Legal

Privacy Policy

Effective date: 17 April 2026 · Last updated: 17 April 2026

Contents

1. Introduction2. Who we are3. Scope of this policy4. Information we collect5. How we use information6. Legal basis (GDPR)7. Who we share with8. Sub-processors9. International transfers10. Data retention11. Security12. Your rights13. Cookies & tracking14. Marketing communications15. AI training & model use16. Automated decisions17. Children18. California residents19. Changes to this policy20. Contact & DPO

1. Introduction

This Privacy Policy explains how Freemi collects, uses, discloses, and protects personal data in connection with the Freemi platform and related products ("Service"). It applies to visitors of our website, customers who sign up for the Service, and the End Users of our customers whose data is processed through the Service. We have designed our practices around the principles of the EU and UK General Data Protection Regulation (GDPR) and, where applicable, other privacy laws such as the California Consumer Privacy Act (CCPA).

2. Who we are

Freemi is the trading name of the entity operating the Service. For the purposes of this policy, "Freemi", "we", "us", and "our" refer to Freemi as the data controller of personal data we collect about our website visitors and customer account holders, and as the data processor for personal data our customers process through the Service about their End Users. If you would like the legal entity details for a DPA or procurement process, contact privacy@freemi.ai.

3. Scope of this policy

This policy covers data we collect directly from you, data we collect automatically when you interact with our website or Service, and data our customers upload or route through the Service. It does not cover the privacy practices of third-party websites, tools, or integrations you connect to the Service, each of which is governed by its own privacy policy.

4. Information we collect

We collect the following categories of personal data:

  • Account data. name, business email, company name, role, phone number, password (stored as a one-way hash), profile preferences.
  • Billing data. billing address, VAT number, invoice history, subscription plan. Payment card details are collected and stored by our PCI-compliant payment processor (Stripe); we never see or store full card numbers.
  • Usage data. pages visited, features used, clicks, device and browser type, IP address, approximate location derived from IP, timestamps, session IDs, and diagnostic logs.
  • Customer Content. data you and your End Users submit, including messages, emails, call transcripts, bookings, contacts, notes, agent configuration, knowledge base content, and any attached files. Customer Content may include personal data about End Users; in that case our customer is the controller and Freemi is the processor.
  • Integration data. data exchanged with third-party tools you connect (e.g. Gmail, Calendar, CRM, messaging platforms), limited to the scopes you authorise.
  • Communications with us. support tickets, email correspondence, and feedback you provide.
  • Cookies & similar technologies. see Section 13.

5. How we use information

  • To provide, operate, maintain, and improve the Service;
  • To create and authenticate your account, and to detect and prevent fraud, abuse, and unauthorised access;
  • To route and process End User communications through Agents you configure;
  • To generate analytics, insights, and reports inside your dashboard;
  • To provide customer support and respond to your requests;
  • To send service notifications (security alerts, billing updates, policy changes) that are necessary for the operation of your account;
  • To send product updates and marketing communications where you have consented or as otherwise permitted by law (see Section 14);
  • To comply with legal obligations, enforce our Terms, and protect our rights, property, and safety, and those of our users and the public.

We do not sell your data. We do not use End User conversations to train foundation models (see Section 15).

7. Who we share with

We share personal data only with the recipients below and only to the extent necessary:

  • Service providers and sub-processors. vendors that help us run the Service (hosting, email delivery, analytics, payments, AI model inference, customer support tooling). All are bound by written contracts requiring them to protect personal data in line with this policy.
  • Integrations you enable. when you connect a third-party tool, we exchange data with that tool as directed by you.
  • Professional advisors. lawyers, auditors, insurers where required in connection with their professional services.
  • Corporate transactions. if Freemi is involved in a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred subject to equivalent privacy protections.
  • Legal and safety. to comply with law, valid legal process, or government request, or to protect the rights, property, or safety of Freemi, our users, or the public.

We never sell personal data or share it with advertisers for cross-context behavioural advertising.

8. Sub-processors

We use a carefully selected set of sub-processors to provide hosting, model inference, communications, analytics, and payments. An up-to-date list of sub-processors, their function, and their hosting region is available on request at privacy@freemi.ai. Customers who have signed a DPA will receive advance notice of new sub-processors and a right to object on reasonable grounds.

9. International transfers

Freemi primarily hosts customer data in the European Economic Area (EEA). Some sub-processors may process data outside the EEA, including in the United States. When we transfer personal data outside the EEA or UK to a country that does not provide an adequate level of protection, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms, and we carry out transfer risk assessments where required.

10. Data retention

  • Account data. for the life of your account, plus up to 90 days after closure.
  • Customer Content. for as long as you keep it in the Service. After termination, we delete or anonymise Customer Content within 90 days, unless a longer period is required by law.
  • Billing and tax records. typically up to 7 years from the end of the relevant financial year to comply with tax and accounting law.
  • System logs and security records. typically up to 12 months, or longer where needed to investigate security incidents or fraud.
  • Marketing records. until you unsubscribe or object, plus a short suppression period to honour your opt-out.

11. Security

We apply technical and organisational measures designed to protect personal data against unauthorised access, loss, and misuse. These include encryption in transit (TLS) and at rest, network isolation, least-privilege access controls, single sign-on and MFA for internal systems, audit logging, regular vulnerability scanning, secure development practices, and vendor security reviews. No system can be guaranteed 100% secure; if we become aware of a personal data breach that is likely to affect you, we will notify you and the relevant supervisory authority in line with applicable law.

12. Your rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • Access. request a copy of the personal data we hold about you.
  • Rectification. correct inaccurate or incomplete personal data.
  • Erasure. request deletion of your personal data in certain circumstances.
  • Restriction. request that we limit how we use your personal data.
  • Portability. receive your personal data in a structured, commonly used format, or have it transferred to another provider.
  • Objection. object to processing based on legitimate interests, including for direct marketing.
  • Withdraw consent. where processing is based on consent, withdraw it at any time.
  • Complain. lodge a complaint with a supervisory authority (e.g. the Irish Data Protection Commission at dataprotection.ie) if you believe our processing of your personal data breaches applicable law.

If you are an End User of one of our customers, please contact that customer first, as they are the controller of the data processed through their account. To exercise your rights with Freemi directly, email privacy@freemi.ai. We will respond within 30 days, and we may ask for information to verify your identity.

13. Cookies & tracking

We use cookies and similar technologies for the following purposes:

  • Strictly necessary. required to log you in, maintain your session, and secure the Service. These cannot be disabled.
  • Preferences. remember your settings, such as language or theme.
  • Analytics. help us understand how the Service is used, diagnose issues, and improve the product. Set only where required by law with your consent.

You can manage cookie preferences through your browser settings and, where we present one, through our cookie banner. Blocking strictly necessary cookies will break core functionality.

14. Marketing communications

Where permitted by law, we may send you product updates, tips, and promotional content by email. You can unsubscribe at any time using the link in the email or by emailing privacy@freemi.ai. We will continue to send transactional messages (billing, security, policy changes) that are necessary for the operation of your account.

15. AI training & model use

Freemi uses both proprietary and third-party foundation models to power Agents. We do not use Customer Content, including End User conversations, to train or fine-tune foundation models. Our inference providers are contractually prohibited from retaining prompts or outputs beyond the time required to serve the request or to comply with their own abuse-monitoring obligations. Where we run internal analytics on aggregated or de-identified data to improve the Service, we do so in a way that does not re-identify individuals.

16. Automated decisions

Our Agents generate automated responses on behalf of our customers. Freemi itself does not make decisions that produce legal or similarly significant effects on individuals solely by automated means. Customers are responsible for configuring appropriate human oversight where their use of the Service could have such effects on End Users.

17. Children

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

18. California residents

If you are a California resident, the CCPA gives you the right to know what personal information we collect, to access and delete it, to correct inaccurate information, to opt out of any "sale" or "sharing" of personal information (we do neither), and to not be discriminated against for exercising these rights. To exercise your rights, email privacy@freemi.ai. You may designate an authorised agent to make a request on your behalf.

19. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date above. For material changes, we will provide more prominent notice, including by email where appropriate. We encourage you to review this policy periodically.

20. Contact & Data Protection Officer

Privacy questions, rights requests, or DPA requests: privacy@freemi.ai. General inquiries: hello@freemi.ai. You can also read our Terms of Service.

Need formal documentation. a Data Processing Agreement (DPA), sub-processor list, or security overview. for your legal, procurement, or security team? Contact us and we'll send it over.