Skip to content
← Back to LiveFolio

Privacy Policy

Last updated: June 15, 2026

1. Introduction

LiveFolio (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the LiveFolio cloud-hosted Service (“the Service”).

The open-source (OSS) version of LiveFolio runs locally on your machine and does not transmit data to our servers. This Privacy Policy applies only to the cloud-hosted Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and organization name.
  • User Content: HTML documents, files, and other content you create, upload, or publish through the Service.
  • Payment Information: When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card details. We do not store full card numbers on our servers.
  • Communications: When you contact us for support or send us feedback, we collect your message and any information you choose to include.

2.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions performed.
  • Technical Data: We collect IP addresses, browser type and version, device information, and timestamps for requests made to the Service.
  • Folio Analytics: For shared folios, we collect aggregate view counts and reaction metrics. We do not track individual viewer identities for public folios.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service.
  • Process your subscription payments and manage your account.
  • Send you transactional emails (account notifications, billing receipts, product updates).
  • Respond to your support requests and feedback.
  • Monitor and analyze usage patterns to improve performance and user experience.
  • Detect, prevent, and address technical issues, fraud, or abuse.

4. Data Sharing

We do not sell your personal information. We share your data only in the following circumstances:

  • Service Providers: We use third-party services to operate the Service — Supabase (database and authentication), Stripe (payment processing), and Resend (email delivery). These providers only receive the data necessary to perform their functions.
  • Legal Obligations: We may disclose information if required by law, regulation, or valid legal process.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

5. Cookies

We use essential cookies for authentication and session management. These cookies are necessary for the Service to function and cannot be disabled. We do not use third-party tracking cookies for advertising purposes.

You can configure your browser to reject cookies, but this may prevent you from using certain features of the Service.

6. Data Retention

We retain your account information and User Content for as long as your account is active. When you delete your account:

  • Your User Content is permanently deleted within 30 days.
  • Account and billing records are retained for legal and audit purposes for a period of up to 7 years.
  • Aggregate, anonymized data may be retained indefinitely.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Regular security audits and penetration testing.
  • Access controls limiting employee access to production data.
  • Incident response procedures with mandatory breach notification within 72 hours.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to certain processing activities.

To exercise these rights, contact us at privacy@livefolio.cloud. We will respond within 30 days.

9. International Data Transfers

LiveFolio Cloud is hosted on infrastructure provided by Supabase and may process your data in the United States or other jurisdictions. We ensure adequate safeguards are in place for international transfers in compliance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after changes take effect constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@livefolio.cloud.