Privacy Policy
Last updated: July 2026 · see note below
Who we are
Colophon is built by the Functional Intelligence Research Lab (FIRL). For any privacy question or request, contact hello@firl.nl.
What we collect
- Waitlist & newsletter signups: email address, and — for the Colophon waitlist specifically — your name, organisation name, and role (teacher, researcher, other).
- Account data, if you sign in with Google: your Google account ID,
email, name, and avatar; your role and organisation; and the OAuth access/refresh
tokens needed to keep you signed in and to read Google Docs/Classroom content you
explicitly connect. A
minorflag and consent timestamp are recorded for users under 16. - Course & assignment context a signed-in teacher sets up (course names, assignment metadata) — used to organise dashboards, not to read your documents outside what you explicitly share.
- TWFF session files you choose to save while signed in — stored so
you can reopen them later. If you use the public viewer at
/viewerwithout an account, nothing is uploaded: the file is parsed entirely in your browser. - Billing for institutional subscriptions is handled by Stripe; we store a subscription reference, not your card details.
What we don't collect
The Chrome extension records locally on your device and only transmits data if you explicitly choose to upload or export. It does not capture keystrokes or full document text — see the extension's own privacy notes for exactly what each event type records.
Why we use it
To provide the product (dashboards, saved sessions, course context), to run the waitlist and beta program, to respond to support requests, and — only if you opt in — to send product updates.
Retention
Data is stored in the EU. Default retention is 2 years, configurable per organisation, and you can request erasure at any time by emailing hello@firl.nl.
Users under 16
Accounts for users under 16 require explicit parental consent, recorded at signup. Data from under-16 users is excluded from all research exports unless it has been fully anonymised first.
Third parties
We use Google for sign-in and Docs/Classroom integration, and Stripe for institutional billing. Each only receives what it needs to perform that function — we don't sell or share data for advertising.
Your rights
You can request access to, correction of, or erasure of your data, and you can export your own TWFF files at any time. Contact hello@firl.nl for any of these requests.
Changes to this policy
If we make a material change, we'll update the date at the top of this page.