale.

03How we use it

  • To run the service. Sign-in, storage, search, notifications.
  • To fix bugs and improve the product. Anonymised telemetry plus error traces.
  • To communicate with you. Magic-link emails, account alerts, and a quarterly product update. You can opt out of the product update in one click.
  • To comply with law. We respond to valid legal requests. Where we can, we notify the affected user first.

04Who we share it with

Only the sub-processors we need to run the service, plus integration partners you personally connect.

  • Vercel — application hosting. EU-region deployment for EU workspaces.
  • Supabase — database and auth. EU region for EU workspaces.
  • Resend — transactional email for magic links.
  • Sentry — error tracking, scrubbed of PII.
  • Stripe — payment processing (public launch only).

Each sub-processor is listed at findry.com/subprocessors. We give 30 days' notice before adding a new one. We never sell, rent, or trade personal data to third parties.

05How long we keep it

  • Workspace content. Kept for the life of the workspace. Deleted 30 days after you cancel.
  • Telemetry. 90 days.
  • Billing records. 7 years (legal requirement).
  • Backups. Rolling 30-day encrypted backups. Deletion propagates to backups within 35 days.

06Your rights

If you live in the EU, UK, California, or another jurisdiction with equivalent laws, you have the right to:

  • Access. Download everything we have on you — one click from Settings → Privacy.
  • Correct.Fix anything that's wrong.
  • Delete. Permanently remove your account and content.
  • Port. Export your content in machine-readable JSON.
  • Object. Opt out of telemetry and product emails.

We honour these rights for every user, regardless of geography.

07Security

  • TLS 1.3 in transit.
  • AES-256 at rest.
  • Hashed-passcode access for Pulse shares; rotating tokens for integrations.
  • Principle-of-least-privilege access controls internally.
  • Quarterly penetration tests starting post-launch.
  • SOC 2 Type II — in progress for the Scale tier.

08AI and your data

Findry uses AI for optional features — signal clustering, hypothesis drafting, test planning. Those features send the relevant content to an AI provider (Anthropic at launch). We've configured the provider to not train on your data. AI processing is opt-in at the workspace level; you can turn it off from Settings.

09International transfers

EU workspaces are stored and processed in the EU. Non-EU workspaces default to US region. Cross-border transfers (to sub-processors, if any) are covered by Standard Contractual Clauses.

10Children

Findry is not intended for anyone under 16. We do not knowingly collect data from children. If you discover a child has an account, write to us and we'll delete it.

11Contact the data protection officer

For privacy questions, data-subject requests, or breach notifications, write to privacy@findry.io. For EU users, you may also lodge a complaint with your national supervisory authority.