Privacy Policy

Last updated: July 2026 · see note below

Who we are

Colophon is built by the Functional Intelligence Research Lab (FIRL). For any privacy question or request, contact hello@firl.nl.

What we collect

  • Waitlist & newsletter signups: email address, and — for the Colophon waitlist specifically — your name, organisation name, and role (teacher, researcher, other).
  • Account data, if you sign in with Google: your Google account ID, email, name, and avatar; your role and organisation; and the OAuth access/refresh tokens needed to keep you signed in and to read Google Docs/Classroom content you explicitly connect. A minor flag and consent timestamp are recorded for users under 16.
  • Course & assignment context a signed-in teacher sets up (course names, assignment metadata) — used to organise dashboards, not to read your documents outside what you explicitly share.
  • TWFF session files you choose to save while signed in — stored so you can reopen them later. If you use the public viewer at /viewer without an account, nothing is uploaded: the file is parsed entirely in your browser.
  • Billing for institutional subscriptions is handled by Stripe; we store a subscription reference, not your card details.

What we don't collect

The Chrome extension records locally on your device and only transmits data if you explicitly choose to upload or export. It does not capture keystrokes or full document text — see the extension's own privacy notes for exactly what each event type records.

Why we use it

To provide the product (dashboards, saved sessions, course context), to run the waitlist and beta program, to respond to support requests, and — only if you opt in — to send product updates.

Retention

Data is stored in the EU. Default retention is 2 years, configurable per organisation, and you can request erasure at any time by emailing hello@firl.nl.

Users under 16

Accounts for users under 16 require explicit parental consent, recorded at signup. Data from under-16 users is excluded from all research exports unless it has been fully anonymised first.

Third parties

We use Google for sign-in and Docs/Classroom integration, and Stripe for institutional billing. Each only receives what it needs to perform that function — we don't sell or share data for advertising.

Your rights

You can request access to, correction of, or erasure of your data, and you can export your own TWFF files at any time. Contact hello@firl.nl for any of these requests.

Changes to this policy

If we make a material change, we'll update the date at the top of this page.