How Farol handles your data — no jargon, no vague promises.
Run metadata — agent name, status, duration, token counts, cost, and errors. That’s it. We do not store your prompts, LLM responses, or any content from your agent unless you explicitly enable optional capture (for example captureIo: true on the Node.js trace() helper, or OTLP attributes that include prompt text).
By default, Farol only tracks metadata. To store prompt inputs and outputs you must opt in (for example captureIo: true in Node trace() options, with span.input / span.output set). The published Python farol-sdk does not send prompt bodies. When capture is on, values are truncated at 50,000 characters. Never enable this for sensitive or regulated data.
All data is encrypted in transit using TLS 1.3. Data at rest is encrypted using AES-256 via Supabase’s managed infrastructure. Your API keys are never stored in plain text.
Farol runs on Supabase hosted in AWS eu-west-3 (Paris, France). Your data never leaves the European Union. We do not transfer data to third-party analytics or advertising services.
Row-level security (RLS) is enforced on every database table. Your runs, traces, and settings are completely isolated from other users — even at the database level. Farol staff cannot query your data without direct database access.
Go to Account settings → Danger Zone → Delete account. All your runs, traces, spans, API keys, and settings are permanently deleted within 24 hours. No backups retained. This action is irreversible.
Farol is operated from the European Union and stores all data in EU infrastructure. As a user you have the right to access, correct, and delete your personal data at any time. To exercise these rights, delete your account from settings or contact support@usefarol.dev. See our full Privacy Policy for details.