last updated may 13, 2026
privacy policy
folk is operated by Nozomio, Inc. this policy explains what we collect, why we collect it, who helps us process it, and how you can delete it.
what we collect
account data. phone number, Telegram account details if you use Telegram, session cookies, and basic account settings.
messages and agent data. messages you send to folk, folk replies, files you provide, tasks, memory, connected-service context, and sandbox state needed to make folk work.
connections. OAuth tokens, connection metadata, and permissions for services you choose to connect, such as Gmail, Calendar, GitHub, or similar tools.
billing data. Stripe customer id, subscription status, invoices, and plan metadata. Stripe handles card numbers and payment credentials.
usage and diagnostics. product events, page views, device/browser data, errors, latency, and cost/usage telemetry. we do not put conversation content into product analytics.
support data. emails, bug reports, screenshots, and any context you send us when asking for help.
how we use data
run folk. authenticate you, route messages, maintain your sandbox, remember context, execute tasks, and deliver replies.
connect services. read or act on connected accounts only as needed to respond to your requests or run automations you set up.
bill and support you. process subscriptions, prevent abuse, respond to support requests, and keep the service reliable.
improve the product. understand aggregate usage, diagnose failures, and prioritize fixes. we do not train AI models on your conversations, files, memory, or connected-account content.
connected services
when you connect a third-party service, folk uses the permissions you grant to act for you. for example, if you connect Gmail or Calendar, folk can use that context to answer you, draft, schedule, or automate what you ask it to do. you can disconnect services from settings where supported.
connected services have their own terms and privacy policies. we do not sell connected-service data.
subprocessors
we use subprocessors to host, secure, deliver, analyze, and operate folk. we share only what each subprocessor needs for its role.
email arlan@nozomio.com if you need the current named subprocessor list for vendor review.
security and retention
folk separates users by account and sandbox. credentials are encrypted at rest where we store them. access to production systems is limited to what we need to operate and support the service.
we keep account, message, memory, connection, and sandbox data while your account is active. if you delete your account from settings, we delete or destroy the account data we control, including your sandbox, conversations, memory, and stored connection credentials, subject to backups, fraud prevention, security, payment, tax, and legal obligations.
your choices and rights
access and correction. you can view and update many account settings in the app. email us for data access or correction requests.
deletion. you can delete your account from settings → privacy. deletion is intended to be permanent.
portability. email us if you need an export of data we can reasonably provide.
marketing. we keep marketing minimal. if we ever send marketing email, you can opt out.
Depending on where you live, you may have additional rights to access, delete, correct, restrict, or object to processing of personal data. contact us to exercise those rights.
children, changes, contact
folk is not for children under 13, and we do not knowingly collect personal data from children under 13.
we may update this policy as the product changes. if a change is material, we will notify users in the app or by another reasonable method.
privacy questions: arlan@nozomio.com.