Legal

Privacy Policy

How Foreman, Inc. collects, uses, and protects information when you use our service. Plain language where we can manage it.

Document
Effective March 1, 2026 Version 2.0 Contact privacy@foreman.work

1. What we collect

We collect three categories of information:

Account information

Name, business name, email, phone number, password hash, billing details. You provide this when you sign up.

Customer data

The contact details, service history, equipment, and message threads you upload or generate. You are the controller of this data; Foreman is the processor.

Usage data

How you interact with the Service: pages visited, features used, error logs, IP address, device type. We use this to keep the Service running and improve it.

2. How we use it

  • To provide the Service: scoring customers, drafting outreach, syncing calendars, etc.
  • To communicate with you about your account, billing, support, and product updates;
  • To detect fraud and abuse;
  • To meet our legal obligations.

We do not use your customer data for advertising. We do not sell your data to anyone.

3. AI and your data

Foreman uses large language models to score customers and draft messages. Here's what that means in practice:

  • We do not train third-party AI models on your data. When we send a prompt to a third-party LLM (Anthropic), we do so with zero-retention agreements where available.
  • Edits you make to drafts inform your own account's voice profile. They do not influence other accounts.
  • Aggregated, de-identified usage signals (e.g., "this kind of opener gets edited often") may be used to improve our scoring and drafting systems.
  • You can opt out of voice-learning entirely in account settings.

4. Sharing

We share information only with:

  • Subprocessors who need it to run the Service (see below);
  • Your team members, if you've given them access;
  • Recipients of outreach you've approved (i.e., your customers — that's the point);
  • Authorities, when legally required, after due process.

5. Subprocessors

Current subprocessors:

  • Amazon Web Services — hosting and infrastructure (US-East)
  • Anthropic — language model inference (zero-retention)
  • Twilio — SMS delivery (only if SMS is enabled)
  • Google — OAuth & email integration (only as you authorize)
  • Stripe — payment processing
  • Resend — transactional emails (account, billing)

We give 30 days' notice before adding new subprocessors that access customer data.

6. How long we keep it

We retain account data while your account is active and for up to 30 days after termination, after which it's permanently deleted. Backups are pruned within 90 days.

Some records (billing, audit logs) are kept longer where law requires — typically up to 7 years.

7. Your rights

You can:

  • Access and export your data at any time, in CSV or JSON;
  • Correct inaccurate information through your account settings;
  • Delete your account, which triggers full data purge within 30 days;
  • Opt out of voice-learning;
  • Object to processing in limited circumstances.

If you're in the EEA, UK, or California, additional rights may apply under GDPR or CCPA. Contact privacy@foreman.work to exercise them.

8. Security

We encrypt data in transit (TLS 1.3) and at rest (AES-256). We follow least-privilege access controls. We run continuous backups and tested disaster recovery. Full details on the Security page.

9. Children

The Service is for businesses. It is not directed at children under 16, and we do not knowingly collect their information.

10. Changes to this Policy

We may update this Policy. Material changes will be communicated by email or in-app notice at least 14 days before they take effect.

11. Contact

Privacy questions, deletion requests, or concerns: privacy@foreman.work. We respond within 7 business days.

Data Protection Officer: Available on request for EEA/UK customers.