Privacy Policy

Last updated: 10 March 2026

1. Who We Are

Faro is an AI-powered email management and operations platform for estate agencies, made by The Foundry (wearethefoundry.io), a brand of The Togethr Project Ltd.

The Togethr Project Ltd
15–17 Middle Street, Brighton, BN1 1AL, UK
Company No: 13246480 (registered in England & Wales)
Email: hello@wearethefoundry.io

We are the data controller for all personal data processed through the Faro platform.

2. What Data We Collect

  • Account data: name, work email address, password (hashed and salted), agency name, role, and market (UK or France).
  • Email content: when you connect an email inbox via Google, Microsoft, or IMAP, Faro reads and processes incoming emails in order to triage, categorise, and draft replies on your behalf. Email content is not stored permanently — it is processed in real time and discarded after use unless you explicitly save a draft or note.
  • AI-generated content: property listing descriptions, suggested email replies, and voice profile settings you generate or save within Faro.
  • Billing data: managed entirely by Stripe. We do not store card details. We retain your Stripe customer ID and subscription status only.
  • Usage data: pages visited, features used, and error logs, used anonymously to improve the platform.
  • OAuth tokens: if you connect Google or Microsoft email accounts, we store encrypted OAuth access and refresh tokens to maintain your connection. You can revoke access at any time from your Google or Microsoft account settings.

3. How We Use Your Data

  • To read, triage, and draft replies to emails in your connected inbox.
  • To generate property listing descriptions, compliance summaries, and other AI-assisted content.
  • To manage your team, subscription, and account within the Faro platform.
  • To process payments and manage your subscription via Stripe.
  • To send you service-related communications (account invites, invoices, product updates).
  • To provide customer support.
  • To comply with legal obligations.

We will never sell your data, use it for advertising, or share it with third parties beyond those listed in Section 5.

4. AI Processing

Faro uses large language models (LLMs) — currently provided by Anthropic and OpenAI — to power features including email triage, draft replies, and listing generation.

When you use an AI feature, relevant content (e.g. an email subject and body, or a property description) is sent to the AI provider to generate a response. We do not send full mailbox history — only the minimum data needed for the specific task.

Anthropic and OpenAI are bound by data processing agreements that prohibit them from using your data to train their models unless you separately opt in with them directly. Data is processed within the EU/UK where possible.

5. Third-Party Services

  • Supabase — database and authentication, hosted on AWS EU (Frankfurt). Your data is stored in the EU.
  • Stripe — payment processing. Subject to Stripe's Privacy Policy.
  • Anthropic — Claude AI for email triaging and content generation. Privacy Policy.
  • OpenAI — GPT for listing and content generation. Privacy Policy.
  • Google / Microsoft — when you connect your inbox via OAuth, your connection is governed by their respective terms. You can revoke Faro's access at any time via your Google or Microsoft account settings.
  • Vercel — application hosting. EU region where available.

6. Data Retention

We retain your account data for as long as your subscription is active. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes (e.g. financial records for 7 years under UK law). OAuth tokens are deleted immediately upon disconnection of an email account.

7. Your Rights

Under UK GDPR (and EU GDPR for users in France), you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, email hello@wearethefoundry.io. We will respond within 30 days.

UK users may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

French users may lodge a complaint with the CNIL at cnil.fr.

8. Cookies

Faro uses essential session cookies for authentication only. We do not use advertising, tracking, or third-party analytics cookies. Removing or blocking these cookies will prevent you from logging in to the platform.

9. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). OAuth tokens are encrypted before storage. Our database uses row-level security — each agency's data is isolated from all others. Access to production systems is restricted and logged.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes by email at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Contact

For any privacy-related questions: hello@wearethefoundry.io

Terms of Use← Back to Faro