Trust Centre
Security, privacy, and AI ethics, built in from the start.
Folktale is designed for organisations that work with community data. That means security, consent, and AI transparency are not features - they are foundations.
Data Security
- Hosted on AWS (eu-west-1, us-east-1, ap-southeast-2 available)
- Data encrypted at rest (AES-256) and in transit (TLS 1.3)
- PCI compliance via Stripe - no card data on Folktale servers
- Audit logging for all billing, access, and admin events
- SOC 2 Type I certified
Privacy & Consent
- Built-in consent management on every campaign
- Participants control their data: view, redact, withdraw
- 12-month data retention on subscription lapse, then scheduled deletion per disposal policy
- Full Privacy Policy at folktale.io/privacy-policy
AI Transparency
Aug 2026- Choose which AI provider processes your organisation's data: Anthropic, OpenAI, Microsoft Copilot, or Gemini
- No model training on community data - contractually enforced with all providers
- Per-campaign AI opt-out for sensitive contexts
- Full processing log per response for audit
Access Control
- Role-based access control at campaign and workspace level
- Two-factor authentication on all paid plans
- Single sign-on via Okta Aug 2026
- Enterprise multi-workspace governance Aug 2026
Reviewing Folktale for your organisation?
Book a 30-minute security review with our team, or download the full security overview to share with your IT and procurement leads.