Privacy Policy

Last Updated: July 12, 2024

FRAIA ApS ("FRAIA", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SynergyHub platform and related services (collectively, the "Service").

1. Our Roles Under GDPR

We operate in two distinct roles under the General Data Protection Regulation (GDPR), and it is crucial to understand this distinction:

• Data Controller: When we process personal data for our own purposes—such as your account information (name, email), billing details, and information about how you use our website and services—we are the Data Controller.
• Data Processor: When you use our Service to process personal data that you control (for example, information about your own clients, patients, or employees that you provide as "Input"), you are the Data Controller, and we are the Data Processor. We process this data solely on your behalf and according to your instructions, as governed by our Data Processing Addendum (DPA).

2. Information We Collect

2.1. Information We Collect as a Data Controller

• Account Information: When you register for an account, we collect your name, email address, company name, and password.
• Billing Information: To process payments, we collect payment details, which are handled by our secure third-party payment processor.
• Usage Information: We collect metadata about how you use our Service, such as features used and system activity logs. This data is primarily used for security and operational integrity.
• Communications: If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message, and any other information you may choose to provide.

2.2. Information We Process as a Data Processor

• Your Content (Input and Output): We process the content you provide to the Service (Input) and the content generated by the Service in response (Output). This data is processed exclusively to provide the Service to you and is treated as highly confidential. You are the Data Controller for this information.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our Service.
• To process your transactions and manage your account.
• To communicate with you, including for customer service and to send you updates about the Service.
• To improve our Service by analyzing anonymized and aggregated usage patterns.
• To ensure the security and integrity of our Service, prevent fraud, and enforce our terms.

A Core Commitment: We do not use your personal data, Input, or Output to train our or any third-party AI models.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with third parties in the following limited circumstances:

• Sub-processors: We engage a limited number of third-party vendors (sub-processors) to help us provide the Service, such as data hosting providers. These sub-processors are carefully vetted, bound by strict data processing agreements, and are only permitted to process data on our behalf.
• Legal Compliance: We may disclose information if required to do so by law or in response to valid requests by public authorities.

5. Data Security and International Transfers

5.1. Security by Design

We implement robust technical and organizational security measures designed to protect your information. These include end-to-end encryption, strict access controls based on the principle of least privilege, and secure infrastructure. Our platform is built with "Security by Design" as a core principle.

5.2. Data Residency

All personal data is processed and stored exclusively within the European Union (EU) or European Economic Area (EEA). We do not transfer your personal data outside of the EU/EEA. Non-personal data, such as truly anonymized data or development code without personal identifiers, may be accessed outside the EU/EEA for operational purposes.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.

• As Data Controller: We retain your account information for as long as your account is active and as required by law (e.g., for financial records).
• As Data Processor: We retain the data you process through our Service according to the instructions in our Data Processing Addendum (DPA) and your service agreement. This may include temporary retention for quality assurance followed by secure, automatic deletion.

7. Your Data Protection Rights (GDPR)

You have the following rights regarding your personal data:

• The right to access, update, or delete the information we have on you.
• The right of rectification.
• The right to object to processing.
• The right of restriction.
• The right to data portability.
• The right to withdraw consent.

To exercise these rights for data where we are the Data Controller, please contact us at dpo@fraia.ai. If your request concerns data for which we are a Data Processor, we will forward your request to the relevant Data Controller (our customer).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and analyze our website. For more detailed information, please see our Cookie Policy.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact our Data Protection Officer at:

Email: dpo@fraia.ai
Or visit our Contact Page.