Privacy Policy

Effective date: May 13, 2026

Last updated: May 20, 2026

Folio Solutions LLC ("Folio," "we," "us," or "our"), a Michigan limited liability company, operates the website foliosolutions.net and provides the Folio managed packages and related services (collectively, the "Services"). This Privacy Policy describes how we collect, use, share, and protect personal information.

This policy covers two distinct contexts:

1. Website use — when you visit foliosolutions.net or sign up for our waitlist, mailing list, or contact us.
2. Folio managed package use — when a Folio managed package is installed in a Salesforce organization. In this context, the customer (your employer or the entity that licenses Folio) is the data controller, and we act as a data processor on their behalf.

If you are an individual user of a Folio managed package within a customer's Salesforce organization, please review your employer's privacy policy and our Data Processing Addendum (available at foliosolutions.net/dpa) for information about how your data is handled.

Information We Collect

Information you provide

• Email address. When you sign up for our waitlist, mailing list, or contact us.
• Contact information. Name, email address, company name, and the contents of your message when you contact us directly or fill out forms on our website.
• Account information. When you become a Folio Docs customer, billing contact information, billing address, and payment-related information processed by our payment processors.
• Communications. Records of correspondence with our support team, including support tickets, emails, and chat logs.

Information collected automatically when you use the website

• Server and access data. Our hosting provider (Cloudflare) records standard server logs that may include IP address, browser type and version, operating system, referring URL, and the URL of the page requested.
• Privacy-friendly site analytics. We may use a privacy-friendly analytics tool (such as Cloudflare Web Analytics) that collects aggregated, non-identifying usage data without setting tracking cookies or sharing information with third-party advertisers.
• Cookies and similar technologies. We use only the minimal cookies necessary for website functionality. We do not use cookies for advertising or cross-site tracking.

Information collected through the Folio managed packages

When the Folio Docs managed package is installed in a Salesforce organization, we may have access to:

• Subscriber org metadata. Salesforce org ID, edition, package version installed, and number of licensed users. This information is collected automatically by the Salesforce License Management Application (LMA) and is necessary for license management and support.
• Support data. When a customer grants login access for support troubleshooting, we may temporarily access customer data within their org. This access is logged and time-limited.
• Aggregated usage telemetry. We may collect aggregated, non-identifying telemetry about feature usage to improve the Services.

We do not download, copy, or transmit customer content stored within a Folio managed package outside of the customer's Salesforce organization. If a customer grants login access for support, any access takes place inside the customer's own Salesforce org and is logged and time-limited; we do not export or retain customer content as part of that process.

How We Use Your Information

We use information for the following purposes, based on the legal grounds described below:

• To provide and operate the Services (legitimate interest, contract performance): including authentication, license management, customer support, and platform operation.
• To communicate with you (legitimate interest, consent where required): product updates, launch announcements, billing notices, support responses, and (with consent) marketing communications.
• To improve the Services (legitimate interest): analyzing usage patterns, debugging, and product development.
• To comply with legal obligations (legal obligation): tax, accounting, recordkeeping, and responding to lawful requests.
• To protect rights and prevent abuse (legitimate interest): fraud prevention, security monitoring, and enforcement of our terms.

Legal Bases for Processing (EU/UK/EEA Residents)

Where the GDPR applies, we rely on the following legal bases:

• Performance of a contract — processing necessary to provide the Services you have contracted for.
• Legitimate interests — operating, securing, and improving the Services, where not overridden by your rights.
• Consent — for marketing emails and any optional cookies.
• Legal obligation — for tax, accounting, and lawful requests.
• Vital interests — rare cases involving safety or security.

You may withdraw consent at any time without affecting the lawfulness of prior processing.

How We Share Your Information

We share information only as described below:

• Sub-processors. We use third-party service providers to support our own business operations — such as website hosting, marketing email, invoicing, accounting, and source control. A current list is maintained at foliosolutions.net/sub-processors. None of these sub-processors are involved in the operation of the Folio managed packages installed in a customer's Salesforce organization, and customer content stored within those packages is not transmitted to any of them. Sub-processors are contractually bound to handle data only as instructed and to maintain appropriate security.
• Customers (data controllers). When a Folio managed package is used within a customer's organization, information about that organization's use of the Services is shared with the customer.
• Legal compliance. We may disclose information when required by law, subpoena, or other legal process, or to protect rights, property, or safety.
• Business transfers. If Folio is acquired, merged, or undergoes a similar transaction, information may be transferred as part of that transaction. We will notify you of any change in ownership or control of personal information.

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

Data Storage and International Transfers

Folio is operated from the United States, and personal information is stored and processed primarily in the United States. Some of our sub-processors may store or process information in other jurisdictions, including the European Economic Area and the United Kingdom.

For transfers of personal information from the EU, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable. For more information, contact us at the email below.

Data Retention

We retain personal information only as long as necessary for the purposes described in this policy:

• Waitlist and marketing emails. Until you unsubscribe, plus a brief retention period to honor your unsubscribe request.
• Customer account data. For the duration of your subscription, plus 30 days after termination, after which we delete or return data in accordance with our Data Processing Addendum. Backup copies may persist for up to 90 days before automatic deletion.
• Billing and tax records. For the period required by applicable law (typically 7 years).
• Support communications. For up to 3 years after the support interaction concludes.
• Aggregated and anonymized data. Indefinitely, as it no longer constitutes personal information.

Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information, including:

• Encryption of data in transit (TLS 1.2 or higher) and at rest where supported by our infrastructure providers.
• Access controls limiting personnel access to personal information on a need-to-know basis.
• Regular review of security practices and sub-processor compliance.
• Breach notification to affected customers without undue delay, with reasonable efforts to provide initial notification within 72 hours, in accordance with applicable law and our Data Processing Addendum.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to industry-standard practices.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — request a copy of personal information we hold about you.
• Correction — request correction of inaccurate or incomplete information.
• Deletion — request deletion of personal information, subject to legal retention requirements.
• Portability — request a machine-readable copy of information you provided.
• Objection — object to processing based on legitimate interests.
• Restriction — request limited processing in certain circumstances.
• Withdraw consent — for processing based on consent.
• Lodge a complaint — with your local data protection authority.

California residents (CCPA/CPRA)

California residents have additional rights:

• Right to know what personal information we collect, use, disclose, and the categories of recipients.
• Right to delete personal information, subject to exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information for purposes that would require this election.
• Right to non-discrimination for exercising your rights.

To exercise any of these rights, contact us at privacy@foliosolutions.net. We will respond within the timeframes required by applicable law (typically 30 days, extendable in some cases). We may need to verify your identity before fulfilling certain requests.

If you are an end user of a Folio managed package within a customer's Salesforce organization, please direct rights requests to your employer (the data controller) in the first instance. We will assist the data controller in responding to your request.

Email Communications

We use EmailOctopus to manage our waitlist and send email communications. You can unsubscribe from marketing emails at any time using the unsubscribe link in every email. Transactional emails (billing notices, security alerts, support responses) are required for the operation of the Services and cannot be unsubscribed from while you remain a customer.

Children's Privacy

The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it. If you believe we have inadvertently collected information from a child, contact us at privacy@foliosolutions.net.

Third-Party Links

The website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We are not responsible for the privacy practices of third parties.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by:

• Updating the "Effective date" and "Last updated" at the top of this policy.
• For active customers, sending email notification of material changes at least 30 days before they take effect.
• Posting a notice on the website.

Continued use of the Services after the effective date of an update constitutes acceptance of the updated policy.

Contact Us

For questions, concerns, or to exercise your rights:

Email: privacy@foliosolutions.net
Mailing address:
Folio Solutions LLC
1971 E Beltline Ave NE, STE 106 — 1868
Grand Rapids, MI 49525

For European, UK, or Swiss residents: if we have not addressed your concern satisfactorily, you have the right to lodge a complaint with your local data protection authority.