Back to Home

Privacy Policy

Effective Date: March 11, 2026

1. Introduction

Welcome to Foundrs ("we," "our," or "us"). Foundrs is an AI-powered content generation platform for X/Twitter and LinkedIn. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using Foundrs, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

2. Information We Collect

Account Data

When you create an account, we collect your email address, full name, timezone, and authentication provider (X/Twitter, Apple, or Google).

Social Account Data

When you connect social accounts, we collect:

  • X/Twitter: OAuth tokens, username, profile picture, bio, follower and following counts, and premium status
  • LinkedIn: OAuth tokens, name, profile picture, and headline

Content Data

We collect AI-generated posts, posting schedules, writing profiles, and products/brands you create (including descriptions and features).

Writing Samples

Text you provide to train your WritingDNA voice profiles, including the resulting writing style vectors used for content matching.

Billing Data

We store your Stripe customer ID, subscription tier, and billing dates. Full payment card details are handled entirely by Stripe and are never stored on our servers.

Device & Usage Data

We collect crash reports and diagnostics via Firebase Crashlytics, including device OS version and app state during errors.

3. How We Use Your Information

We use the information we collect to:

  • Operate and maintain the Service
  • Generate AI content that matches your unique writing voice
  • Process payments and manage subscriptions
  • Post content to social media on your behalf
  • Research topics and products for content generation
  • Improve the Service through crash analytics and diagnostics
  • Send account verification emails and important notifications

4. AI Processing & Third-Party AI Services

Foundrs uses the following third-party AI services to power content generation:

  • Anthropic Claude (primary content generation) — Your writing samples, content prompts, product information, and writing style are sent for processing. Privacy Policy
  • Grok (fallback generation via OpenAI-compatible API). Privacy Policy
  • Perplexity (web research for content topics). Privacy Policy
  • Pinecone (writing style vector storage and semantic similarity). Privacy Policy

Your data is NOT used to train third-party AI models.

5. Third-Party Services & Data Sharing

We share data with the following third-party services as necessary to operate the Service:

  • Firebase (Google LLC) — Authentication and crash reporting (Crashlytics)
  • Stripe — Payment processing; receives your email and subscription data
  • Pinecone — Vector database for writing style vectors, namespaced by user ID
  • Firecrawl — Product website scraping; receives product URLs only
  • X/Twitter API — OAuth authentication, content posting, and profile data
  • LinkedIn API — OAuth authentication, content posting, and profile data
  • MongoDB on Railway — Primary database hosting
  • Gmail SMTP — Verification emails and account notifications

We do not sell your personal information to third parties.

6. Data Storage & Security

Your data is stored across the following systems:

  • MongoDB (hosted on Railway) — User profiles, posts, products, schedules, writing profiles, preferences, and subscription events
  • Pinecone — Writing style vectors
  • Local device — Hive cache for offline data; FlutterSecureStorage for OAuth tokens
  • Platform-secure storage — iOS Keychain and Android Keystore for sensitive credentials

We employ the following security measures:

  • All API communications are encrypted over HTTPS/TLS
  • OAuth 2.0 with PKCE for X/Twitter authentication
  • Firebase Auth token management with automatic refresh

7. Data Retention & Deletion

  • Data is retained for as long as your account is active
  • Verification codes expire after 10 minutes
  • OAuth tokens are retained until revoked or expired

Full Account Deletion

You can delete your account at any time directly through the app. Account deletion is immediate, complete, and irreversible. When you delete your account, the following cascade occurs:

  1. Stripe customer deletion (cancels all active subscriptions)
  2. Pinecone writing style vectors deleted
  3. MongoDB records deleted (user profile, all posts, schedules, products, writing profiles, preferences, and OAuth token mappings)
  4. Firebase Auth token revocation
  5. Local secure storage cleanup

You can also disconnect individual social accounts at any time, which removes that account's posts, schedules, products, vectors, and tokens.

For any questions about data deletion, email nizar@foundrs.app.

8. Your Rights

General Rights

All users have the right to access, correct, and delete their personal data, and to opt out of non-essential data processing.

GDPR (EU Residents)

If you are a resident of the European Union, you have additional rights including:

  • Right of access and data portability
  • Right to rectification and erasure
  • Right to restriction of processing and objection
  • Right to withdraw consent at any time

CCPA/CPRA (California Residents)

If you are a California resident, you have the right to:

  • Know what personal data is collected about you
  • Request deletion of your personal data
  • Opt out of the sale of personal data (not applicable — we do not sell data)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, use the in-app settings or email nizar@foundrs.app.

9. Cookies & Tracking

  • We use Firebase installation IDs for crash reporting
  • We do not use behavioral advertising tracking
  • We do not use third-party ad networks

10. Children's Privacy

Foundrs is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). If we discover that we have collected data from a child under 13, we will promptly delete it.

Parents or guardians who believe their child has provided us with personal information may contact us at nizar@foundrs.app.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for EU data transfers in compliance with GDPR, and we comply with all applicable data protection laws.

12. Device Permissions

Foundrs requires minimal device permissions:

  • iOS & Android: Internet access only

We do not request access to your Camera, Photo Library, Location, Contacts, Calendar, or Microphone. The app does not access any media on your device.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

This policy is reviewed and updated at least annually.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at nizar@foundrs.app.