Privacy Policy

Last Updated: January 15, 2026

‍

INTRODUCTION

Welcome to Folio, operated by Gudwork Inc. ("Folio," "Gudwork," "we," "us," or "our"). Folio is a platform connecting trained healthcare professionals and students with clients seeking high-quality AI training and evaluation services, including data annotation, reinforcement learning from human feedback (RLHF), and model evaluation.

This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform at folio.works and related services (collectively, the "Platform" or "Services"). By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

We take your privacy seriously and are committed to transparency about our data practices. This policy is designed to help you understand:

What information we collect and why
How we use and share your information
Your rights and choices regarding your information
How we protect your information

DEFINITIONS

Unless otherwise stated, defined terms used in this Privacy Policy have the meanings associated with them in our Terms of Service.

"Personal Data" refers to any information associated with an identified or identifiable individual, including data you provide to us and data we collect about you during your interaction with our Services.

"Provider" refers to healthcare professionals, medical students, and other qualified individuals who create accounts to perform AI training and evaluation work through the Platform.

"Client" refers to organizations that use our Platform to access Provider services for AI training and evaluation projects.

"Services" refers to our platform, websites, tools, data, documentation, and other applications we provide.

INFORMATION WE COLLECT

1. Information You Provide to Us

Account Information

When you create an account, we collect:

Name, email address, and password
Phone number (optional)
Professional credentials and qualifications (for Providers)
Organization details (for Clients)

Profile Information

Providers may provide additional information including:

Educational background and degrees
Medical specialties and areas of expertise
Work experience and professional history
Licenses, certifications, and credentials
Resume, CV, or other documents
Professional interests and skills

Verification Information

To maintain Platform security and quality, we collect identity verification information including:

Government-issued identification documents
Professional licenses and certifications
Educational transcripts or diplomas
Address verification documents

We may use secure third-party verification services to validate your identity and credentials. These vendors use encrypted data transmission and are contractually obligated to protect your information.

Payment and Billing Information

We collect information necessary to process payments, although we do not directly store your payment card information. Our payment processor, Stripe, collects and processes payment information in accordance with their privacy policy. Stripe may collect:

Banking information for direct deposits (for Providers)
Billing addresses
Tax identification information (W-9/W-8 forms)
Transaction history and payment records

Project and Work Information

When you work on projects through the Platform, we collect:

Work product, annotations, and evaluations you create
Communications with other Users through the Platform
Feedback, ratings, and reviews
Project proposals and applications

Communications

We collect information when you:

Contact our support team
Participate in surveys or provide feedback
Communicate with other Users through Platform messaging
Engage with our chatbots or virtual assistants

2. Information We Collect Automatically

Device and Usage Information

When you access our Platform, we automatically collect:

IP address and approximate location
Device type, operating system, and browser type
Unique device identifiers
Pages viewed, links clicked, and navigation patterns
Access times and dates
Referring URLs and pages visited before coming to our Platform

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to:

Remember your preferences and settings
Understand how you use our Platform
Improve Platform performance and user experience
Deliver relevant content and advertisements

Cookies are small data files stored on your device. You can control cookies through your browser settings, though disabling cookies may affect Platform functionality.

3. Information From Third Parties

We may receive information about you from:

Identity verification services that validate your credentials
Professional licensing boards and databases
Educational institutions (if you provide consent)
Background check services (where permitted by law)
Payment processors regarding transaction status
Public databases and professional directories

HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

Platform Operations

Provide, maintain, and improve our Services
Create and manage your account
Facilitate connections between Providers and Clients
Process payments and manage billing
Enable communication between Users
Deliver project materials and work product

Quality and Trust

Verify identities and credentials
Ensure quality of services provided through the Platform
Prevent fraud, abuse, and security incidents
Enforce our Terms of Service and policies
Conduct background checks where permitted

Personalization and Improvement

Personalize your experience on the Platform
Match Providers with relevant opportunities
Recommend projects and services
Analyze usage patterns and trends
Conduct research and development
Test and improve Platform features

Communications

Send transactional emails (account notifications, payment confirmations)
Provide customer support
Send service announcements and updates
Send marketing communications (with your consent)
Notify you of relevant opportunities or Platform changes

Legal and Compliance

Comply with legal obligations and respond to lawful requests
Enforce contracts and resolve disputes
Protect rights, property, and safety
Meet tax and financial reporting requirements

HOW WE SHARE YOUR INFORMATION

We share personal information in the following circumstances:

With Other Users

Provider Information Shared with Clients:

Name and professional credentials
Educational background and specialties
Work history and experience
Skills and areas of expertise
Ratings, reviews, and feedback
Work product created during projects

Client Information Shared with Providers:

Organization name and description
Project requirements and specifications
Communication and feedback

Note: Providers control what information they make visible to Clients through their profile settings.

With Service Providers

We share information with third-party vendors who perform services on our behalf, including:

Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud)
Payment processors (Stripe)
Identity verification services
Email and communication services
Analytics and data analysis providers
Customer support and chatbot services
Security and fraud prevention services

These service providers are contractually obligated to use your information only for the purposes of providing services to us and to protect your information.

For Legal Reasons

We may share information to:

Comply with laws, regulations, and legal processes
Respond to lawful requests from government authorities
Enforce our Terms of Service and other agreements
Protect the rights, property, and safety of Folio, our users, and the public
Investigate and prevent fraud, security incidents, and illegal activity

Business Transfers

If Folio is involved in a merger, acquisition, sale of assets, financing, or bankruptcy proceedings, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Platform before your information becomes subject to a different privacy policy.

With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

Aggregated and De-identified Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you. This may include industry trends, usage statistics, and research insights.

DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specifically:

Account information is retained while your account is active and for a reasonable period after deactivation
Payment and tax records are retained as required by financial regulations (typically 7 years)
Work product may be retained as necessary to fulfill client obligations
Communications and support records are retained for customer service purposes
Verification documents are retained for compliance purposes

‍

After the retention period, we will delete or anonymize your information. We may retain certain information in backup systems for a limited additional period.

YOUR RIGHTS AND CHOICES

Account Information

You may update, correct, or modify your account information at any time by logging into your account or contacting us at support@folio.works.

Profile Visibility

Providers can control what information is visible to Clients through their profile privacy settings. You can choose to make your profile private or control which elements are displayed.

Marketing Communications

You may opt out of receiving promotional emails by following the unsubscribe instructions in those emails or by updating your communication preferences in your account settings. Note that we will still send you transactional and service-related communications.

Cookies

Most web browsers accept cookies by default. You can usually adjust your browser settings to remove or reject cookies. Note that disabling cookies may affect the functionality of our Platform.

Access, Correction, and Deletion

You have the right to:

Access your personal information
Correct inaccurate information
Request deletion of your information
Request a copy of your information
Object to certain processing activities

To exercise these rights, please contact us at support@folio.works. We will respond to your request within 30 days. Note that we may need to retain certain information for legal or business purposes.

Account Deactivation

You may deactivate your account at any time by contacting support@folio.works. Upon deactivation, your profile will no longer be visible to other Users, though we may retain certain information as described in the Data Retention section.

STATE-SPECIFIC PRIVACY RIGHTS

California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect, use, and share
Right to request deletion of your personal information
Right to opt out of the "sale" of personal information (Note: We do not sell personal information)
Right to non-discrimination for exercising your privacy rights

‍

To exercise these rights, contact us at privacy@folio.works or call us at [phone number]. We will verify your identity before processing your request.

European Union and United Kingdom Residents

If you are located in the EU or UK, you have rights under the General Data Protection Regulation (GDPR), including:

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

For questions about our GDPR compliance or to exercise your rights, contact our Data Protection Officer at dpo@folio.works.

SECURITY

We take the security of your personal information seriously and implement organizational, technical, and administrative measures designed to protect your data from unauthorized access, destruction, loss, alteration, or misuse.

Our security measures include:

Encryption of data in transit and at rest
Secure cloud hosting with industry-leading providers
Regular security audits and penetration testing
Access controls and authentication requirements
Employee training on data protection
Incident response and breach notification procedures

However, no data transmission or storage system can be guaranteed to be 100% secure. We encourage you to protect your account by using a strong password, not sharing your login credentials, and logging out when finished.

If you suspect that your account security has been compromised, please notify us immediately at security@folio.works.

INTERNATIONAL DATA TRANSFERS

Folio is based in the United States, and we process and store information in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that are different from the laws of your country. By using our Services, you consent to the transfer of your information to the United States and other countries.

For users in the European Union and United Kingdom, we implement appropriate safeguards for international transfers, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions where applicable
Other lawful transfer mechanisms as permitted by GDPR

THIRD-PARTY LINKS AND SERVICES

Our Platform may contain links to third-party websites, applications, or services that are not owned or controlled by Folio. This Privacy Policy does not apply to those third-party services.

We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services before providing them with your information.

CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@folio.works, and we will take steps to delete such information.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

If we make minor changes that do not materially affect your rights, we will post the updated policy on our Platform and update the "Last Updated" date at the top.

If we make material changes that significantly affect your rights or how we use your information, we will notify you by:

Sending an email to the address associated with your account
Displaying a prominent notice on the Platform
Requiring you to accept the new policy before continuing to use our Services

‍

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Gudwork Inc. (Folio)

Email: privacy@folio.works

Support: support@folio.works

Data Protection Officer: dpo@folio.works

Security: security@folio.works

For California residents exercising CCPA rights or EU/UK residents exercising GDPR rights, please use the email addresses above and specify the nature of your request.

‍