Security & Data Handling
This page describes how Foldly handles your data, who can access it, and what security controls are in place today. It is written for workspace owners, security reviewers, and anyone evaluating Foldly for their organization.
For legal terms, see the Privacy Policy and Terms of Service.
What Foldly Handles
Foldly is a document intake platform. Organizations use it to collect files from clients, vendors, and external collaborators through branded upload links, email ingestion, and historical inbox imports.
The categories of data Foldly stores and processes include:
Uploaded files: Documents, images, PDFs, and other files uploaded by workspace owners or by external users through shareable links.
File metadata: File names, sizes, MIME types, upload timestamps, and uploader email addresses.
Account information: Name, email address, and authentication credentials (managed by Clerk).
Email metadata: For email-ingested files, this includes sender name and address, recipient addresses, subject line, date, and a short body preview (up to 500 characters). Full email body text is not stored.
AI analysis results: Classification labels, summaries, extracted data, filing decisions, and document comparison artifacts generated by AI processing.
OAuth tokens: For users who connect a Gmail account, encrypted access and refresh tokens are stored to maintain the connection.
Ephemeral operational data: Rate limit counters, OTP codes, and background job state. These auto-expire and are not retained long-term.
Access and Sharing Controls
Roles
Foldly uses three access roles:
Owner
The workspace creator. Full control over files, folders, links, settings, and integrations.
Editor
An external user granted elevated access to a specific link. Editors are verified via a one-time code sent to their email. Editor verification expires after 24 hours and must be re-verified.
Uploader
An external user who uploads files through a public link. Uploaders provide their email address, which is recorded with each file for provenance tracking.
Link-Level Controls
Each shareable upload link can be configured with:
Public or dedicated access: Links can be open to anyone or restricted to specific email addresses.
Password protection: An optional access code that uploaders must enter before uploading.
Expiration dates: Links can be set to expire automatically.
Custom welcome messages: Displayed on the upload page.
Required uploader name: Optionally requires uploaders to provide their name alongside their email.
File size enforcement is applied at the workspace level based on the owner's subscription tier. For full details on link protections, see Upload Links and Access Controls.
Permission Management
Owners manage access through email-based permissions. Editors and uploaders are identified by email address. Permissions can be added, updated, or removed at any time from the dashboard.
Storage and Processing Architecture
Primary File Storage
Foldly uses a provider-agnostic storage abstraction. The default storage provider is Supabase Storage (backed by S3-compatible object storage). Google Cloud Storage is available as an alternate provider.
All uploaded and imported files are stored in private buckets. File access is mediated through signed URLs generated server-side. Files are not directly accessible via public URLs unless explicitly configured for branding assets (such as link logos).
Temporary Archive Delivery
When users download multiple files or folders as a ZIP archive, Foldly may use Cloudflare R2 to stage the archive temporarily. These temporary ZIP files are automatically deleted after 24 hours. R2 is used exclusively for this purpose and does not replace or supplement the primary file storage.
Database
Application data is stored in Supabase PostgreSQL. The database enforces row-level security (RLS) policies that scope data access by user and workspace. RLS policies are applied across all content tables to prevent cross-workspace data access at the database level.
Background Processing
Post-upload tasks (AI analysis, filing, checklist evaluation, malware scanning) run through a durable, database-backed queue. Background jobs are processed by scheduled cron workers. Failed tasks are retried with exponential backoff.
AI Processing
Foldly uses AI to classify, summarize, extract structured data from, and auto-file uploaded documents. AI processing is performed by sending file content to external AI providers via their APIs.
The current default AI provider is NVIDIA NIM. Additional providers (Google Gemini, Moonshot Kimi, Anthropic Claude) are available in the codebase and can be activated through configuration. AI requests to cloud providers other than NVIDIA are routed through the Vercel AI Gateway.
Each AI provider's own data handling and retention practices are governed by their respective terms of service and privacy policies. Foldly does not train AI models on customer data.
Hosting
The application is hosted on Vercel. Cron schedules for background workers are defined in the deployment configuration.
Gmail and Imported Email Data
Users can optionally connect a Gmail account to import historical email attachments into their Foldly workspace.
What Is Accessed
Foldly requests the gmail.readonly scope (read-only access). The data accessed includes:
Email headers: Sender name and address, recipient addresses, subject line, and date for emails that contain attachments.
Body preview: A short plain-text preview of the email body (up to 500 characters) to provide context alongside imported files.
Attachment file contents: The binary content of file attachments (PDFs, documents, images, etc.).
Message identifiers: Gmail message IDs and thread IDs, used for deduplication.
Full email body text beyond the 500-character preview is not stored.
How It Is Stored
Imported attachment files are stored in the same private storage buckets as directly uploaded files and are treated identically.
Email metadata (sender, subject, date, preview, message IDs) is stored in the database alongside the imported files.
OAuth tokens (access token and refresh token) are encrypted at rest using AES-256-GCM before being written to the database.
AI Processing of Imported Files
Imported attachments may be processed by AI for classification, summarization, data extraction, and automated filing, using the same pipeline and providers described in the AI Processing section above.
Disconnecting Gmail
You can disconnect your Gmail account at any time from the Settings page. Disconnecting deletes your stored OAuth tokens (encrypted access token, refresh token, and token expiry) from the database.
To revoke Foldly's access at the Google level, visit your Google Account permissions page.
Previously imported files and their associated metadata remain in your workspace until you explicitly delete them.
Foldly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Security Controls
Authentication
User authentication is managed by Clerk. Foldly supports email/password sign-in and magic links. Authentication tokens are handled entirely by Clerk's infrastructure.
Dashboard routes are protected by authentication middleware. Unauthenticated requests to protected routes are redirected rather than served.
Encryption
Link passwords are encrypted at rest using AES-256-GCM before being stored in the database. Link passwords are shareable access codes (not user authentication credentials), so they use two-way encryption rather than one-way hashing.
OAuth tokens (Gmail access and refresh tokens) are encrypted at rest using AES-256-GCM with a separate encryption key.
Database connections use TLS (SSL mode required).
Rate Limiting
Foldly uses Upstash Redis for distributed rate limiting across all serverless instances. Rate limits are applied to:
File uploads
Authentication-sensitive operations (OTP requests, username checks)
AI operations
Email ingestion (per workspace and per sender)
Permission management
API endpoints
Rate limiting uses a sliding window algorithm. Clients that exceed limits are temporarily blocked.
Malware Scanning
Uploaded files are scanned for malware using VirusTotal. The scanning process:
Computes a SHA-256 hash of the uploaded file.
Checks VirusTotal's database for a known hash match.
If unknown, submits the file to VirusTotal for analysis and polls for results.
Records the scan result (clean, infected, or error) on the file record.
Notifies the workspace owner if a file is flagged as potentially dangerous.
Files larger than 32 MB are not submitted to VirusTotal (VirusTotal's API size limit) and are marked as skipped.
In addition to VirusTotal, Foldly applies a content-level scanning layer during email ingestion that checks for:
MIME type and extension spoofing (magic byte verification)
Dangerous embedded content patterns (e.g., JavaScript in PDFs, macro indicators)
In production, the content scanner defaults to a closed fail mode: if the scanner encounters an infrastructure fault, the file is blocked rather than allowed through.
Upload Page Privacy
Public shareable upload pages are intentionally excluded from search engine indexing:
Upload pages carry
noindexmetadata.Upload page URLs are excluded from the sitemap.
The
robots.txtconfiguration restricts crawling of API routes, dashboard pages, and authentication pages.
This is a deliberate privacy measure to prevent upload links from being discoverable through search engines.
Input Sanitization
User inputs (usernames, email addresses, file names, folder names, URL slugs) are sanitized server-side to prevent path traversal, injection, and cross-site scripting attacks.
Row-Level Security
The PostgreSQL database uses Supabase row-level security policies to enforce workspace-scoped data isolation. Server-side tables used for background processing use restricted RLS configurations that limit authenticated client access to read-only operations.
Retention, Deletion, and Customer Control
What You Can Delete
Individual files: Deleting a file removes it from both storage and the database, including any associated AI analysis results.
Folders: Deleting a folder cascades to all contained files and subfolders. Storage cleanup is handled automatically by database triggers.
Your account: Account deletion removes or anonymizes your data, except where retention is required by law.
What Auto-Expires
Temporary ZIP downloads are deleted from Cloudflare R2 after 24 hours.
Rate limiting counters and OTP codes are ephemeral and auto-expire within minutes.
AI analysis results are retained alongside files and are deleted when the associated file is deleted.
Email metadata (sender, subject, preview) is retained as long as the associated file exists.
Disconnecting Integrations
Gmail: Disconnect from the Settings page. This deletes stored OAuth tokens. Previously imported files remain until manually deleted. To revoke access at the Google level, visit your Google Account permissions page.
Data Portability
Files can be downloaded individually or in bulk from the workspace. Bulk downloads are served as ZIP archives through the download pipeline described above.
Subprocessors
Foldly uses third-party service providers for authentication (Clerk), database and file storage (Supabase), application hosting (Vercel), AI document processing (NVIDIA NIM), email operations (Mailgun), rate limiting (Upstash Redis), and malware scanning (VirusTotal). Additional providers may be active depending on configuration.
For the full subprocessor list, data categories, and conditional providers, see Subprocessors.
Related Pages
Trust Center: Overview of all published trust documentation
Upload Links and Access Controls: Link types, roles, editor verification, and owner-configurable protections
Google Data Access and Gmail Import: Gmail integration, OAuth, imported data handling
Subprocessors: Full subprocessor list with data categories and conditional providers
Privacy Policy: Full privacy policy
Terms of Service: Terms of service
Questions
For questions about Foldly's security or data handling practices, contact [email protected].
Last updated: March 29, 2026
Last updated
Was this helpful?