Privacy Policy

Effective Date: February 9, 2026

Triluna Industries ("we," "us," "our") operates the Foyl application, available at foyl.dev (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address
Password (stored only as a bcrypt hash; we never store or have access to your plaintext password)

1.2 User-Generated Content

When you use the Service, we store:

Stream titles and conversation content (your messages and AI responses)
Documents generated through the dialectic process (theses, arguments, syntheses, forged articles)
Concept data extracted from your conversations (terms, relationships, frequency)
Phase and intensity settings you configure

1.3 Payment Information

Payment processing is handled entirely by Stripe, Inc. We never receive, store, or have access to your credit card number, bank account details, or other payment credentials. We store only:

Stripe Customer ID (an opaque identifier)
Subscription status (active, trialing, canceled, etc.)
Trial end date

1.4 Usage Data

We track aggregate monthly usage counts per account:

Number of streams created per billing period
Number of forges (synthesis operations) used per billing period

1.5 Lead and Newsletter Data

If you submit your email through our landing page or subscribe to our newsletter, we collect:

Email address
Source of signup (e.g., landing page, newsletter form)
Timestamp of submission

1.6 Guest Sessions

You may use limited features without an account. Guest sessions are identified by a randomly generated ID stored in your browser's local storage. Guest data (streams, conversations) is retained until you create an account (at which point it is migrated) or until we periodically clean inactive guest data.

1.7 Automatically Collected Information

We collect standard server logs which may include:

IP address
Browser type and version
Pages visited and timestamps
Referring URL

We do not use third-party analytics, tracking pixels, or advertising cookies.

2. How We Use Your Information

Purpose	Legal Basis (GDPR)
Provide and operate the Service	Performance of contract
Process your conversations through AI to generate dialectic responses	Performance of contract
Extract concepts from conversations to build your knowledge graph	Performance of contract
Process payments and manage subscriptions	Performance of contract
Send transactional emails (welcome, password reset)	Performance of contract
Send newsletter and marketing emails	Consent
Enforce usage limits and tier restrictions	Performance of contract
Maintain security and prevent abuse	Legitimate interest
Analyze anonymized conversation patterns to improve Foyl's dialectic models and response quality	Legitimate interest

2.1 Model Improvement

We may use anonymized and aggregated data from conversations to improve Foyl's dialectic reasoning, response quality, and concept extraction. This includes analyzing conversation patterns, phase transitions, and argumentation structures. We do not use identifiable personal content for model training. You may opt out of this use by contacting us at support@foyl.dev.

3. Third-Party Service Providers

We share data with the following third-party processors to operate the Service. Each processes data only as necessary for their specific function:

Provider	Purpose	Data Shared	Privacy Policy
Anthropic (Claude API)	AI language model for dialectic responses and concept extraction	Conversation messages, document content, system prompts	anthropic.com/privacy
Stripe, Inc.	Payment processing	Email address, user ID, billing cycle selection	stripe.com/privacy
Resend	Transactional and marketing email delivery	Email address	resend.com/legal/privacy-policy
Render	Cloud hosting and database infrastructure	All application data (encrypted at rest)	render.com/privacy

We do not sell, rent, or trade your personal information to any third party. We do not use your data for advertising purposes.

3.1 AI Processing Disclosure

Your conversation content is sent to Anthropic's Claude API in real time to generate dialectic responses. Anthropic's API does not retain conversation data for model training by default. However, we encourage you to review Anthropic's privacy policy and API terms for the most current information on their data handling practices.

3.2 Optional Local AI

Plus subscribers may optionally use Ollama, a locally hosted AI model. When using Ollama, conversation data is processed on the server infrastructure you or we configure and is not sent to any third-party AI provider.

4. Data Retention

Account data: Retained for as long as your account is active. Upon account deletion, your data is permanently removed from our systems within 30 days.
User-generated content: Retained until you delete individual streams or your account. Deleting a stream permanently removes all associated conversations, documents, concepts, and metadata.
Payment records: Stripe retains payment records per their retention policy (typically 7 years for legal and tax compliance). We retain only Stripe identifiers, which are removed upon account deletion.
Server logs: Automatically rotated and deleted after approximately 15 days.
Lead/newsletter data: Retained until you unsubscribe or request deletion.
Guest data: Retained for a limited period and periodically purged if not migrated to an account.

5. Your Rights

5.1 Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate personal data.
Right to erasure: Request deletion of your personal data ("right to be forgotten").
Right to restriction: Request that we limit how we process your data.
Right to data portability: Receive your data in a structured, machine-readable format. You can export your content at any time using the in-app export feature.
Right to object: Object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

5.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

Know what personal information we collect, use, and disclose.
Delete your personal information, subject to certain exceptions.
Opt out of the sale of personal information. We do not sell personal information.
Non-discrimination: We will not discriminate against you for exercising your privacy rights.

5.3 Exercising Your Rights

To exercise any of these rights, contact us at support@foyl.dev. We will respond to all requests within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

Passwords are hashed using bcrypt (never stored in plaintext)
Authentication uses short-lived JWT tokens (1 hour expiry)
Stripe webhooks are verified using cryptographic signatures
Database connections use SSL/TLS encryption
Infrastructure is hosted on Render with encryption at rest

While we take reasonable measures to protect your information, no system is completely secure. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.

7. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses and processor agreements with our service providers to ensure appropriate safeguards for international data transfers in compliance with GDPR.

8. Cookies and Local Storage

We use minimal client-side storage:

Authentication token (localStorage): A JWT token to keep you logged in. Expires after 1 hour.
Guest ID (localStorage): A random identifier for guest sessions.
Last stream (localStorage): The ID of your last open stream for convenience.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at support@foyl.dev.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" above. For significant changes, we may also send a notification to the email address associated with your account. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Triluna Industries
Email: support@foyl.dev

If you are in the EEA and believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local Data Protection Authority.

← Back to Foyl