Privacy Policy
Effective Date: March 2026 | Last Updated: March 2026
Fundry AI, Inc. ("Fundry", "we", "us") operates the Fundry AI platform at fundry.ai. This Privacy Policy describes how we collect, use, and protect your information.
1. Information We Collect
Account Information
- Name, email address, firm name
- Authentication credentials (managed by Supabase Auth)
- Role and permissions within your organization
Financial Data (Processed on Behalf of Your Firm)
- DDQ documents and generated responses
- LP communications and draft responses
- K-1 tax documents and variance analysis results
- Expense records and P&L data
Usage Data
- Feature usage analytics (anonymized via PostHog)
- Agent invocation logs (retained per SEC requirements)
- Error reports (scrubbed of PII via Sentry)
Payment Information
- Billing details processed by Stripe (PCI DSS Level 1)
- We do not store credit card numbers on our systems
2. How We Use Your Information
We use your information to:
- Provide and maintain the Fundry AI service
- Process documents and generate AI-assisted outputs
- Communicate service updates and notifications
- Enforce subscription tier access controls
- Comply with legal obligations (SEC recordkeeping)
We do not:
- Sell your personal information to third parties
- Use your data to train AI models
- Share your data with other customers
- Send marketing emails without consent
3. Data Sharing
We share data only with:
- Sub-processors listed in our DPA (Supabase, Vercel, Anthropic, OpenAI, Stripe, Resend)
- Legal authorities when required by law or valid legal process
- Your organization's members as configured by your firm's admin
4. Data Security
We implement comprehensive security measures including:
- AES-256 encryption at rest and TLS 1.3 in transit
- Row-level security for multi-tenant data isolation
- PII detection and stripping before AI processing
- MFA-enabled authentication
- Regular security audits
See our Security Whitepaper for detailed information.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of service + 30 days |
| Financial documents (raw) | Deleted within 24 hours of processing |
| Structured data | Customer-controlled |
| PII vault | 90 days (DDQ/email) or 7 years (tax) |
| Agent logs | 7 years (SEC compliance) |
| Payment records | Per Stripe retention policy |
6. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data
- Portability: Export your data in CSV/JSON format
- Restriction: Limit how we process your data
- Object: Object to processing based on legitimate interests
To exercise these rights, contact privacy@fundry.ai.
7. Cookies
We use essential cookies for authentication and session management. We use PostHog for anonymized analytics. We do not use advertising cookies or trackers.
8. International Transfers
All data is processed and stored in the United States. EU/EEA customers are covered by Standard Contractual Clauses.
9. Children's Privacy
Fundry AI is a B2B service. We do not knowingly collect information from individuals under 18.
10. Changes to This Policy
We will notify registered users of material changes via email at least 30 days before they take effect.
11. Contact
- Privacy inquiries: privacy@fundry.ai
- Data protection requests: privacy@fundry.ai
- General inquiries: support@fundry.ai
For questions about this privacy policy, contact privacy@fundry.ai.