Folo Privacy Policy

Effective Date: 2025-05-15

At Folo, your personalized RSS reader and content hub, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how Natural Selection Limited ("we," "us," or "Folo"), the operator of Folo, collects, uses, shares, stores, and protects your personal data when you use our application and related services (collectively, the "Service"). By using Folo, you agree to the practices described in this Privacy Policy and our Terms of Service.

This policy is designed to comply with Singapore’s Personal Data Protection Act (PDPA) and, where applicable, other data protection laws such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). If you have any questions, please contact us at [email protected].

1. What Data We Collect

We collect personal data to provide, improve, and personalize the Service. The types of data we collect include:

1.1 Information You Provide

• Account Information: When you create a Folo account, we collect your email address, username, and password. You may optionally provide additional details, such as your name or profile preferences.
• User Content: Data you submit, such as RSS feed subscriptions, comments, or content you upload or share via the Service.
• $POWER Transactions: If you purchase or earn $POWER (our virtual point system), we collect payment-related information (e.g., transaction IDs) and details of your $POWER activities.
• Communications: Information you provide when contacting us (e.g., via [email protected] or in-app support), such as your name, email, and message content.

1.2 Information We Collect Automatically

• Usage Data: Information about how you interact with the Service, including pages visited, features used (e.g., AI-powered translation or recommendations), RSS feeds subscribed, and $POWER transactions.
• Device and Technical Data: IP address, device type, operating system, browser type, and unique device identifiers.
• Analytics Data: Aggregated data on user behavior, such as time spent on the app or frequency of feature use, collected via analytics tools.

1.3 Information from Third Parties

• Third-Party RSS Feeds: Content from RSS feeds you subscribe to, which may include metadata (e.g., article titles, publication dates) but not personal data unless you explicitly share it.
• Payment Processors: If you purchase $POWER, our third-party payment processors collect payment details (e.g., credit card information), which we do not store directly.

We do not collect sensitive personal data (e.g., health, biometric, or racial information) unless voluntarily provided by you in user content, and we discourage sharing such data.

2. How We Use Your Data

We use your data to provide, improve, and personalize the Service. Specific purposes include:

• Service Delivery: To manage your account, process $POWER transactions, display RSS feeds, and enable features like AI-powered translation, summarization, and recommendations.
• Personalization: To tailor content and recommendations based on your subscriptions and usage patterns.
• Analytics and Improvement: To analyze usage trends, troubleshoot issues, and enhance the Service’s functionality and user experience.
• Security: To detect and prevent fraud, unauthorized access, or malicious activities (e.g., misuse of the $POWER system).
• Communication: To respond to your inquiries, send service-related notifications (e.g., Terms of Service updates), and, with your consent, provide promotional updates.
• Legal Compliance: To comply with applicable laws, regulations, or legal requests (e.g., under Singapore’s PDPA).

3. How We Share Your Data

We do not sell your personal data. We may share your data in the following circumstances:

• Service Providers: With trusted third-party providers who assist with hosting, analytics, payment processing, or customer support. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• $POWER System: Limited data (e.g., usernames) may be shared with content creators you reward with $POWER to facilitate recognition within the Service.
• Legal Obligations: When required by law, court order, or government authority (e.g., to comply with PDPA or respond to lawful requests).
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, subject to equivalent privacy protections.
• With Your Consent: If you explicitly agree to data sharing (e.g., for third-party integrations you authorize).

User content you share publicly (e.g., comments visible to other users) is your responsibility, and you should avoid sharing sensitive information.

4. Your Rights and Choices

You have rights over your personal data, subject to applicable laws (e.g., PDPA, GDPR, CCPA). These include:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your data, subject to legal retention requirements.
• Data Portability: Request a copy of your data (e.g., RSS subscriptions) in a structured, machine-readable format.
• Objection/Restriction: Object to or restrict certain data processing activities (e.g., personalized recommendations).
• Withdraw Consent: Where we rely on your consent (e.g., for promotional emails), you may withdraw it at any time.

To exercise these rights, contact us at [email protected] or use the in-app support feature. We will respond within 30 days, as required by PDPA, or sooner if mandated by other laws (e.g., GDPR’s 1-month timeline).

You may also:

• Manage Notifications: Opt out of non-essential communications via account settings or by following unsubscribe instructions in emails.
• Disable Analytics: Adjust device settings or contact us to limit analytics tracking, where feasible.
• Delete Your Account: Terminate your account via account settings, which will delete associated personal data, except where retention is legally required.

5. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law:

• Account Data: Retained while your account is active and for [6 months] after account deletion to address disputes or legal requirements, unless a longer period is mandated.
• Usage Data: Retained in aggregated, anonymized form for analytics purposes.
• $POWER Transactions: Retained for [5 years] to comply with financial record-keeping laws.
• User Content: Retained until you request deletion or your account is terminated, subject to legal obligations.

After the retention period, we will securely delete or anonymize your data. Contact us for specific retention details.

6. Data Security

We implement reasonable technical and organizational measures to protect your data, including:

• Encryption of data in transit (e.g., via HTTPS) and at rest where feasible.
• Access controls to limit data access to authorized personnel.
• Regular security assessments to identify and address vulnerabilities.

However, no system is completely secure. If we detect a data breach, we will notify affected users and relevant authorities (e.g., Singapore’s Personal Data Protection Commission) as required by law (e.g., within 72 hours under PDPA).

7. International Data Transfers

Folo is operated from Singapore, but our service providers may be located in other countries. When we transfer your data outside Singapore, we ensure appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) for transfers to jurisdictions without adequate data protection (e.g., under GDPR).
• Compliance with PDPA’s requirements for overseas data transfers.

If you are in the EU or another region with strict data protection laws, contact us for details on our transfer mechanisms.

8. Children’s Privacy

Folo is not intended for users under 13. We do not knowingly collect personal data from children under 13. If we learn such data has been collected, we will promptly delete it. If you believe a child under 13 has provided data, contact us at [email protected].

9. Third-Party Links and Services

The Service includes third-party RSS feeds and may link to external sites. We are not responsible for the privacy practices of these third parties. Review their privacy policies before sharing data. Similarly, our payment processors handle payment data under their own policies, which you should review.

10. AI Features and Data Use

Folo’s AI features (e.g., translation, summarization) may process your RSS feed data and usage patterns to generate outputs. We do not use your personal data to train AI models without your explicit consent. AI-generated outputs are provided “as is,” and you should verify their accuracy.

11. $POWER System

When you use $POWER, we collect transaction data to facilitate rewards and prevent fraud. We do not share payment details beyond what is necessary for processing. $POWER has no real-world monetary value, and related data is retained as outlined in Section 5.

12. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes (e.g., new data uses) at least 14 days in advance via email, in-app notification, or our website (https://app.follow.is). Continued use of the Service after updates constitutes acceptance. Check this page periodically for the latest version.

13. Contact Us

For questions, concerns, or to exercise your data rights, contact us at:

• Email: [email protected]

If you are in Singapore and believe we have not addressed your concerns, you may contact the Personal Data Protection Commission (PDPC) at https://www.pdpc.gov.sg/.

If you are in the EU, you may contact your local data protection authority. Our EU representative (if required under GDPR) can be reached at [Insert EU Representative Contact, if applicable].

14. Additional Information for Specific Jurisdictions

• EU/EEA Users (GDPR): We process10 apply GDPR safeguards for data transfers and designate an EU representative if required. You have rights to access, rectify, erase, restrict, or port your data.
• California Users (CCPA): You have rights to know, delete, and opt out of data sales (we do not sell data). Contact us to exercise these rights.
• Singapore Users (PDPA): We comply with PDPA’s requirements for consent, notification, and data protection.

By using Folo, you acknowledge that you have read and understood this Privacy Policy.