Refolk
BlogSign in

Legal

Privacy Policy

Last updated May 2, 2026

Who we are

Refolk operates anysearch, a tool for discovering people, repositories, and organizations from public data sources. For privacy questions, contact hello@refolk.ai.

Data we collect

  • Account data. Email, name, and avatar provided by your sign-in provider (Google or GitHub). If you connect GitHub, we store an OAuth token used only to query GitHub on your behalf.
  • Usage data. Search queries, conversations, credit ledger entries, and basic request metadata (timestamps, IP, user agent) needed to operate, secure, and bill the service.
  • Payment data. Stripe handles all card data. We store only the Stripe customer/charge identifiers needed to reconcile credit top-ups.
  • Search results. Public data about third parties returned by GitHub, third-party people/company data providers, GH Archive, and Anthropic web search. We cache results transiently to make follow-up questions fast.

How we use it

  • To run searches you request and return results in your conversations.
  • To operate accounts, credits, billing, and customer support.
  • To prevent abuse, fraud, and to protect the service and its users.
  • To improve product quality (aggregated, de-identified usage analysis).

We do not sell personal data. We do not use your conversations to train third-party models.

Subprocessors

We share the minimum data required with these processors:

  • Supabase / Neon (Postgres hosting)
  • Vercel (application hosting)
  • Anthropic (LLM and web-search)
  • Stripe (payments)
  • Resend (transactional email)
  • Google & GitHub (sign-in)
  • Third-party people/company data providers, GitHub API, Google BigQuery (data sources)
  • PostHog (product analytics and error tracking)
  • Microsoft Clarity (session replay and heatmaps)

Third-party data and your rights

anysearch surfaces public information about third parties from sources like GitHub. If you are a data subject and want your information removed from results we return to our users, email hello@refolk.ai and we will action requests within 30 days where the law requires.

Under GDPR/CCPA you may request access, correction, deletion, or export of your account data. Account holders can request deletion at any time by emailing the address above; we will purge your account, conversations, and credit ledger within 30 days, subject to billing/audit retention required by law.

Retention

We retain account and conversation data for as long as your account is active. Credit ledger entries are retained for at least 7 years to satisfy financial recordkeeping. Logs and telemetry are retained for up to 90 days.

Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to authorized personnel using SSO and least-privilege controls.

Children

The service is not intended for users under 16.

Changes

We will post material changes here and update the “Last updated” date. Continued use of the service after a change means you accept the updated policy.