Privacy Policy
LAST UPDATE: September 22, 2025
Our privacy policy outlines how we collect, use, and protect your personal information.
Factory Privacy Policy
This privacy notice for The San Francisco AI Factory Inc. (doing business as Factory) ("Factory," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:
- Visit our website at factory.ai, or any website of ours that links to this privacy notice.
- Engage with us in other related ways, including any sales, marketing, or events.
Questions or Concerns?
Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@factory.ai.
Summary Of Key Points
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents to find the section you are looking for.
Our responsibilities
What personal information do we process?
When you visit, use, or navigate our Services, we may process personal information depending on how you interact with Factory and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information?
When you visit, use, or navigate our Services, we may process personal information depending on how you interact with Factory and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we receive any information from third parties?
We do not receive any information from third parties.
How do we process your information?
We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. In no event shall Factory use any customer code and accounts or other data provided by the customer (including third party data) to train AI models without the customer's prior written consent.
In what situations and with which types of parties do we share personal information?
We may share information in specific situations and with specific categories of third parties. We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
What are your rights?
Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights?
The easiest way to exercise your rights is by visiting privacy@factory.ai, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
When and how we collect data
If you are only a visitor to our website, please know that we do not collect any personal data before you request a demo or join our waitlist.
From the moment you request a demo of Factory, we start collecting data. Sometimes you provide us with data, sometimes data about you is collected automatically.
Here's when and how we do this:
| DATA YOU GIVE | DATA WE COLLECT | ACTION |
|---|---|---|
| You request a demo of Factory | ||
| We call you | ||
| You use Factory | ||
| You receive emails from us | ||
| You chat with us for customer support | ||
| You opt-in to marketing messages |
Types of data we collect
Contact details
Your name, email address, role in your company, etc.
Financial information
Your bank account number, sort code, credit/debit card details, etc.
Metadata from your code repositories
The name of your code repositories / projects, code files, APIs & databases, URLs to GitHub / GitLab files, commits, etc.
Metadata from your teams
Your data sources & destinations, types of data, business processes, hosting location, security measures, etc.
Data that identifies you
Your IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version, etc.
Data on how you use Factory
Your URL clickstreams (the path you take through our site), pages viewed, page response times, download errors, how long you stay on our pages, what you do on those pages, how often, and other actions.
Customer and Applicant Data
In some cases during prospect and customer engagements, or when interviewing applicants for employment, we may record our meetings. These recordings are used for internal educational purposes only. For such recordings, we use a third-party vendor, Fireflies.ai. Fireflies.ai's Privacy Policy can be viewed at https://fireflies.ai/privacy_policy.pdf.
Employment-Related Data
We may receive and process employment-related information, such as employment history, resumes, background information, recordings of interviews, and other relevant information to help us to recruit new employees and independent contractors, and to manage our interactions with current employees and independent contractors.
Anonymized Data
Personal information does not include anonymized data, which is data that has been rendered anonymous in such a way that you are no longer identifiable ("anonymized data"). We may use anonymized data for our own purposes in any manner and without attribution or compensation to any person.
What about really sensitive data?
We don't collect any "sensitive data" about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offenses or alleged offenses).
What about children's data?
Factory is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not target Factory at children, and we do not knowingly collect any personal data from any person under 18 years of age. If you are aware of anyone under 18 using the Factory website, please contact us using the contact information provided above and we will take required steps to delete any such information and/or prevent that individual from accessing the website.
How and why we use your data
Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:
Keeping Factory Running
Login and authentication, processing payments, and essential services.
Legal Basis: Legitimate Interests
Improving Factory
Product analytics, testing features, and understanding user sessions and usage patterns.
Legal Basis: Legitimate Interests
Customer Support
Notifying you of any changes to our Services, solving issues via live chat support, phone or email including any bug fixing.
Legal Basis: Legitimate Interests
Marketing Purposes (With your Consent)
Sending you emails and messages about new features, products and services, and content.
Legal Basis: Consent
Here is what each of these "legal bases" mean:
Consent
You have given clear consent for you to process your personal data for a specific purpose.
You can change your mind!
If you have previously given consent to our processing your data you can freely withdraw such consent at any time. You can do this by emailing us at privacy@factory.ai.
If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so subject to your legal rights.
Legitimate interests
Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:
- Gaining insights from your behaviour on our website or in our app.
- Delivering, developing and improving the Factory service.
- Enabling us to enhance, customise or modify our services and comms.
- Determining whether marketing campaigns are effective.
- Enhancing data security.
In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.
Your privacy choices and rights
Your choices:
You can choose not to provide us with personal data
If you choose to do this, you can continue to use the website and browse its pages, but we will not be able to process transactions without personal data.
You can turn off cookies in your browser by changing its settings
You can block cookies by activating a setting on your browser allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use Factory but certain services will not work effectively.
You can ask us not to use your data for marketing
We will inform you (before collecting your data) if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing by emailing us at privacy@factory.ai.
Your rights:
You can exercise your rights by sending us an email at privacy@factory.ai.
You have the right to access information we hold about you
This includes the right to ask us supplementary information about:
- The categories of data we're processing
- The purposes of data processing
- The categories of third parties to whom the data may be disclosed
- How long the data will be stored (or the criteria used to determine that period)
- Your other rights regarding our use of your data
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person's confidentiality or intellectual property rights). We'll tell you if we can't meet your request for that reason.
You have the right to port your data to another service
We will give you a copy of your data in CSV or JSON so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
You have the right to be "forgotten" by us
You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your use of Factory.
You have the right to lodge a complaint regarding our use of your data
Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the CNIL, either by calling their helpline or as directed on their website at https://www.cnil.fr/.
Your Rights Under the California Consumer Privacy Act ("CCPA")
If you are a California resident, then under the California Consumer Privacy Act ("CCPA"), you have certain rights regarding the personal information that we may have collected about you. These rights may include the following:
- You can request the following information about how we have collected and used your personal information during the past 12 months:
- The categories of personal information that we have collected;
- The categories of sources from which we collected personal information;
- The business or commercial purpose for collecting, selling and/or sharing personal information;
- The categories of third parties with whom we disclose personal information;
- The categories of personal information that we sold, disclosed, or shared for a business purpose, and
- The categories of third parties to whom the personal information was sold, shared or disclosed for a business purpose;
- You can request a copy of the personal information that we have collected about you during the past 12 months;
- You can ask us to delete the personal information that we have collected from you;
- You can ask us to correct inaccurate personal information that we have collected about you;
- You can request to opt-out of disclosures of your personal information that constitute "selling" or "sharing" of your personal information as defined in the CCPA; and
- You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
Please note that your rights to have personal information deleted are subject to several exceptions, specifically the personal information that is necessary for us to:
- Complete your transaction;
- Provide you a good or service;
- Perform a contract between us and you;
- Protect your security and prosecute those responsible for breaching it;
- Fix our system in the case of a bug;
- Protect the free speech rights of you or other users;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code §1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
You may read more about your California privacy rights here.
To exercise your rights under CCPA, contact our privacy officer at privacy@factory.ai. We commit to respond to your request within 30 days after receipt or less. We may require you to prove your identity in some cases as noted in further detail below. This is done to ensure that no rights of third parties are violated by your request.
Please keep in mind that in the case of a vague request we may engage in a dialogue so as to better understand the motivation and content of the request. We reserve the right to reject requests that are unduly burdensome or repetitive in nature, or if there are legal obligations to maintain the data due to a dispute, compliance, audit, or other investigation.
Verification of Identity
To verify your identity, we may require receipt of an email from an account that matches the email we have on record for you (if one exists), authentication into an online account with us (if you have one), information that we match against information we maintain about you, government identification, a declaration under penalty of perjury or other information, where permitted by law. Your authorized agent may make a request on your behalf upon our verification of the agent's identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with written confirmation that you have given the authorized agent permission to submit the request.
Sharing or Sale of Your Personal Information
We may share your personal information under the circumstances outlined above.
Notice of Right to Opt-Out of the "Selling" or "Sharing" of Your Personal Information
Like many companies, we use services that help deliver interest-based ads to you as described elsewhere in this privacy policy. Our use of some of these services may be classified under California law as a "selling" or "sharing" your personal information (including your business and personal contact information, device data, and online activity data described herein) with the advertising partners that provide the services. You can submit requests to opt-out of this "selling" or "sharing" as noted above. We have no actual knowledge that we have sold or shared the personal information of any California residents under the age of 18.
Anonymized Data
Anonymized data, which cannot be re-identified and does not identify you or any individual person, is exempted under the CCPA (e.g., see Section 1798.145. Exemptions) and may be shared with third parties or provided for sale as summarized above.
Shine the Light
California's "Shine the Light" law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about businesses' practices related to disclosing Personal Information to third parties for the third parties' direct marketing purposes. Alternatively, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties' direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We do not participate in the sharing of your personal information with third parties for the third parties' direct marketing purposes, so there is no need to opt-out.
Your Rights in Various Other Jurisdictions
Various other states, including but not limited to, Colorado, Connecticut, Virginia, and Utah, have passed laws providing their state residents rights that are the same or similar to those afforded under the CCPA and the GDPR. These rights, which we honor in the same fashion as outlined above, include without limitation rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal information processing for targeted advertising and sales.
Some states also provide their state residents with the right to:
- Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
Outside of the US, if you are a resident of another country, state, or province with applicable data privacy laws and regulations that afford you with privacy rights similar to those afforded by the GDPR, CCPA, or other similar laws or regulations, we will honor any requests from you to exercise those privacy rights in accordance with those data privacy laws and regulations to the extent possible.
Communication Opt-Out: You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@factory.ai. Note that you may continue to receive service-related and other non-marketing emails.
Residents of the UK or Europe: If you reside in the UK or Europe, you may contact our Data Protection Officer at privacy@factory.ai to exercise any of your privacy rights. In addition: We commit to notify you, when it is needed under the law, within a reasonable period of time and your data protection authority within the timeframe specified in applicable law about data breaches related to your personal information.
How secure is the data we collect?
We have physical, electronic, and managerial procedures to safeguard and secure the information we collect.
And please remember:
- You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
- You are responsible of your username and password: keep them secret and safe!
- If you believe your privacy has been breached, please contact us immediately at privacy@factory.ai.
Where do we store the data?
The personal data we collect is primarily stored in our Amazon Web Services servers in US West. We process all data in the United States and in any data processing facilities operated by the third parties identified below.
By submitting your personal data, you agree to this transfer, storing or processing by us. If we transfer or store your information outside the European Economic Area (EEA) in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.
How long do we store your data?
We will archive and use any personal identifiable information about you for the duration you have an account with Factory. We will delete your personal data from our archives no later than 10 years from the last time you used Factory or as agreed with you in a separate contract.
Third parties who process your data
Tech businesses often use third parties to help them host their application, communicate with customers, power their emails etc. We partner with third parties who we believe are the best in their field at what they do.
When we do this, sometimes it is necessary for us to share your data with them in order to get these services to work well. Your data is shared only when strictly necessary and according to the safeguards and good practices detailed in this Privacy Policy. Where personal data is transferred to a third party in the United States, we take steps to ensure we agree to the standard contractual clauses with them. We continually monitor this transfer mechanism. Any data transfers to the US are encrypted and generally consist of insensitive personal data.
Here are the details of our main third-party service providers, and what data they collect, or we share with them, where they store the data and why they need it:
Infrastructure
| SERVICE PROVIDER | DATA COLLECTED OR SHARED | PURPOSE | PLACE OF PROCESSING |
|---|---|---|---|
| Amazon Web Services, Inc. Privacy Policy | Contact details, Metadata from your source code, Data that identifies you | This is our primary infrastructure provider. We use it to store data you generate by using the service securely in the cloud. | US |
| Google Privacy Policy | Contact details, Metadata from your source code, Data that identifies you | This is an analytics, infrastructure, and SSO provider. We use it to provide analytics for us to improve our core service, offer authentication options, and utilize certain infrastructure solutions. | US |
| Github Privacy Policy | Repository Data, Metadata from your source code, Data that identifies you | This is a source code and version control provider: we use it to collect data that is used by our products to deliver our core services. | US |
Communications
| SERVICE PROVIDER | DATA COLLECTED OR SHARED | PURPOSE | PLACE OF PROCESSING |
|---|---|---|---|
| Webflow, Inc. Privacy Policy | Contact details | We use this service to build our website and our demo form. | US |
| Zapier, Inc. Privacy Policy | Contact details | We use this service to automate tasks like sending emails. | US |
Payments (Depending on your Payment Terms)
| SERVICE PROVIDER | DATA COLLECTED OR SHARED | PURPOSE | PLACE OF PROCESSING |
|---|---|---|---|
| Stripe, Inc. Privacy Policy | Contact details, Financial information | This service processes payments for us. | EEA & US |
Cookies
We use targeting cookies/Marketing cookies
When you interact with Factory as a user, we (and these third parties) will issue cookies unless you adjust your browser settings to refuse them. These may be 'session' cookies, meaning they delete themselves when you leave Factory, or 'persistent' cookies which do not delete themselves and help us recognise you when you return so we can provide a tailored service.
How can I block cookies?
You can block cookies by activating a setting on your browser allowing you to refuse the setting of cookies. You can also delete cookies through your browser settings. If you use your browser settings to disable, reject, or block cookies (including essential cookies), certain parts of our website will not function fully. In some cases, our website may not be accessible at all. Please note that where third parties use cookies we have no control over how those third parties use those cookies.