Privacy Policy
This page explains what Foyer collects, why we collect it, who we share it with, and how to exercise your rights. Last updated 6 May 2026. Effective from the same date.
On this page
- Who we are
- Scope
- Data we collect from customers (people who run Foyer)
- Data we collect from visitors (people who talk to a Foyer agent)
- Foyer Preview Chrome extension
- How we use the data
- Legal bases (GDPR)
- Processors and sub-processors
- Retention
- Your rights
- Security
- International transfers
- Children
- Changes to this policy
- Contact
1. Who we are
Foyer is a voice AI agent for websites: visitors can talk to your site instead of reading it, and the agent answers from your own content, captures leads, and reports analytics back to you. Foyer is operated by ReachLLM Inc. (referred to as "Foyer," "we," "us" in this policy).
Reach us at hello@tryfoyer.ai for any privacy question, request, or complaint.
2. Scope
This policy covers our website (tryfoyer.ai), our dashboard (app.tryfoyer.ai), the Foyer voice widget that customers embed on their own sites via a <script> tag, the Foyer Preview Chrome extension, and our REST API.
It does not cover the websites our customers run. When you talk to a Foyer agent on a third-party site, that site's own privacy policy governs how the site itself handles your data; this policy only governs the part Foyer touches.
3. Data we collect from customers
"Customers" are the businesses and creators who sign up at app.tryfoyer.ai and run Foyer agents on their sites.
Account data
- Email address, name (optional), and a hashed password.
- Subscription tier, billing interval, and Stripe customer ID once you upgrade. We never store full card numbers — Stripe holds those.
- Onboarding answers (business type, website type, traffic estimate, primary goal). Used to tailor product guidance and inform the right tier.
Agent and content data
- The website URLs you point Foyer at. We crawl those pages so the agent can answer from your own content.
- The page text we extract during indexing, plus chunked vector embeddings used for retrieval at conversation time.
- Voice and theme settings you pick (color, button copy, default language, etc.).
Usage and operational data
- Per-conversation duration in minutes, used for billing and quota enforcement.
- Server logs (timestamps, request paths, error traces) retained for short-term debugging.
- Dashboard analytics events (page views, button clicks) collected via PostHog so we know which features are used.
4. Data we collect from visitors
"Visitors" are the people who interact with a Foyer agent on a customer's site. The customer who deployed the agent is the data controller for visitor interactions; Foyer is a processor on their behalf, except where we describe operational data below.
Conversation data
- Audio of the conversation while it is in progress, processed by ElevenLabs to generate the agent's voice. Audio is not stored on our servers after the call ends.
- A text transcript of the conversation, retained so the customer can review past calls and so we can resume context if the visitor returns.
- If the visitor shares contact info during a conversation, we capture that as a "lead" record (name, email, intent, page URL).
Analytics and operational data
- Cookieless visitor ID (a hash of IP + user-agent + day, or a localStorage random ID), used to count returning vs. new visitors without tracking individuals across sites.
- Approximate location: country and city derived from the IP address. We do not store the raw IP after the lookup.
- Device, browser, operating system parsed from the user-agent header.
- Page URL, time on site, click count, and keystroke count for the page where Foyer is loaded. These are aggregated into per-day counters.
- Whether the visitor opened the conversation and how long they spoke with Foyer.
5. Foyer Preview Chrome extension
The Foyer Preview Chrome extension lets a logged-in customer overlay their own Foyer agent on any web page so they can test it before installing the <script> tag. It is a developer/testing tool intended for the customer themselves.
- The extension reads our
foyer-auth-tokencookie from app.tryfoyer.ai to identify the signed-in user. The cookie is set by our normal sign-in flow; the extension does not collect a separate password. - The extension calls our API (/api/auth/me, /api/agents) to list the customer's own agents. It does not transmit any data from the third-party page back to Foyer.
- When the customer clicks "Preview on this site," the extension injects the same widget code that ships with the
<script>tag. From that point the data flow is identical to a normal Foyer install on that page. - The extension stores the active preview state and a 5-minute widget bundle cache in chrome.storage.session, which is cleared automatically when Chrome restarts. It does not use chrome.storage.sync and does not transmit settings to Google.
- The extension requests these Chrome permissions: activeTab, scripting, storage, cookies, webNavigation, and host_permissions: <all_urls>. Each is used only for the preview-injection flow described above.
6. How we use the data
| Purpose | What we use |
|---|---|
| Provide the service (host the agent, run conversations, save leads) | Account data, agent content, conversation data |
| Bill the right amount | Conversation duration, Stripe customer ID |
| Send the customer their own lead notifications and usage threshold emails | Email address, lead records, usage counters |
| Help the customer understand their site's voice activity | Visitor analytics rollups |
| Improve the product (which features are used, which onboarding flows lose people) | Dashboard PostHog events, server error logs |
| Keep accounts secure (signup OTP, password reset, abuse detection) | Email address, hashed password, request IP |
| Comply with legal obligations | Whatever the obligation requires; we minimize |
We do not sell personal data and we do not use customer or visitor data to train Foyer's models or any third-party model.
7. Legal bases (GDPR)
If you are in the EEA, UK, or Switzerland, the legal bases on which we process your data are:
- Contract — processing needed to deliver the service you signed up for (account, billing, agent operation).
- Legitimate interest — measuring product usage, defending against abuse, and operating the analytics our customers see about their visitors. Balanced against your rights, which always win on objection.
- Consent — microphone access during a voice conversation, granted via the browser's native permission prompt; PostHog product analytics where local law requires opt-in.
- Legal obligation — when a court order or applicable law compels disclosure.
8. Processors and sub-processors
We share data only with the vendors that run our infrastructure. Each is bound by a Data Processing Agreement.
| Vendor | What for | Where |
|---|---|---|
| Railway | Application hosting (server, dashboard, widget bundle) | United States |
| Upstash Redis | Primary data store (accounts, agents, conversations, vectors) | United States / EU |
| ElevenLabs | Real-time voice synthesis and recognition | United States |
| Anthropic, OpenAI, Google | LLM inference for agent responses (whichever model the customer selects) | United States |
| Firecrawl | Crawling and indexing customer websites | United States |
| Stripe | Payment processing and subscription management | United States / EU |
| Resend | Transactional email (signup OTP, password reset, lead notifications, usage alerts) | United States |
| PostHog | Product analytics (which features get used in the dashboard) | United States |
| Cloudflare | DNS and edge protection | Global |
| MaxMind GeoIP | Embedded country lookup (no API call leaves our server) | Local lookup |
9. Retention
- Account data — kept while your account is active and for up to 90 days after closure, then deleted.
- Conversation transcripts — retained for the customer's reference for as long as the agent is active. Deleting the agent removes its transcripts.
- Lead records — kept until the customer deletes them or closes the account.
- Analytics rollups — daily aggregates kept indefinitely; per-visitor session keys expire after 7 days.
- Server logs — typically 7–30 days, longer for security incident review.
- Stripe billing data — retained per Stripe's policy and applicable tax law.
10. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data ("right to be forgotten") subject to legal retention requirements.
- Export your data in a portable format.
- Object to processing based on legitimate interest.
- Withdraw consent at any time, where consent was the basis.
- Lodge a complaint with your local data protection authority (e.g. the UK ICO, Ireland's DPC, or your state attorney general for U.S. residents).
Most rights for visitors should be raised with the Foyer customer whose site you used, since they are the controller. We will help them respond. To exercise rights against Foyer directly, email hello@tryfoyer.ai; we aim to respond within 30 days.
11. Security
- HTTPS everywhere. Strict SameSite + Secure cookies for the auth token in production.
- Passwords are hashed with bcrypt; we never see the raw value after signup.
- JWT secrets are environment-scoped; the production server refuses to start with a default or short secret.
- Signup uses a 6-digit OTP so we don't create accounts for unverified email addresses.
- Stripe handles all card data. We never store card numbers.
- Voice traffic is end-to-end TLS to ElevenLabs.
- Internal access is on a need-to-know basis. We're a small team and we take this seriously, but no system is bulletproof — if something does go wrong, we'll notify affected users without delay.
12. International transfers
Foyer is operated from the United States and most processors are based there. If you access Foyer from outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses (or the equivalent under UK and Swiss law) for transfers from the EEA, UK, and Switzerland, and we apply technical safeguards (encryption in transit, hashed credentials, scoped access) to all transferred data.
13. Children
Foyer is not directed at children under 13 (or under 16 in the EEA), and we do not knowingly collect personal data from them. If you believe a child has shared personal data with us, contact hello@tryfoyer.ai and we will delete it.
14. Changes to this policy
We may update this policy as the product evolves. Material changes will be announced in-app and by email to active customers at least 14 days before they take effect. Older versions are available on request.
15. Contact
Email: hello@tryfoyer.ai
Website: tryfoyer.ai
Mail: ReachLLM Inc., privacy inquiries