fold ın Get the app →
Legal · Privacy

Privacy policy.

Last updated May 12, 2026. This is a plain-language summary; the full legal document is at the bottom of the page.

The short version

We are a small team building a private sharing app. We collect the minimum we need to make it work. We do not sell data. We do not run ads. We do not track you across the internet. If you delete your account, we delete your data.

The only people who can see your items, your Folds, your borrows, and your messages are the people you've explicitly invited to share them with you.

What we collect

  • Your phone number, for sign-in only. We never share it.
  • Your name and avatar, visible only to your Fold members.
  • Items you add, photos, titles, care notes. Visible only to people in the Fold(s) you put them in.
  • Borrow history, who borrowed what, when. Used to surface gentle reminders and the activity feed.
  • Anonymized crash reports, stripped of identifying info, used only to fix bugs.
  • Anonymized usage metrics, e.g. "X% of borrows use the code handshake." Never tied to your account.

What we do NOT collect

  • Your location (the app does not request location permission).
  • Your contacts (we only see who you explicitly choose to invite).
  • Your other apps, browser history, advertising IDs, or anything similar.

Where your data lives

On encrypted storage in our cloud provider's data centers in the United States and the European Union. Photos and care notes are encrypted at rest. Backups are encrypted and retained for 30 days.

Who sees your data inside the company

Only the three of us, and only when we need to (a support request, a bug investigation, a security review). We log every access. We do not browse user data.

Third parties

We use a small number of services to run the product. None of them sell user data, none of them get more access than they need, and we list them all here:

  • Twilio, phone number verification.
  • Supabase, encrypted database and file storage.
  • Sentry, anonymized crash reports.
  • Resend, transactional email (the beta code, password resets).

We share with these services only the data they need to do their job, and they're contractually bound to use it only for that job.

Your rights

You can export everything we have about you from MeSettingsExport my data. You can delete your account from the same screen. We will respond to GDPR / CCPA requests within 30 days. Email [email protected].

Changes

If we change anything material, we'll email you, post about it on the Field notes, and require you to re-acknowledge the policy when you next open the app. We won't make changes effective retroactively.

Contact

Real human, real reply: [email protected]. We aim to answer within two business days.

· v1.2 · effective 2026-05-12 · the full legal document is available on request. This summary takes precedence for everyday questions.