Privacy Policy
Last updated: June 19, 2026
OurFold ("we", "us", or "our") is committed to protecting the privacy of everyone who uses our service. This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.
Account holders provide the following when signing up:
- Your name and email address (used for login and account communication)
- Your leader's name and @leader.org email address(es)
- Your preference for marketing communications
Group members provide only their email address when joining an email group. Group members do not create accounts and are not associated with an account holder's login credentials.
Contact and support form submissions include your name, email address, and the message you provide.
Mission archive is retained to help account holders track which emails were sent and when.
We use the information we collect to:
- Operate and deliver the Service — routing emails from authorized senders to group members
- Send transactional emails, such as welcome messages, join confirmations, and confirmations when a group member leaves a list
- Respond to support and contact requests
- Send product and service updates to account holders who have opted in
- Monitor for abuse and maintain the security of the Service
We do not sell, rent, or trade your personal information to third parties.
The core function of OurFold is to forward emails. When an authorized sender sends an email to your broadcast address, that email — including its content, formatting, and attachments — is delivered to your group members. We do not read, analyze, or store the content of broadcast emails beyond what is necessary for delivery and logging.
Authorized senders can add existing emails to a group's archive by either forwarding them to the group's Forward-to-Archive address (prefix forward-) or CC-ing the Direct-Archive address (prefix direct-) when composing a new email. Either flow may include content originally sent by or to third parties who haven't directly consented to having their messages stored in our service — for example, a message a leader received from a friend or mission leader, or an email composed for a small audience that's also CC'd to Direct-Archive. By using either flow, the authorized sender takes responsibility for the appropriateness of the archive entry. Owners can delete archive entries at any time from the archive page; deletion removes the row, the stored HTML, the source .eml, and any attachments from our storage.
We rely on the following third-party providers to operate the Service:
- Supabase — authentication and database storage
- SendGrid (Twilio) — outbound email delivery
- Cloudflare — inbound email routing and infrastructure
- Stripe — payment processing
- Vercel — web hosting and privacy-friendly aggregate analytics
- Sentry — error monitoring; receives diagnostic context (including your account email) when an error occurs during your session, so we can triage and fix issues
These providers access your data only as necessary to perform services on our behalf and are contractually required to keep your information confidential.
We retain your account information, group members, and archive for as long as your account is active. If you delete your account, the following are permanently removed from our database immediately:
- Your account name and email address
- Your leader's name and email address(es)
- All group members on every list you owned
- All archive and message content
- Your leader's login (if your leader set one up)
Group member email addresses are also removed from a list when the group member leaves the list — via the leave link included in every broadcast — or when the account holder removes them manually.
Data retained by third-party providers. Some data lives outside our database with the providers we use to deliver the Service. We cannot delete this data on your behalf, but we minimize what flows to each provider:
- Stripe retains payment transaction records — including the billing information you provide during checkout, payment amounts, and timestamps — for the period required by financial-records regulations (typically seven years). We pass only an internal identifier to Stripe with each charge; we do not share your account name or email with Stripe ourselves.
- SendGrid retains email delivery event logs (sent, delivered, bounced) for 30 days. After 30 days these logs are automatically purged. We do not maintain a separate contact list with SendGrid.
- Supabase may retain authentication records briefly after an account is deleted; these are purged within Supabase's internal retention window.
- Cloudflare processes inbound emails in transit and does not retain message content beyond the short operational delivery window required to forward them.
- Sentry retains error events — including the affected user's account ID and email plus relevant request context — for the period defined in our Sentry plan (typically 30 to 90 days), after which events are automatically purged.
If you have questions about data held by these providers or wish to exercise rights under applicable data protection laws (such as GDPR or CCPA), please contact us and we'll help coordinate the appropriate request.
Group members can leave any email group at any time by clicking the leave link included in every broadcast email. Upon leaving, the group member's email address is immediately removed from that list and they will receive no further emails from it.
We use session cookies to keep you logged in while using the Service. We do not use third-party tracking cookies or advertising trackers.
We use Vercel Web Analytics to understand aggregate traffic and conversion patterns on our site. Vercel Analytics does not use cookies and does not collect personally identifiable information.
Marketing attribution. When you arrive from one of our own ads or referral links, we record the campaign or referral information from the web address (for example, which ad or link you came from) in your browser's local storage — not cookies. If you later create an account or place an order, we attach that information to your record so we can measure which of our marketing efforts are working. This data stays within our own systems; we do not use an advertising pixel and we do not share it with Facebook, Google, or any ad network. It contains no information about your letters or personal messages.
Email open tracking. Emails we send — broadcasts and transactional messages alike — may include a small invisible image that lets us tell whether the message was opened. We use this only in aggregate, to monitor deliverability and maintain our sender reputation so our emails reach the inbox. You can prevent it by configuring your email program not to load remote images.
We take reasonable measures to protect your information, including encrypted storage of passwords and secure HTTPS connections. However, no transmission over the internet is completely secure, and we cannot guarantee the absolute security of your data.
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy or how your data is handled, please reach us through the Contact page.