Privacy Policy

Last updated: 20 March 2026

1. Who We Are

Faro is an AI-powered email management and operations platform for estate agencies, made by The Foundry (wearethefoundry.io), a brand of The Togethr Project Ltd.

The Togethr Project Ltd
15–17 Middle Street, Brighton, BN1 1AL, UK
Company No: 13246480 (registered in England & Wales)
Email: nigel@yourfaro.io

The Togethr Project Ltd (trading as Faro) is the data controller for account data, billing data, and platform usage data. For client data processed through the Platform on behalf of your agency (including client personal data, property records, tenancy data, and email content), your agency is the data controller and The Togethr Project Ltd acts as the data processor.

2. What Data We Collect

  • Account data: name, work email address, password (hashed and salted), agency name, role, and market (UK or France).
  • Email content: when you connect an email inbox via Google or Microsoft, Faro reads and processes incoming emails in order to triage, categorise, and draft replies on your behalf. Email records (including subject, sender, body text, AI classification, and any draft replies) are stored in your agency's isolated database for the duration of your subscription plus 90 days after cancellation, then permanently deleted.
  • Voice recordings: if you use the voice-to-listing feature, audio files are uploaded and sent to OpenAI Whisper for transcription. Recordings are processed in real time and are not stored permanently unless you explicitly save the resulting listing.
  • CRM data: if you connect a CRM (Apimo, Alto, Reapit), Faro syncs property listings, contacts, leads, and deal records to provide AI-assisted matching, pipeline tracking, and reporting. CRM data is stored in your agency's isolated database environment.
  • Lettings data: if you use the lettings management features, Faro stores tenancy records, rent payment schedules, maintenance requests (including photos), compliance certificates, and tenant contact information. Tenant data submitted through the onboarding portal is stored in your agency's isolated database.
  • AI-generated content: property listing descriptions, suggested email replies, and voice profile settings you generate or save within Faro.
  • Billing data: managed entirely by Stripe. We do not store card details. We retain your Stripe customer ID and subscription status only.
  • Usage data: pages visited, features used, and error logs, used anonymously to improve the platform.
  • OAuth tokens: if you connect Google or Microsoft email accounts, we store encrypted OAuth access and refresh tokens to maintain your connection. You can revoke access at any time from your Google or Microsoft account settings.

Property, tenancy, compliance, and financial data (rent schedules, payment records) is stored for the duration of your subscription and is not automatically discarded. This data is essential for the ongoing operation of the platform's lettings management and reporting features.

3. How We Use Your Data

  • To read, triage, and draft replies to emails in your connected inbox.
  • To generate property listing descriptions, compliance summaries, and other AI-assisted content.
  • To manage your team, subscription, and account within the Faro platform.
  • To process payments and manage your subscription via Stripe.
  • To send you service-related communications (account invites, invoices, product updates).
  • To provide customer support.
  • To comply with legal obligations.

We will never sell your data, use it for advertising, or share it with third parties beyond those listed in Section 5.

4. AI Processing

Faro uses large language models (LLMs) — currently provided by Anthropic and OpenAI — to power features including email triage, draft replies, and listing generation.

When you use an AI feature, relevant content (e.g. an email subject and body, or a property description) is sent to the AI provider to generate a response. We do not send full mailbox history — only the minimum data needed for the specific task.

Anthropic and OpenAI are bound by data processing agreements that prohibit them from using your data to train their models unless you separately opt in with them directly. Data is processed within the EU/UK where possible.

5. Third-Party Services

  • Supabase — database and authentication, hosted on AWS EU (Frankfurt). Your data is stored in the EU.
  • Stripe — payment processing. Subject to Stripe's Privacy Policy.
  • Anthropic — Claude AI for email triaging and content generation. Privacy Policy.
  • OpenAI — GPT for listing and content generation; Whisper for voice transcription. Privacy Policy.
  • Google / Microsoft — when you connect your inbox via OAuth, your connection is governed by their respective terms. You can revoke Faro's access at any time via your Google or Microsoft account settings.
  • Rightmove — if you publish listings via Faro, property data is sent to Rightmove via their Automated Data Feed (ADF). Subject to Rightmove's terms.
  • Vercel — application hosting. EU region where available.

6. Data Retention

We retain your account data for as long as your subscription is active. Email records, property data, lead data, tenancy records, and compliance data are retained for the duration of your subscription plus 90 days after cancellation, then permanently deleted.

If you close your account, we will delete your personal data within the 90-day retention period, except where we are required to retain it for legal or regulatory purposes (e.g. financial records for 7 years under UK law, 10 years under French law). OAuth tokens are deleted immediately upon disconnection of an email account.

7. Your Rights

Under UK GDPR (and EU GDPR for users in France), you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, email nigel@yourfaro.io. We will respond within 30 days.

UK users may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

French users may lodge a complaint with the CNIL at cnil.fr.

8. Cookies

Faro uses essential session cookies for authentication only. We do not use advertising, tracking, or third-party analytics cookies. Removing or blocking these cookies will prevent you from logging in to the platform.

9. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). OAuth tokens are encrypted before storage. Our database uses row-level security — each agency's data is isolated from all others. Access to production systems is restricted and logged.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes by email at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

11. Contact

For any privacy-related questions: nigel@yourfaro.io

Terms of Use← Back to Faro