Privacy Policy

2.1 Account Information

When you create an account, we collect:

• Email address
• Full name
• Password (stored as a cryptographic hash, never in plain text)
• Account creation date and last login timestamp

2.2 Project and Business Data

When you use the Service, we collect:

• Project titles, descriptions, goals, and timelines you provide
• Business details, milestones, and progress updates
• Task lists, notes, and other project-related content you create

2.3 Conversation Data with AI Assistant

We collect and store:

• All messages you send to Hai (our AI assistant)
• AI-generated responses provided to you
• Conversation timestamps and context
• Conversation metadata (length, topic categorization)

2.4 Payment and Billing Information

When you subscribe to a paid plan, we collect:

• Billing name and address
• Payment method information (processed and stored by Stripe, Inc.; we do not store complete credit card numbers)
• Subscription tier, billing cycle, and payment history
• Transaction records and invoice data

2.5 Usage and Analytics Data

We automatically collect:

• Message counts and usage statistics per billing period
• Feature usage patterns (which tools and functions you use)
• Login frequency and session duration
• Device information (browser type, operating system, screen resolution)
• IP address and general geographic location (city/state level)
• Referral source (how you found our Service)

2.6 Communications Data

We collect:

• Support ticket content and email correspondence
• Feedback, survey responses, and feature requests
• Marketing communication preferences

2.7 Cookies and Similar Technologies

We use:

• Essential cookies for authentication and security
• Analytics cookies to understand usage patterns (if you consent)
• Performance cookies to optimize Service functionality (if you consent)

3.1 To Provide and Improve the Service

We use your information to:

• Operate and maintain your account
• Process your conversations with our AI assistant (Hai)
• Store and retrieve your project data
• Provide personalized AI responses based on your conversation history
• Develop, test, and improve Service features and functionality
• Improve our AI systems, prompts, and algorithms
• Analyze usage patterns to enhance user experience

3.2 To Process Payments and Manage Subscriptions

We use your information to:

• Process subscription payments and billing
• Manage your subscription tier and usage limits
• Send billing notifications, invoices, and receipts
• Detect and prevent payment fraud

3.3 To Communicate with You

We use your information to:

• Send transactional emails (account confirmations, password resets, subscription changes)
• Provide customer support and respond to your inquiries
• Send Service announcements and important updates
• Send marketing communications about new features or offers (only if you opt in)

3.4 To Ensure Security and Prevent Abuse

We use your information to:

• Detect and prevent fraudulent activity, spam, and abuse
• Monitor for security threats and unauthorized access
• Enforce our Terms of Service
• Comply with legal obligations and protect our legal rights

3.5 To Comply with Legal Obligations

We use your information to:

• Respond to lawful requests from government authorities
• Comply with applicable laws, regulations, and legal processes
• Establish, exercise, or defend legal claims

3.6 Legal Basis for Processing

We process your information based on:

• Contract Performance: To provide the Service you signed up for
• Legal Obligation: To comply with tax, accounting, and legal requirements
• Legitimate Interests: To prevent fraud, ensure security, and improve our Service
• Consent: For marketing communications (you can withdraw anytime)

4.1 AI Processing

Your conversations with Hai are processed by third-party AI providers. When you send a message:

• Your message content and relevant conversation history are transmitted to our AI provider's API
• The AI processes this data to generate responses
• Data transmission is encrypted using industry-standard protocols

For information about how our AI providers handle data, please refer to their respective privacy policies.

4.2 Third-Party Service Providers

We share your information with the following service providers who process data on our behalf:

4.3 Service Provider Obligations

All service providers are contractually required to:

• Process data only for specified purposes
• Implement appropriate security measures
• Delete or return data upon contract termination
• Notify us of any data breaches

5.1 Active Accounts

While your account is active, we retain:

• Account information indefinitely
• Project data indefinitely (until you delete it)
• Conversation history indefinitely
• Usage analytics indefinitely

5.2 After Account Cancellation

When you cancel your account:

• Your data is retained for service improvement and legal compliance
• We may continue to use your data internally to improve our AI and platform
• Your data is never sold or shared with third parties

5.3 Data Deletion Requests

If you want your data permanently deleted:

• Submit a deletion request by emailing hello@fridaysatfour.co
• We will process deletion requests within 30 days
• Some records (invoices, tax records, security logs) may be retained as required by law
• Backup copies may persist for up to 90 days but are removed in normal backup rotation

6.1 Security Measures

We implement industry-standard security measures to protect your information, including:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher
• Encryption at Rest: All data stored in our databases is encrypted using AES-256 encryption
• Password Protection: Passwords are hashed using bcrypt with unique salts
• Access Controls: Strict role-based access controls limit employee access to user data
• Regular Security Audits: We conduct periodic security assessments and vulnerability scans

6.2 Infrastructure Security

Our Service is hosted on SOC 2 Type II compliant infrastructure (Vercel and Supabase), which provides:

• Physical security controls at data centers
• Network security and intrusion detection
• Regular security updates and patches
• Disaster recovery and backup systems

6.3 Limitations of Security

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6.4 Data Breach Notification

If a data breach affects your personal information, we will:

• Notify affected users as soon as reasonably practicable
• Send notification via email and account dashboard alert
• Describe what data was affected and when the breach occurred
• Explain steps we're taking to address the breach
• Provide guidance on protecting yourself

8.1 AI-Generated Content

The responses provided by Hai (our AI assistant) are generated by artificial intelligence and should be understood as:

• Suggestions, not professional advice: AI responses are not legal, financial, medical, or professional advice
• Potentially inaccurate: AI may produce errors, outdated information, or "hallucinations" (plausible-sounding but incorrect information)
• Not guaranteed: We do not guarantee that AI responses will be accurate, complete, or suitable for your specific needs

8.2 Your Responsibility

You are solely responsible for:

• Evaluating the accuracy and appropriateness of AI-generated content
• Verifying important information before relying on it
• Making your own independent decisions about your business
• Ensuring AI-generated content complies with applicable laws and regulations

8.3 Intellectual Property in AI Outputs

Regarding content created through your use of the AI assistant:

• Your Input: You retain all rights to the business ideas, plans, and content you provide to Hai
• AI Responses: AI-generated suggestions and responses become your property once created for you
• Platform License: You grant us a limited license to process your content to provide the Service and to improve our AI and platform

8.4 Limitations of AI Assistance

You acknowledge that:

• AI cannot replace human judgment, creativity, or expertise
• AI responses are based on patterns in training data and may reflect biases
• AI cannot understand context as deeply as a human collaborator
• AI-generated content may inadvertently resemble existing copyrighted works
• You should independently verify that AI-generated content does not infringe third-party rights

8.5 No Liability for AI Outputs

We are not liable for:

• Decisions you make based on AI-generated suggestions
• Inaccuracies, errors, or omissions in AI responses
• Financial losses resulting from reliance on AI content
• Copyright infringement claims related to AI-generated content
• Any damages arising from your use of AI-generated content

8.6 AI Model Changes

We reserve the right to:

• Update or change the AI model used to power Hai
• Modify AI capabilities and features
• Adjust AI response behavior and style

We will notify you of material changes to AI functionality.

Types of Communications

We may send you:

What Are Cookies

Cookies are small text files stored on your device that help us provide and improve the Service. We use both session cookies (deleted when you close your browser) and persistent cookies (remain until deleted or expired).

Types of Cookies We Use

Third-Party Cookies

We do not allow third-party advertising cookies. The only third-party cookies are from:

• Stripe (for payment processing)
• Analytics providers (if you consent)

Cooperation with Law Enforcement

We cooperate with US law enforcement and regulatory authorities when:

• Required by valid legal process (subpoena, court order, search warrant)
• Necessary to comply with applicable laws and regulations
• Necessary to protect our rights, property, or safety
• Necessary to protect user safety or public safety
• Investigating potential violations of our Terms of Service or criminal activity

Limitation of Liability

To the maximum extent permitted by applicable law:

• We are not liable for unauthorized access resulting from circumstances beyond our reasonable control
• Our liability for data breaches is limited as specified in our Terms of Service
• We are not liable for third-party actions (e.g., data breaches at our service providers not caused by our negligence)
• We are not liable for damages resulting from your failure to secure your account credentials
• These limitations do not apply where prohibited by law or for damages resulting from our gross negligence or willful misconduct

Indemnification

You agree to indemnify and hold us harmless from claims arising from:

• Your violation of this Privacy Policy
• Your violation of applicable laws or regulations
• Your infringement of third-party rights through use of the Service
• Unauthorized access to your account due to your failure to secure credentials

Right to Modify

We reserve the right to modify this Privacy Policy at any time to reflect:

• Changes in our data practices
• New legal requirements or regulatory guidance
• Service feature updates and improvements
• User feedback and industry best practices

Notice of Material Changes

For material changes that significantly affect your rights or how we use your information:

• We will display a prominent notice on the Service homepage and in your account dashboard
• We will update the "Last Updated" date at the top of this policy
• We will provide at least 30 days notice before material changes take effect
• We will maintain a version history showing what changed

Notice of Non-Material Changes

For minor changes (clarifications, formatting updates, contact information changes, typo corrections):

• We will update the "Last Updated" date at the top of this policy
• We will post the revised policy on our website
• Continued use of the Service after posting constitutes acceptance of changes

By Using the Service

By creating an account, accessing, or using the Service, you acknowledge and agree that:

• You have read, understood, and agree to be bound by this Privacy Policy
• You understand how we collect, use, disclose, and protect your personal information
• You understand your rights regarding your personal data and how to exercise them
• You consent to the collection, processing, and use of your information as described in this Privacy Policy
• You understand that AI-generated content may contain errors, inaccuracies, or biases and should be independently verified
• You are at least 18 years old

Voluntary Provision of Information

You understand and acknowledge that:

• Providing personal information to us is voluntary
• Failure to provide required information (email, name, payment details for paid plans) may prevent you from creating an account or using certain Service features
• You can request deletion of your account and associated information at any time by emailing hello@fridaysatfour.co

Data Storage and Processing in the United States

You acknowledge and consent that:

• Your personal information will be transferred to, stored, and processed on servers located in the United States
• U.S. data protection laws may differ from those in your country or state of residence
• We implement appropriate safeguards to protect your information regardless of location
• You have the right to withdraw this consent by requesting account deletion

Changes to Consent

You understand and acknowledge that:

• Where our processing is based on your consent, you can withdraw consent at any time
• Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal
• Withdrawal of consent may affect your ability to use certain Service features or may require account deletion
• You can withdraw consent by emailing hello@fridaysatfour.co