FolioPDF

Legal

Privacy Policy

Last updated April 1, 2026

This Privacy Policy describes how FolioPDF ("we", "us", or "our") collects, uses, and shares information about you when you use our website and services.

Information we collect

When a HubSpot administrator installs FolioPDF, we receive an OAuth access token from HubSpot that lets the FolioPDF service read records (deals, contacts, companies, line items) only at the moment your team clicks Generate. We also receive your HubSpot account ID and the email address of the user who installed FolioPDF.

For paid plans, billing details (name, email, payment method) are collected and processed by Paddle, our merchant of record (see Sub-processors below). FolioPDF receives a transaction ID and subscription state from Paddle but does not see card details.

How we use information

We use information to provide, maintain, and improve the FolioPDF service, to communicate with you, and to comply with legal obligations. We do not sell your personal information. We do not use customer data to train machine learning models.

What we store on our servers

See What we do with your data for the plain-language version. The technical summary:

  • OAuth access and refresh tokens, encrypted at rest with AES-256-GCM, used only to read CRM data on demand
  • Branding settings (logo URL, theme, brand color, company name, folder path)
  • A small cache of your CRM property metadata — names and types of properties, never values
  • An audit log of which PDFs were generated (template, object type, record ID, timestamp, status), retained for the lifetime of your account
  • Plan tier, monthly usage counter, billing cycle dates

We do not retain the values of your CRM properties, the contents of generated PDFs (those live in your HubSpot Files library), or any list of your end customers.

Data retention and deletion

Branding settings, document metadata, and audit log entries are retained for the lifetime of your account. Uninstalling FolioPDF from HubSpot revokes our OAuth tokens immediately so we can no longer read your CRM. To request deletion of the metadata we retain, email privacy@foliopdf.dev with your HubSpot account ID; we will purge your data within 30 days.

Security

Data is encrypted in transit with TLS 1.2+ and at rest. OAuth tokens are encrypted with AES-256-GCM using keys held outside the database. Access to production systems is limited to authorized personnel and audited.

Sub-processors

FolioPDF uses the following sub-processors:

  • HubSpot, Inc. — source of all CRM data we process; data resides in your HubSpot account
  • Paddle.com Market Limited — merchant of record for paid subscriptions; processes billing details and tax
  • Hosting provider — runs the FolioPDF backend service and Postgres database
  • Redis Cloud — caches OAuth state and CRM property metadata

The hosting provider's name will be inserted before launch. Contact us if you need the current list before then.

Your rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to access, correct, delete, or export your personal information. To exercise these rights, contact us at privacy@foliopdf.dev.

Contact

Questions about this policy? Email privacy@foliopdf.dev.

This page covers what FolioPDF actually collects, processes, and retains today. Final review by your legal counsel is recommended before public marketplace listing.