Privacy Policy

Foldy is operated by Koval Dimitrii Viktorovich, a natural person based in Podgorica, Montenegro. In this policy, "Foldy", "we", "us" refer to the operator. You can reach us at hello@foldy.io for any privacy question. The operator's postal address is available on request to any data subject under GDPR Art. 15.

Three things, and only three:

• Email address. Submitted by you via the form on foldy.io.
• IP address. Recorded server-side at the moment you submit the form. Used for rate limiting and abuse detection, not for identification or tracking across visits.
• Timestamps. When you signed up, when an invite was emailed, when you opened the download page, when you downloaded a build, which platform you picked.

We also store a hashed copy of the download-link token sent to your email. The hash isn't personal data on its own.

• The files you share. Foldy is peer-to-peer. Bytes move directly between sender and recipient over an encrypted WebRTC tunnel. Files never reach a Foldy server.
• Folder contents or metadata. Filenames, sizes, types, none of it.
• Recipient identities. When someone connects to your share, we don't see who they are.
• Cookies. foldy.io sets no cookies. No analytics scripts, no third-party trackers, no pixels.

When a direct peer connection cannot be established, Foldy may relay encrypted traffic through a TURN server we operate. The traffic is end-to-end encrypted between the two peers; we cannot read it and we do not retain it.

• Email. To send you a personalized download invite once you are admitted to the beta. To contact you about service changes or critical bugs.
• IP and timestamps. To rate-limit signups, detect automated abuse, and measure how many people complete the signup-to-install funnel.

• Email and email-related processing. Consent, given when you submit the signup form. You can withdraw it at any time.
• IP and rate-limit logs. Legitimate interest in preventing abuse of a small free service.

Your email stays in our subscribers database until you unsubscribe. Use the unsubscribe link in any Foldy email, or write to hello@foldy.io, and we erase the row within seven days.

IP addresses and timestamp logs are kept for 30 days, then purged.

We use two sub-processors to run the service:

• Resend (resend.com) delivers our emails. Receives your email address only. US-based, with Standard Contractual Clauses for EU data.
• Hostinger (hostinger.com) hosts the foldy.io servers where your subscription row lives. The VPS instance is in Germany.

That's the full list. We don't sell, rent, or share your data with anyone else. We don't run advertising and we don't have an advertising partner.

Under GDPR and similar laws, you have the right to:

• Access the personal data we hold about you.
• Correct it if it's wrong.
• Erase it.
• Restrict or object to processing.
• Receive a portable copy of it.
• Withdraw consent for email contact at any time.

Exercise any of these by emailing hello@foldy.io from the address on file. We respond within 30 days, usually within 7.

You also have the right to lodge a complaint with a supervisory authority in your country if you're in the EU or EEA.

Foldy is not directed at children under 16, and we don't knowingly collect data from anyone under 16. If you believe a child has signed up, write to hello@foldy.io and we'll erase the record.

If we change this policy in a material way, we email everyone on the list at least seven days before the change takes effect. Minor edits get a date bump at the top of the page. The version on this page is always the current one.

hello@foldy.io for any privacy question. We read every email and reply.