Privacy Policy

Effective date:

November 18, 2024

1. Conditions for processing your personal data

We collect and use Personal Data that You have spontaneously transmitted to Us, which is necessary to subscribe to the Services and to receive emails containing information from Us (newsletters).

You must provide accurate, true, and correct personal details and information and update these data and information whenever necessary so it remains true and complete.

We collect and process Your Personal Data in a fair and lawful manner, while respecting Your rights. We are responsible for the processing of Your Personal Data.

Under no circumstances do We transfer or sell Your Personal Data to any Third Parties, except to Our IT providers.

2. Information collected

We collect information about You including information that You provide in connection with the Service, information from Third Parties, and information that is collected automatically such as through cookies and other technologies.

This information include (i) personal information including, but not limited to, full names, postal address, email address, (ii) payment information, including, but not limited to, payment card number, expiration date, security code and billing address, (iii) Information that Your browser sends whenever You access the Services, (iv) third-party services that collect, monitor and analyze data to provide analytics and other data to help us to improve Our Services, (v) third-party services (including, but not limited to, Microsoft Outlook, Gmail, iCloud) used by You to import data including, but not limited to, Your Contacts Personal Data (email, name, address, phone number, calendar events, etc.), (vi) inquiries and feedbacks provided by You, including contact information and content of the inquiries and feedbacks, (vii) Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding an interaction with an Internet Web site, application, or advertisement and (viii) personal information which is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.

We requested Your Google data access with the following scope

  • Access to the contacts in Your Google Contacts after you authenticate (auth/contacts)
  • Read email resources metadata including Your labels, history records, and email messages (…/auth/Gmail.read-only)
  • Read events in Your calendars (…/auth/calendar.read-only)

The only way our Service access Your Google data is after You explicitly accept our Privacy Policy and provide us with the right to access Your Google data, as defined above. We are fully compliant with Google requirements. We will use reasonable efforts to protect Your information collected through Google API.

The use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. List of sub-processors

Processor Type of data Reason Region Can opt out
Algolia Contact data Search No
AWS PII,Contact data Hosting (servers / databases / storage) USA No
Stytch PII Authentication USA No
Sendgrid Contact data Emailing Yes
Apollo.io Contact data Enrichment No
DropContact Contact data Enrichment No
Prospeo Contact data Enrichment No
People Data Labs Contact data Enrichment No
Datagma Contact data Enrichment No
Google Workspace Contact data Contact and Interactions sync (opt-in) Yes
Microsoft 365 Contact data Contact and Interactions sync Yes
Confluent Contact data Event streaming (technica) No
Intercom PII Customer Support No
Google Analytics No
Zapier Contact data Automations (opt-in) Yes
Make Contact data Yes
Churnkey PII Churn management No
Stripe PII Billing No
Linear PII Bug tracking No
Cycle.app PII Product feedback management No


4. Information use

We collect information, including Personal Data, for the purpose of providing the Services; identifying and communicating with You, including newsletters and marketing materials; responding to Your requests, including customer service inquiries; processing Your payments; improving the Services; analyzing Your usage of the Services; and responding to valid legal processes and valid requests from government authorities.

Pursuant to data protection laws and regulations, You have the right to access, modify, and oppose the processing of Your Personal Data, and to obtain communication of them in a structured, readable format (unless legitimately impossible). You also have the right to place a claim with a monitoring authority and to define directives pertaining to your digital testament.

You may exercise Your rights by sending an email to privacy@folk.app.

The way we use Your data obtained through Google API is explicitly limited to the use defined below

  • Providing the Service
  • Access to the contacts in Your Google contacts and read resources metadata to synchronize Your contacts and metadata so You can access them on Our Service Our use of Google data is limited to the practices explicitly disclosed in this Privacy Policy. We Must obtain Google’s express content for using Google data beyond the limits set in this Privacy Policy.

5. Communication

We may send You emails to the address associated to Your Account, to inform You of the Services changes or its activities, or to communicate technical or administrative information.

Under no circumstances will You receive emails from third-party companies or partners without Your permission.

You may opt out of receiving any, or all, of these marketing communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us. Please note that We may still send You transactional or administrative messages related to the Services even after You have opted out of receiving marketing communications.

We may transfer Your Personal Data to technical service providers in order to provide You with a better experience :

  • Algolia to provide a great search experience
  • Datadog to improve the efficiency of our infrastructure
  • Sentry to guarantee great service quality

We may also share, transmit, disclose, grant access to, make available, and provide Personal Data with and to Third Parties if in accordance with this Privacy Policy. Under no circumstances will We share Your Google data with Third Parties, except in accordance with this Privacy Policy. We commit not to communicate, sell, or transfer Personal Data to Third Parties (aside from Our technical service providers) without Your express consent, but may communicate them if the law so requires, or upon judicial or government request. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request). If we disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us. Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12 months preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
  • Users must not engage in sending unsolicited emails (cold emailing) to individuals who have not explicitly opted in to receive such communications. By using our services, you agree to comply with this requirement and acknowledge that any violation may result in the suspension or termination of your account.

6. Third-parties

You are responsible for ensuring that You have the necessary rights to use the Personal Data of Third Party, including the right to upload them through the Services and process them by means of Your Account.

You represent and warrant that You provided all required information to Third Parties, whose Personal Data are processed. You undertake to provide means for requests to be made electronically or by mail and to respond to all requests of Third Parties regarding their rights (right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, etc.).If We receive requests from Third Parties pertaining to their Personal Data, We shall forward them to You as soon as possible, who remain exclusively responsible.

We may disclose your information to the following categories of third parties:

Service Providers: We may disclose information we collect about you to our third-party service providers. The categories of service providers to whom we entrust your information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested, including Non-Notion Services as that term is defined in the Agreement; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; (vi) the provision of IT and related services; and (vii) fraud prevention and user authentication.

Advertising Partners: We do not disclose or use your information to advertise any third party’s products or services via the Services. However, as explained in detail in the “Information Collected Automatically” section above, we may disclose your information to third-party advertising partners to market our own Services and grow our Services’ user base, such as to provide targeted marketing about our own Services via third-party services. I Please see the “Your Choices” and “Your Rights” sections below for more information and to opt out.

We may disclose your information to other third parties, including other users, in the following circumstances:

Workspaces users: When you invite other users to your workspaces, the information you entered in the workspace will be accessible by those users. You can control this data's visibility with rights management to a certain degree. All workspace information will be available to those users: workspace settings and members list. Your email address, name and photo is shared with those these users.

Reciprocally, as an invited user in a workspace your entered data will be visible by the other users of this workspace, including the workspace owner. Your email address, name and photo is shared with those users.

Invite another user: Our services allow you to invite to a workspace. In this case you agree to only provide information about the invited user with their consent.

Disclosures to protect us or others: We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.

Disclosure in the event of merger, sale, or other asset transfer: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of some or all assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

7. International Data Transfers

Personal data collected within the European Union and the United Kingdom may be transferred to, and stored in the US. Whenever we transfer your personal data out of the EEA and the UK, we ensure a similar degree of protection is afforded as per GDPR.

8. Data retention and deletion

Your Personal Data are hosted by Amazon Web Services inside Aurora database that is fully-secured and not accessible outside our servers. Our AWS services are located in the US.‍

We are not storing Your Google data except Your Personal Data, including email addresses and Google unique resource IDs.

You may request that Your Account be closed at any time. Due to services retention configuration, personal data deletion, associated with your account, will be effective within a period of a minimum 7 days for backups and 14 days for logs. Account deletion will be effective within 1 week of Your deletion request.

We keep Your Personal Data as long as Your Account remains active and shall delete them within a maximum of five years from the deletion of Your Account (in case of legal action) unless we are legally required under applicable law to Personal Data for a longer period. We will inform You of the time required to delete all personal data associated with your account.

9. Cookies

A cookie is a file that can be recorded on the hard drive of Your terminals when You access the Services. We may deposit cookies on Your terminals to collect information to improve the Services. You must accept the deposit of cookies on Your terminal using the strip provided for this when You access to the Services.

We do not keep tracking cookies or cookies containing IP addresses for more than thirteen (13) months after their initial deposit on Your terminal(s). You may at any time delete cookies from Your browser and set it up to block their storage on Your terminals. folk invites You to refer to the help file of Your browser software to establish the appropriate setup. Rejecting the use of cookies may prevent optimal use of the Services. Traffic data are generated when Your terminal is connected to the internet and the Services. These data may be used to improve Our Service. We never use personal names in traffic data analyses.

10. Children's privacy

Our Services are intended for a general audience and not directed to Users under thirteen (13) years of age (“Children”). We do not intend to collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA.

If You are a parent or guardian and believe We have, please contact Us here and We will remove such data to the extent required by COPPA.

For more information on COPPA, click here or visit www.FTC.gov and look for parental guidance on child online safety and privacy.

Non-Discrimination: we will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggests that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

11. Modifications to this privacy policy

This Privacy Policy may be modified or updated at any time without notice, except for any stipulations requiring Your consent

Any questions?

Questions regarding this policy may be sent to security@folk.app.
We also invite you to contact us with suggestions for improvements.