Privacy Policy

Frikshin ("Frikshin", "we", "us", "our") is operated by Bruce Miklós Salamon, entrepreneur individuel, SIRET À PRÉCISER, domicilié au 15 Rue de la République, 77590 Bois-le-Roi, France.

If you have questions about this policy or your data, contact us at: hello@frikshin.com.

Bruce Miklós Salamon is the data controller for your personal information within the meaning of the GDPR.

This Privacy Policy explains what personal data we collect when you use Frikshin (the "Service"), why we collect it, how we use it, who we share it with, and what rights you have over it. Please read this alongside our Terms and Conditions.

3.1 Account Data — When you create an account, we collect: Email address; Name (if provided via Google sign-in); Authentication method (email/password or Google OAuth); Account creation date and last login.

3.2 Journal & App Data — When you use the Service, we collect and store: Friction journal entries (situations, notes, outcomes); Situation tags and categories; Green/red outcome resolutions; Wins tracker entries; Personal context profile (information you voluntarily provide to personalise your experience); AI analysis requests you submit and the analysis responses returned.

3.3 Usage Data — We automatically collect limited technical data: IP address (for security and fraud prevention); Browser type and operating system; Pages visited and features used within the Service; Timestamps of activity.

3.4 Payment Data (Paid Plans) — When you subscribe to a paid plan, payment is handled by our payment processor (to be confirmed). We do not store full card details. We retain records of transaction amounts, dates, and subscription status.

3.5 API Key Data (BYOK) — If you choose to provide your own Anthropic API key, it is stored encrypted in our database and is never logged or transmitted except to the Anthropic API on your behalf. We treat it with the same care as a password.

We use your data to:

• Provide the Service — store your journal entries and make them accessible to you
• Generate AI analysis — transmit your submitted journal content to Anthropic's API to produce frameworks, actions, and confidence scores
• Personalise your experience — use your personal context profile to tailor AI responses
• Improve the Service — analyse aggregated, anonymised usage patterns to identify bugs and improve features
• Communicate with you — send account-related emails (password resets, billing receipts) and, with your consent, product updates
• Ensure security — detect and prevent fraud, abuse, and unauthorised access

We do not use your journal entries or personal data to train AI models — ours or anyone else's. Your data is never sold to third parties.

Frikshin uses the Anthropic Claude API to generate AI analysis of journal entries you choose to submit for analysis. When you request AI analysis:

• The journal entry content you submit is sent to Anthropic's servers for processing
• Anthropic processes this data as a sub-processor under a Data Processing Agreement with us
• Anthropic's API does not use submitted data to train its models (subject to Anthropic's API usage policy)
• AI analysis results are stored in your account and visible only to you

If you are using the BYOK (Bring Your Own Key) feature, your data is processed under your own Anthropic API account, and Anthropic's terms apply directly to that usage.

We do not sell your data. We share data only with the following sub-processors, each under a Data Processing Agreement:

We may disclose your data if required by law, court order, or to protect the rights and safety of Frikshin and its users.

Our sub-processors are primarily based in the United States. Your data may therefore be transferred outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Sub-processor participation in recognised data transfer frameworks

You have the following rights under the GDPR and French law. To exercise any of these rights, contact us at hello@frikshin.com or use the in-app tools where available. We will respond within 30 days.

10.1 Right to Access — Request a copy of the personal data we hold about you.

10.2 Right to Portability — Download your journal data in a structured, machine-readable format (JSON) via your account settings, or request it from us.

10.3 Right to Rectification — Correct any inaccurate personal data. Most data can be edited directly in your account settings.

10.4 Right to Erasure ("Right to be Forgotten") — Request deletion of your account and all associated personal data. You can initiate this in your account settings under [Account → Delete Account], or contact us. Deletion is permanent and completed within 30 days. Note: we are required to retain payment records for legal/tax purposes.

10.5 Right to Restrict Processing — Request that we pause processing of your data without deleting it, for example while a dispute is resolved.

10.6 Right to Object — Object to processing based on legitimate interests (such as usage analytics). We will stop unless we have compelling legitimate grounds.

10.7 Right to Withdraw Consent — Where processing is based on consent (e.g. marketing emails), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

10.8 Complaints — If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the CNIL: cnil.fr — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.

We use cookies and similar technologies to:

• Keep you logged in (essential — cannot be disabled)
• Understand how the Service is used (analytics — requires consent)

We do not use advertising or tracking cookies.

Frikshin is not intended for children under 15 years of age (minimum age under French law). We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us at hello@frikshin.com and we will delete it promptly.

We take reasonable technical and organisational measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) and at rest (via Supabase)
• API keys stored encrypted
• Access controls limiting who can access production data
• Regular review of security practices

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the CNIL within 72 hours and inform affected users without undue delay.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or a prominent notice in the app at least 14 days before the change takes effect. Continued use of the Service after that date constitutes acceptance of the updated policy.

Email: hello@frikshin.com

Address: Bruce Miklós Salamon — Frikshin, 15 Rue de la République, 77590 Bois-le-Roi, France