Privacy Policy
Effective date: May 1, 2026 · Last updated: May 1, 2026
Fohn (“we,” “our,” or “us”) operates fohn.io and the Fohn application (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have.
We have written this policy to be readable, not just legally defensible. If something is unclear, email us at privacy@fohn.io.
1. Information we collect
1.1 Information you give us directly
Account information. When you create a Fohn account, we collect your name and email address. We do not collect or store passwords — authentication is handled via Google OAuth or a magic link sent to your email.
Business context. To generate your marketing plans, we ask for a short description of your business or goals and the URL of your homepage. We crawl that URL (homepage only — no deep crawl of subpages) to gather brand context for AI-assisted content generation.
Uploaded assets. You upload images and video files to your Fohn media library. These files are stored in cloud storage (Amazon S3) under your account.
Billing information. If you subscribe to a paid plan, we collect the information necessary to process your payment. Payment card details are collected and handled exclusively by Stripe, our payment processor — we never see or store your card number, expiry, or CVV. We do store your Stripe Customer ID and subscription status.
Communications. If you contact us by email or through the app, we retain those communications to respond and improve the Service.
1.2 Information collected automatically
Usage data. We log how you interact with the Service — pages visited, features used, actions taken (e.g., plan created, post published). This helps us understand how the product is working and where it can be improved.
AI operation logs.We log metadata about AI operations performed on your behalf — the type of operation (e.g., image analysis, plan generation, copy generation), the number of tokens consumed, and the AI model used. We log this to enforce your plan's usage quota and to understand our infrastructure costs. We do not log the content of AI prompts or responses in this usage log.
Device and connection information. We collect standard web server logs including IP address, browser type, and referring URL. These logs are retained for security and diagnostic purposes.
1.3 Information from third-party platforms
When you connect a social media account to Fohn, we receive information from that platform as part of the OAuth authorization you grant. Specifically:
Instagram.We receive your Instagram user ID, username, account type (Business or Creator), and the OAuth access token that allows us to publish posts and retrieve post-level analytics on your behalf. We also fetch your recent post captions and hashtags to generate your Brand Voice profile. We do not collect your Instagram followers' data.
LinkedIn.We receive your LinkedIn member ID, display name, profile photo URL, and the OAuth access token for your account. We use this token to publish posts (once auto-publishing is enabled) and to retrieve post-level analytics. We do not collect your LinkedIn connections' data.
TikTok(when connected). We receive your TikTok user ID, username, and the OAuth access token required for publishing and analytics. We do not collect your TikTok followers' data.
Google. If you sign in with Google, we receive your Google account ID, name, and email address from Google. We do not access your Google contacts, Drive, Gmail, or any other Google services.
All social platform OAuth tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database.
2. How we use your information
We use the information we collect to:
- Provide the Service — authenticate you, store your assets, generate marketing plans, schedule and publish posts, retrieve analytics, and manage your subscription.
- Generate AI-assisted content — your uploaded assets, business summary, homepage content, and Brand Voice profile are passed to our AI provider (Anthropic) to generate post captions, hashtags, and marketing plans. See Section 4 for details on our AI provider relationship.
- Enforce plan limits— we use usage logs to track your post count, plan generation count, storage usage, and AI token consumption against your plan's limits, and to surface warnings when you approach those limits.
- Send transactional emails — we send emails for account sign-in (magic links), post publication confirmations, post failure notifications, payment receipts, and billing alerts. We use Resend to deliver these emails.
- Improve the Service — aggregate, anonymized usage data helps us understand which features are working and how to improve the product.
- Maintain security — we use log data to detect and respond to abuse, unauthorized access, and technical problems.
- Comply with legal obligations — we retain and disclose information as required by applicable law.
We do not use your content — your uploaded images, videos, captions, or business context — to train AI models. Content you provide is used solely to generate output for your account.
3. How we share your information
We do not sell your personal information. We share it only in the following circumstances:
3.1 Service providers
We share information with third-party companies that help us operate the Service. These providers are contractually restricted to using your information only to provide services to us.
| Provider | Purpose | Data shared |
|---|---|---|
| Amazon Web Services (S3) | Asset storage | Uploaded images and video files |
| Anthropic | AI content generation | Asset content, business summary, homepage crawl output, Brand Voice profile, post copy context |
| Stripe | Payment processing | Name, email, billing address, subscription events |
| Resend | Transactional email | Name, email address, email content |
| Neon | Database hosting | All structured account and usage data |
| Vercel | Application hosting and compute | Request data, application logs |
3.2 Social platforms
When you publish a post through Fohn, the content of that post (caption, hashtags, and attached media) is transmitted to the relevant social platform (Instagram, LinkedIn, or TikTok) using your authorized credentials. This transmission is the core function of the Service and is performed at your direction.
3.3 Business transfers
If Fohn is acquired, merges with another company, or sells substantially all of its assets, your information may be transferred to the successor entity. We will notify you by email or in-app notice before your information is transferred and becomes subject to a different privacy policy.
3.4 Legal requirements
We may disclose your information if required to do so by law or in good faith belief that such action is necessary to comply with a legal obligation, protect the rights or safety of Fohn or others, or investigate fraud or security incidents.
4. AI content generation
Fohn uses Claude, developed by Anthropic, as its AI model for image analysis, copy generation, and marketing plan creation. When you trigger an AI operation, relevant context — which may include your uploaded asset content, business summary, homepage crawl output, and Brand Voice profile — is sent to Anthropic's API to generate a response.
Anthropic's API usage is governed by Anthropic's privacy policy and data usage policies. Per Anthropic's API terms, content submitted via the API is not used to train Anthropic's models by default.
We do not share your account credentials, payment information, OAuth tokens, or post analytics data with Anthropic. Only the context required for the specific AI operation is transmitted.
5. Data retention
We retain your data for as long as your account is active or as needed to provide the Service.
Account data (name, email, business context, connected platforms) is retained until you delete your account.
Uploaded assets (images and video files) are retained until you delete them from your library or delete your account. Deleting an asset from your library removes it from our storage within 30 days.
Post records and analyticsare retained for the duration of your account and are accessible to you according to your plan's analytics history limit.
AI usage logs are retained for 13 months to support quota enforcement, billing dispute resolution, and cost analysis. Log records older than 13 months are deleted on a rolling basis.
Billing records are retained for 7 years as required by financial recordkeeping obligations.
Server logs are retained for 90 days.
When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required for legal or financial compliance purposes.
6. Security
We take reasonable technical and organizational measures to protect your information:
- OAuth tokens for connected social accounts are encrypted at rest using AES-256-GCM before storage.
- All data in transit uses TLS 1.2 or higher.
- Your uploaded assets are stored in a private S3 bucket; access is via short-lived pre-signed URLs only — no direct public access.
- Database access is restricted to application infrastructure; no public database endpoints.
- Stripe processes all payment card data; Fohn never handles raw card numbers.
No security system is impenetrable. If you believe your account has been compromised, contact us immediately at security@fohn.io.
7. Your rights and choices
Account data
You can view and update your name, email, business summary, and homepage URL from within the Fohn app at any time.
Connected accounts
You can disconnect a social platform account at any time from Settings > Connections. Disconnecting removes our stored OAuth token for that account. It does not delete posts already published to that platform.
Uploaded assets
You can delete individual assets from your media library at any time. Deletion removes the file from our storage within 30 days.
Account deletion
You can request deletion of your Fohn account by emailing privacy@fohn.io. We will delete your account and associated personal data within 30 days of receiving your request, subject to retention obligations described in Section 5.
Marketing communications
We do not send marketing emails unless you have opted in. If you have opted in and wish to unsubscribe, use the unsubscribe link in any marketing email or email us at privacy@fohn.io.
Data portability
You can request an export of your account data by emailing privacy@fohn.io. We will provide a machine-readable export of your post records, analytics data, and account information within 30 days.
California residents (CCPA)
California residents have the right to know what personal information we collect and how it is used, request deletion of their personal information, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@fohn.io.
EEA and UK residents (GDPR)
If you are located in the European Economic Area or United Kingdom, you have rights under the GDPR including the right to access, correct, erase, and port your personal data, and to object to or restrict certain processing. Our legal basis for processing is our contractual obligation to provide the Service (Article 6(1)(b)) and our legitimate interests in operating and improving it (Article 6(1)(f)). To exercise your rights, contact privacy@fohn.io. You also have the right to lodge a complaint with your local supervisory authority.
8. Cookies
Fohn uses a small number of cookies and similar technologies:
- Authentication cookies — required to maintain your session. These are set by NextAuth.js and cannot be disabled without preventing login.
- Preference cookies — store your UI preferences (e.g., dark/light mode). These are functional and not used for advertising.
We do not use third-party advertising cookies or cross-site tracking technologies. We do not serve ads.
9. Children's privacy
The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe we have collected such information, contact us at privacy@fohn.io.
10. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and by posting a notice in the app at least 14 days before the changes take effect. The “last updated” date at the top of this page reflects when changes were last made. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact us
If you have questions about this Privacy Policy or your data, contact us at:
Email: privacy@fohn.io
Mailing address: Fohn Software, LLC, PO Box 743, Portland, OR 97215
Fohn.io — Privacy Policy — Effective May 1, 2026