FloydLabs

Privacy Policy

The short version: we don’t want your data, we don’t sell your data, and most of the time we don’t even keep your data.

Last updated: May 4, 2026

TL;DR (the part nobody reads)

  • • We collect the minimum data needed to make the site work.
  • • We don’t sell, rent, lease, trade, gift, or barter your data. Ever.
  • • We don’t run ad networks, retargeting pixels, or behavioral profiling.
  • • If you sign in with Google, we get your email and name. That’s it.
  • • If you submit a contact form, we keep what you typed so we can reply.
  • • If you use our MCP API, we log calls so we can debug and rate-limit.
  • • You can email us and we’ll delete everything we have on you. No drama.

What We Collect

Account Information

If you create an account or sign in with Google, we store your email address, display name, and (for Google sign-in) your Google account ID. Passwords are hashed with bcrypt — we couldn’t read them if we wanted to.

Contact Form Submissions

Whatever you put in the contact form (name, email, subject, message) gets stored so we can read it and reply. We don’t use it for marketing because we don’t do marketing.

API & MCP Usage

If you use our MCP server or generate an API key, we log: which tool you called, when, how long it took, whether it succeeded, and basic token counts. We do this for rate-limiting, debugging, and capacity planning. We don’t look at your inputs or outputs unless you ask us to help debug something.

Server Logs

Like every website on Earth, our hosting provider keeps short-term logs of IP addresses, user agents, and request paths for security and abuse prevention. These rotate quickly and aren’t tied to your account.

What We Do NOT Collect

  • ❌ Your contacts, calendar, files, photos, or location.
  • ❌ Behavioral profiles for ad targeting.
  • ❌ Biometric data, voice recordings, or face scans.
  • ❌ Cross-site tracking via third-party cookies or pixels.
  • ❌ Data brokers’ data on you. We don’t buy it. Ever.

Cookies & Local Storage

We use cookies for two boring reasons:

  • Session cookies — to keep you signed in after you sign in. Set by NextAuth.
  • Theme preference — to remember if you picked dark or light mode. Stored in your browser, never sent to us.

Google Analytics is enabled in production for basic traffic stats (pageviews, referrers, country-level location). It uses Google’s cookies. If you don’t want it, browser-level Do Not Track + an ad blocker handle it.

Third Parties We Use

We try to keep the dependency list short. Currently:

  • Vercel — hosts the site and handles deployment.
  • Neon — hosts the Postgres database.
  • Google — if you choose to sign in with Google.
  • Google Analytics — anonymous traffic stats.
  • An LLM API provider — powers the MCP tool execution. Inputs you send to MCP tools pass through this provider to be processed. We don’t train models on your data.

That’s the whole list. No analytics swarms, no session-replay creeps, no chat widgets that screenshot your page.

Your Rights

Wherever you live, you can:

  • Ask what data we have on you.
  • Correct anything that’s wrong.
  • Delete your account and everything tied to it.
  • Export your data in a portable format.
  • Opt out of any non-essential collection.

Email us via the contact page. We respond within a reasonable amount of time, which usually means days, not weeks.

Children’s Privacy

This site isn’t directed at kids under 13 and we don’t knowingly collect data from them. If a kid signed up, email us and we’ll nuke the account.

Changes to This Policy

If we change anything material, we’ll bump the “Last updated” date at the top and try to be loud about it. We’re not going to slip new tracking in via a 47-page legalese update at midnight on a holiday.

Questions?

Hit the contact form. A real human reads it.

Get in Touch →