ferrule

Privacy Policy

Effective date: April 21, 2026

Ferrule ("we", "us", "our") operates a multi-tenant dual-protocol gateway (MCP + REST) that connects your third-party service accounts to AI assistants and HTTP-capable clients, together with a platform layer for stored prompts, role-based access control, and audit logging. This Privacy Policy describes what data we collect, how we use it, the legal bases for processing, and your rights.

1. Definitions

  • Service — the Ferrule application, dashboard, APIs (MCP and REST), and supporting infrastructure operated at ferrule.io and app.ferrule.io.
  • Personal Data — information that identifies or can reasonably be linked to an identifiable individual.
  • Usage Data — information collected automatically as you use the Service (for example, IP addresses, user-agent strings, timestamps, and request metadata).
  • Third-Party Data — data returned to the Service by connected integrations (e.g., records from QuickBooks or Google Drive) in response to a tool call.
  • Controller / Processor — under the GDPR and similar laws, Ferrule is the Controller of account and Usage Data, and acts as a Processor for Third-Party Data handled on your behalf.

2. Information We Collect

2.1 Account Information

When you create a Ferrule account, we collect your email address and a hashed password. If you enable multi-factor authentication, we store TOTP secrets and/or WebAuthn credential identifiers. If you create or join an organization, we collect the organization name and your role within it.

2.2 OAuth Tokens

When you connect a third-party integration (e.g., PracticePanther, Lawmatics, Zoom Phone, Zoom Users, CallRail, QuickBooks Online, Slack, Google Search Console, Google Analytics, Notion, Google Drive, Google Calendar, Google Docs, Google Sheets, Box), we store the OAuth access and refresh tokens required to call those APIs on your behalf. All tokens are encrypted at rest using AES-256-GCM. Tokens are never logged or exposed in plaintext.

2.3 API Keys

If you generate a Ferrule API key for programmatic access, we store a SHA-256 hash of the key. The plaintext key is shown once at creation and is never stored.

2.4 Stored Prompts and Role Definitions

If you use the platform layer, we store the prompts, role definitions, and other configuration that you or your organization members create. Stored prompts are associated with your organization and are visible to members of that organization according to the roles you assign.

2.5 Usage Data and Audit Log

As you use the Service, we automatically collect Usage Data including IP addresses, user-agent strings, request timestamps, tool-call metadata, and similar signals. The Service's audit log records authentication events, tool calls, and configuration changes along with the actor, timestamp, category, IP address, and relevant metadata. Usage Data and audit log entries are used to operate, secure, and debug the Service and to provide organization administrators visibility into activity within their organization.

2.6 Third-Party Data Accessed via Integrations

Ferrule acts as a pass-through gateway. When an AI assistant or REST client calls a tool through Ferrule, we forward the request to the connected service and return the response. We do not persist, index, or cache the data returned by third-party APIs beyond the duration of the request.

2.7 Website Analytics (ferrule.io)

The ferrule.io marketing site uses Google Analytics 4 with Google Consent Mode v2. Until you accept the cookie banner, the analytics_storage, ad_storage, ad_user_data, and ad_personalization signals are all set to denied. In that state, Google Analytics receives only anonymous, cookieless pings — no _ga cookie is written and no persistent identifier is stored. If you accept the banner, we store a ferrule-consent=accepted cookie and Google Analytics switches to full measurement with the _ga and _ga_* cookies. If you decline, we store a ferrule-consent=declined cookie and Google Analytics remains in cookieless mode. You can change your choice at any time by clearing the ferrule-consent cookie in your browser.

2.8 Sensitive Data and Children

We do not intentionally collect special categories of sensitive personal data (such as health, biometric, or precise location data) through the Service. The Service is not directed to children under 18 and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.

3. QuickBooks Online Integration

The Ferrule QuickBooks Online integration provides read-only access through 67 tools covering find, get, and report operations. These tools access data including but not limited to:

  • Invoices, estimates, sales receipts, and credit memos
  • Customers, vendors, and employees
  • Bills, bill payments, and purchase orders
  • Payments and payment methods
  • Accounts, items, and tax codes
  • Journal entries, deposits, and transfers
  • Financial reports (profit & loss, balance sheet, etc.)
  • Company information and preferences

No create, update, or delete operations are performed. Ferrule does not modify your QuickBooks data.

4. Google API Integrations

Ferrule integrates with the following Google services via OAuth:

  • Google Search Console — Ferrule accesses your Search Console data (search queries, impressions, clicks, indexing status, and site performance metrics) to surface this information through AI assistant tools.
  • Google Analytics (GA4) — Ferrule accesses your Analytics data (page views, sessions, user metrics, traffic sources, and event data) to surface this information through AI assistant tools.
  • Google Drive — Ferrule accesses your Drive data (file metadata, folder structure, file content, shared drive information) and can upload files, create folders, and move or rename files on your behalf.
  • Google Calendar — Ferrule accesses your Calendar data (events, calendars, attendees, scheduling information) and can create events on your behalf.
  • Google Docs — Ferrule accesses your Docs data (document content, text, formatting) and can create and edit documents, insert text, and update styles on your behalf.
  • Google Sheets — Ferrule accesses your Sheets data (spreadsheet values, cell ranges, sheet metadata) and can create spreadsheets, update values, and append data on your behalf.

Google Drive, Google Calendar, Google Docs, and Google Sheets are personal-scope integrations — they access data associated with the authenticated user's Google account only, not organization-wide data.

Ferrule accesses Google user data only to provide and improve the Ferrule gateway service. Ferrule does not use Google user data for any other purpose, and specifically does not use it to develop, improve, or train generalized artificial intelligence or machine learning models. Ferrule acts as a pass-through and does not persist, cache, or store data returned by Google APIs beyond the duration of the request.

Ferrule's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

5. Box Integration

Ferrule integrates with Box via OAuth. Ferrule accesses your Box account data including:

  • Files, folders, file metadata, collaborations and shared links, tasks, comments, file versions
  • Write operations: uploading files, creating folders, managing collaborations, creating tasks and comments

Box is a personal-scope integration — it accesses data associated with the authenticated user's Box account only.

Ferrule acts as a pass-through and does not persist, cache, or store data returned by the Box API beyond the duration of the request.

6. How We Use Your Information

  • To authenticate you and manage your account and organization
  • To forward API requests to connected third-party services on your behalf
  • To refresh expired OAuth tokens so integrations remain connected
  • To enforce organization-scoped data isolation and role-based access control
  • To operate, secure, monitor, and debug the Service and detect abuse
  • To maintain the audit log and provide administrators visibility into activity within their organization
  • To communicate with you about the Service, as described in the Terms of Service
  • To comply with legal obligations and enforce our Terms

7. Legal Bases for Processing (EU/UK/EEA)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Contract— processing necessary to provide the Service you've signed up for (account management, tool call forwarding, token refresh).
  • Legitimate interest — security monitoring, abuse prevention, audit logging, and service improvement, where those interests are not overridden by your rights.
  • Consent — non-essential cookies on the marketing site and any optional marketing communications. You may withdraw consent at any time.
  • Legal obligation — where processing is required to comply with applicable law.

8. Data Sharing and Service Providers

We do not sell or rent your personal information or Third-Party Data. Data retrieved through Ferrule is only sent to the AI assistant or client that initiated the request through your authenticated session or API key.

We share limited personal data with vetted service providers that help us operate the Service, including cloud infrastructure, database hosting, email delivery, and error monitoring providers. These providers are bound by contract to use the data only to provide services to Ferrule and to maintain appropriate security controls. A current list of sub-processors is available on request from [email protected].

We may also disclose information if required by law, to comply with a valid legal process, to protect the rights, property, or safety of Ferrule, our users, or the public, or in connection with a merger, acquisition, or sale of assets — in which case we will take reasonable steps to ensure your data remains protected.

We do not transfer or disclose Google user data to third parties for purposes other than providing the Ferrule service. Specifically, Google user data is never used for:

  • Targeted, personalized, retargeted, or interest-based advertising
  • Selling to data brokers or information resellers
  • Determining credit-worthiness or for lending purposes
  • Building databases unrelated to the Ferrule service
  • Training AI or machine learning models

9. International Data Transfers

Ferrule is operated from the United States and processes personal data there. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. Where required by applicable law (including the GDPR), we rely on appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses with our service providers.

10. Data Security

  • OAuth tokens are encrypted at rest with AES-256-GCM using a dedicated encryption key
  • Passwords are hashed and never stored in plaintext
  • API keys are stored as SHA-256 hashes
  • Multi-factor authentication (TOTP and WebAuthn) is supported and required for dashboard access
  • All connections use TLS encryption in transit
  • Role-based access control limits what each organization member can see and do
  • The audit log preserves a tamper-evident record of activity within each organization

No system can be guaranteed 100% secure. If a security incident affects your personal data, we will notify you and the appropriate regulators without undue delay in accordance with applicable law (and in any case within 72 hours where required by the GDPR).

11. Data Retention and Deletion

We retain your personal information only for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account data — retained for the duration of your active account and deleted when you delete your account.
  • OAuth tokens — deleted immediately when you disconnect an integration or delete your account.
  • Stored prompts and role definitions — retained while your organization exists; deleted when you or an administrator deletes them or when the organization is deleted.
  • Audit log and Usage Data — retained for up to 12 months to support security, debugging, and administrative review, then deleted or anonymized except where longer retention is required by law.
  • Third-Party API data (including Google user data) — not persisted; exists only in memory for the duration of each request.
  • Backups — encrypted backups may retain data for a commercially reasonable period before being rotated out.

If you delete your account, all associated data (account information, integrations, API keys, stored prompts, role definitions) is permanently removed, subject to the retention periods above. You may request deletion of your data at any time by contacting [email protected].

12. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete personal data
  • Deletion — request that we delete your personal data
  • Portability — request a machine-readable copy of data you have provided to us
  • Restriction — request that we restrict processing of your personal data
  • Objection — object to our processing of your personal data (including processing based on legitimate interest)
  • Withdraw consent — where processing is based on consent, withdraw that consent at any time
  • Lodge a complaint — with your local data protection authority if you believe your rights have not been respected

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before responding and will respond within 30 days (or inform you of any extension required to do so).

13. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with specific rights regarding your personal information, including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of the "sale" or "sharing" of personal information as defined under that law. Ferrule does not sell or share your personal information for cross-context behavioral advertising or otherwise. To exercise your California rights, contact [email protected]. You may designate an authorized agent to make a request on your behalf, and we will not discriminate against you for exercising any of these rights.

14. Do Not Track

The marketing site at ferrule.io respects the Global Privacy Control (GPC) signal where applicable. In addition, because we do not sell or share personal information, the distinctions Do Not Track signals were designed to express do not apply to our processing. See Section 2.7 for details on how analytics cookies are controlled through our consent banner.

15. Automated Decision-Making

Ferrule does not make decisions that produce legal or similarly significant effects about you based solely on automated processing.

16. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the "Effective date" above.

18. Contact

If you have questions about this Privacy Policy or wish to exercise any right under it, contact us at [email protected].