Note: This is a template and should be reviewed by a qualified attorney before being used in production. Adapt it to your jurisdiction and actual data practices.

What we collect

When you sign up for Foray, we collect your email address, name, and the business information you provide. When you connect a third- party platform like Google Business Profile or Shopify, we collect and store an OAuth access token so we can fetch reviews and customer data on your behalf.

We collect customer reviews from your connected platforms and any lead form submissions made through our embeddable widget. This data is stored in our database and used to generate AI responses and acknowledgments.

How we use AI

Foray uses Anthropic’s Claude API to generate review response drafts, sentiment analysis, and lead acknowledgment messages. When we send your data to Anthropic for processing, it is governed by Anthropic’s privacy policy. Anthropic does not train on customer API data by default.

Third-party services

• Clerk — authentication and user management
• Supabase — database and storage
• Anthropic — AI text generation
• Stripe — payment processing
• Resend — transactional email delivery
• Twilio — SMS delivery (when applicable)
• Upstash QStash — job queue for delayed delivery
• Google — Business Profile review data
• Shopify — store integration
• Vercel — application hosting

How we protect your data

All data is transmitted over HTTPS. OAuth access tokens are stored encrypted at rest. We do not store payment card information — Stripe handles all card data per PCI DSS requirements.

Your rights

You can request access to, correction of, or deletion of your personal data at any time by emailing us. When you cancel your account, we delete your business data from our systems within 30 days, except where retention is required by law.

Contact

Questions about this policy? Contact us at privacy@foray.dev.