LegalPrivacy Policy

Privacy Policy

Last updated: 19 May 2026·Effective: 1 June 2026v1.0

This Privacy Policy explains what data Falx collects, how we use it, and the rights you have over your information. We wrote it in plain language so you can actually read it.

01

Overview

Falx is run by Hodge Studios (“we”, “us”). When you use Falx, we collect a small amount of personal information to run your account, secure your data, and improve the product. We don't sell your data. We don't run ads. If you delete your account, we delete your data.

Plain-language summary

You sign up, we store your account info on Supabase, you can export or delete it any time, and we only share with vendors that help run Falx (Supabase, Stripe, Anthropic, Resend). That's it.

02

What we collect

We collect three categories of data: information you give us, information generated when you use Falx, and information from third-party services you connect.

CategoryWhatWhy
AccountName, email, password hash, MFA secretsAuthenticate you and run your account
WorkspaceWorkspace names, logos, brand colors, services catalogScope your data and personalize the app
Business dataContacts, companies, leads, proposals, invoices, projects you createRun the platform features you signed up for
AI conversationsPrompts and responses with Claude, when you use AI featuresProvide AI features; never used to train external models
Usage telemetryPage views, feature usage, errorsImprove the product and debug issues
BillingStripe customer ID, plan, invoicesCharge you and surface billing history

What we DON'T collect

No tracking pixels, no fingerprinting, no third-party ad cookies. We don't read your emails or files unless you upload them to Falx directly.

03

How we use your data

We use the data we collect to run Falx for you. Specifically: to authenticate your sessions; to render your workspaces, contacts, leads, proposals, invoices, and projects; to send transactional emails (password reset, invoice reminders, trial alerts); to generate AI suggestions when you opt in; to detect abuse and fraud; and to keep the lights on (billing, support).

We don't use your data for advertising, profile sharing, or training third-party AI models. Anthropic's API, which powers AI features, is configured to not retain or train on prompts we send.

04

Where your data lives

All customer data is stored in Supabase Postgres databases hosted in us-east-1 (United States), encrypted at rest. File uploads (logos, deliverables) live in Supabase Storage. Backups are encrypted and retained for 30 days.

Security posture

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Row-Level Security enforces that a workspace can only access its own data. Production access is limited to authorized engineers.

05

Third-party services we use

We use a small, vetted set of vendors. Each gets only the data needed to do their job.

VendorPurposeData shared
SupabaseDatabase, auth, storageAll workspace data
VercelHosting & edge functionsRequest metadata, IPs
StripePayments & subscriptionsEmail, billing address, card (held by Stripe)
AnthropicAI features (Claude)Prompt content (no retention, no training)
ResendTransactional emailEmail address, message content
SentryError monitoringError stack traces, request IDs
06

Your rights

Wherever you live, you have the right to: access the data we hold about you; correct it; export it (we'll give you a JSON dump); and delete it. EU/UK residents additionally have rights under GDPR. Email privacy@falx.app and we'll respond within 30 days — usually within 3 business days.

Export & delete in-app

From Settings → Account, you can self-serve a full data export (JSON) and account deletion. Deletion is immediate; backups age out after 30 days.

07

Cookies

We use a handful of cookies. Strictly necessary: session token, CSRF token, workspace cookie. Functional: theme preference, last-visited page. We don't use third-party advertising cookies.

08

Children's privacy

Falx is a business tool for adults. We don't knowingly collect data from anyone under 16. If you believe a child has signed up, email us and we'll delete the account.

09

Changes & contact

We'll update this policy as Falx grows. When we make material changes, we'll email all account holders at least 30 days before the change takes effect.

Falx (operated by Hodge Studios)

privacy@falx.app
DPO: dpo@falx.app

Mailing address

Hodge Studios
[Mailing address — TBD before launch]