← Home

Privacy Policy

Effective: 2026-04-16

1. Who we are

Folio (“Folio”, “we”, “us”) is a document organisation and tracking tool operated from Singapore. This policy explains how we handle your personal data in accordance with the Singapore Personal Data Protection Act 2012 (“PDPA”).

2. What we collect

  • Account data: email, password (hashed), display name
  • Policy documents you upload (PDFs, images)
  • Data extracted from those documents (insurer, premiums, dates, coverage amounts)
  • Billing information (handled by Stripe; we do not store card numbers)
  • Usage data: login timestamps, pages viewed, errors encountered

3. How we use it

  • To run the service: store your documents, extract fields, show your dashboard
  • To send you reminders you've opted into (upcoming premium due dates)
  • To process your subscription via Stripe
  • To respond to your support requests
  • To comply with legal obligations

We do not: sell your data, share it with insurers or advertisers, or use your policy contents to train AI models.

4. Who we share with (data processors)

We use the following service providers, each bound by their own data protection obligations:

  • Supabase — database, authentication, and encrypted file storage (Singapore region)
  • Anthropic (Claude API) — to extract fields from your documents; data is not retained beyond the request
  • Google Cloud Vision — OCR for scanned/image documents; data is not retained beyond the request
  • Stripe — subscription billing
  • Resend — transactional email (reminders, password resets)
  • Vercel — application hosting

5. How we protect your data

  • Encryption in transit (HTTPS/TLS 1.2+) for all connections
  • Encryption at rest for databases and file storage
  • Row-level security policies enforced at the database layer, so you can only access your own data
  • Short-lived signed URLs for document downloads
  • Password hashing via bcrypt

6. Your rights (PDPA)

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data (you can do this directly in the app)
  • Withdraw consent and delete your account at any time
  • Request a data export

To delete your account, go to Settings → Delete account. Deletions are permanent and complete within 30 days.

7. Data retention

We retain your data as long as your account is active. When you delete your account, we remove your policies, documents, and extracted data within 30 days. Billing records are retained for 7 years to comply with Singapore tax law.

8. Data breach notification

In the event of a data breach affecting your personal data, we will notify you and the Personal Data Protection Commission (PDPC) within 72 hours, in line with PDPA requirements.

9. Contact

Data Protection Officer: privacy@folio.sg

10. Changes to this policy

We may update this policy. Significant changes will be emailed to you at least 14 days before they take effect.