Privacy Policy

Last updated: March 16, 2026 · Effective: March 16, 2026

OSFORYOU Labs PSA ("FRRE.AI", "we", "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the FRRE.AI platform at frre.ai.

Data Controller: OSFORYOU Labs PSA, Aleja Grunwaldzka 56/113, 80-241 Gdansk, Poland. KRS: 0001116131, NIP: 9571175832. Contact: privacy@frre.ai

1. Information We Collect

Account Information: When you register, we collect your name, email address, firm name, jurisdiction, and preferred language. This is necessary to provide and personalize our services.

Usage Data: We collect information about how you use the platform, including features accessed, queries made, documents uploaded, and interaction patterns. This helps us improve the service.

Client Data: Documents, case information, and legal materials you upload or create within FRRE.AI. This data is processed exclusively to provide the service you requested.

Technical Data: IP address, browser type, device information, and geolocation (country-level, for language and jurisdiction detection).

Communication Data: Messages exchanged through FRRE Comms, support requests, and feedback.

2. How We Use Your Data

We use your data for the following purposes:

• Service Delivery: To provide, maintain, and improve FRRE.AI features
• Personalization: To adapt the platform to your jurisdiction, language, and practice area
• Security: To detect, prevent, and respond to fraud, abuse, and security incidents
• Communication: To send service notifications, security alerts, and product updates
• Analytics: To understand usage patterns and improve the platform (aggregated, anonymized)

3. What We Never Do With Your Data

This is the most important section of this policy:

• We never use your data to train AI models. Your documents, queries, and legal materials are never used to train, fine-tune, or improve any machine learning model — ours or any third party's.
• We never sell your data. To anyone. Ever. Under any circumstances.
• We never share your data with other clients. Each organization's data is logically isolated.
• We never access your data without authorization. Access is strictly role-based and fully logged.

4. Data Storage and Security

We implement comprehensive security measures:

• Encryption: AES-256 encryption at rest and TLS 1.3 in transit
• Access Control: Role-based access (RBAC) with least-privilege principle
• Audit Trail: Immutable blockchain-based audit trail for all AI decisions
• Monitoring: 24/7 security monitoring with automated threat detection
• Penetration Testing: Regular independent security assessments
• Data Isolation: Logical separation between organizations (multi-tenant architecture)

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Upon account termination:

• Account Data: Deleted within 30 days of account closure
• Client Data: Deleted within 30 days, or as specified in your Data Processing Agreement
• Audit Logs: Retained for a minimum period required by applicable law
• Backup Data: Purged from all backup systems within 90 days

You may request immediate deletion at any time by contacting privacy@frre.ai.

6. Your Rights (GDPR and Global)

Depending on your jurisdiction, you have the following rights:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request we limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent at any time (where processing is consent-based)

To exercise any right, contact privacy@frre.ai. We respond within 30 days.

7. International Transfers

If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms required by your jurisdiction.

8. Third-Party Services

We use a limited number of third-party services to operate FRRE.AI:

• LLM Providers (OpenAI, Anthropic, Google): For AI inference only. Zero Data Retention (ZDR) agreements in place. Your data is never stored by or used to train these providers' models.
• Payment Processors: For subscription billing. We never store full payment card details.
• Email Service: For transactional emails (account verification, notifications).

All third-party processors are bound by Data Processing Agreements (DPAs) with strict data protection obligations.

9. Cookies

We use only essential cookies required for the platform to function (authentication, session management, security). We do not use advertising or tracking cookies. See our Cookie Policy for details.

10. Children

FRRE.AI is a professional service not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or a prominent notice on the platform at least 30 days before taking effect.

12. Contact

For privacy-related questions, requests, or complaints:

Data Protection Officer
OSFORYOU Labs PSA
Aleja Grunwaldzka 56/113
80-241 Gdansk, Poland
Email: privacy@frre.ai

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.