Skip to content

Privacy Policy

Last updated: April 6, 2026

1. What We Collect

We collect the minimum data needed to operate the service:

  • Account data: Email address used for authentication
  • Event data: Events your AI stores through LeftFold, including aggregate types, event payloads, and schemas
  • Usage data: Event counts, aggregate counts, and query metrics

2. Data Isolation

Each user gets their own Postgres schema within Supabase. Your data is completely isolated from other users at the database level with Row Level Security (RLS) enforcement. Schemas are independently exportable.

3. Data in Transit

All data is transmitted over HTTPS/TLS. MCP connections use Streamable HTTP transport with OAuth 2.1 authorization.

4. Data Retention

During the trial period, events are retained for the duration of the trial (30 days). On the Pro plan, events are retained indefinitely until you delete your account. We do not inspect event payloads except as necessary for schema validation and service operations.

5. Cookies

We use essential cookies only — authentication tokens required for the service to function. We do not use tracking or analytics cookies.

6. Third Parties

  • Supabase: Database, authentication, and real-time infrastructure
  • Vercel: Application hosting and edge network

We do not sell, share, or provide your data to any other third parties.

7. Your Rights

You can request deletion of your account and all associated data by emailing hello@leftfold.io. We will process deletion requests within 30 days.

8. Contact

Questions about privacy? Email hello@leftfold.io