1. Who is the controller
The entity operating the Frank service ("Frank", "we", "us") is the controller of personal data described in this policy. Contact: privacy@frankflags.com.
2. What we collect
Account information
- Name, email address, password (hashed), profile photo if provided.
- Workspace and billing details for paid plans.
Meeting content (the sensitive part)
- Audio from meetings Frank joins, captured only while Frank is in the call.
- Transcripts derived from that audio.
- Flags and audit logs Frank generates from the transcript.
- Participant metadata visible in the meeting (display names, the email you provide as your in-call address, join/leave times).
We do not retain meeting audio after a transcript is produced unless you explicitly enable recording. By default, audio is processed in memory and discarded.
Usage data
- Pages viewed, features used, errors encountered, approximate location derived from IP, device and browser type.
- Cookies and similar technologies — see our Cookie Policy.
3. Why we use it
- To provide the Service — joining meetings, generating transcripts and flags, delivering them to you.
- To improve the Service — debugging, measuring quality, fixing model errors. We do not train foundational AI models on your meeting content. See Section 6.
- To bill you and provide support.
- To keep the Service safe — detecting abuse, fraud, and violations of our Acceptable Use Policy.
- To comply with law and respond to lawful requests.
4. Legal bases (GDPR / equivalent)
- Contract — to provide the Service you have signed up for.
- Legitimate interests — to secure, improve, and operate the Service, where these interests are not overridden by your rights.
- Consent — for optional features such as recording retention, marketing emails, or non-essential cookies. You can withdraw consent at any time.
- Legal obligation — when we must process to comply with applicable law.
5. Who we share it with
We share personal data only with:
- Subprocessors we rely on to operate the Service: cloud hosting, transcription, AI model providers, payment processors, customer-support tooling, and analytics. Each is bound by data-protection terms.
- Meeting platforms (Zoom, Google Meet, Microsoft Teams) — to the extent required to join the call you asked Frank to attend.
- Authorities when required by law, subpoena, or to protect rights, safety, or property.
- A successor in the event of a merger, acquisition, or sale of assets — subject to this Policy.
We do not sell personal data and we do not share it for cross-context behavioral advertising.
6. AI model training
We do not use your meeting audio, transcripts, or flags to train foundational AI models, ours or anyone else's. We may use de-identified, aggregated metrics about Service usage to evaluate and improve our own systems.
7. Data retention
- Meeting audio — discarded immediately after transcription unless you opt into retention.
- Transcripts, flags, audit logs — retained for the lifetime of your account, or until you delete the meeting, whichever comes first.
- Account and billing data — retained while your account is active and for up to 7 years after closure to meet legal and accounting obligations.
- Backups — purged on a rolling basis, typically within 35 days.
8. International transfers
Frank operates internationally. Your data may be processed in countries other than where you live, including in jurisdictions whose data-protection laws differ from yours. Where required, we use appropriate safeguards (such as the EU Standard Contractual Clauses) for transfers from the EEA, UK, or Switzerland.
9. Security
We use industry-standard technical and organizational measures: encryption in transit (TLS) and at rest, least-privilege access controls, audit logging, and regular review of subprocessors. No system is perfectly secure; we do not guarantee that unauthorized access will never occur. Notify us immediately at privacy@frankflags.com if you suspect a breach affecting your account.
10. Your rights
Subject to applicable law, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and associated data.
- Restrict or object to certain processing.
- Receive a portable copy of data you provided.
- Withdraw consent for any processing based on consent.
- Lodge a complaint with your local data-protection authority.
To exercise these rights, email privacy@frankflags.com. We will respond within the timeframe required by applicable law.
11. Children
The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.
12. Meeting participants who are not Frank users
When the Service joins a meeting at a user's request, it processes data about other participants in that meeting. The user who invited Frank is responsible for ensuring all participants are notified and have given any required consent. We process such participant data on the user's behalf as a processor under their direction. Participants who wish to exercise rights regarding their data should first contact the Frank user who invited Frank to the meeting; they may also contact us directly at privacy@frankflags.com.
13. Changes to this Policy
We may update this Policy. If a change is material, we will give reasonable notice before it takes effect. The "Effective" date at the top of this page reflects the latest version.
14. Contact
Privacy questions: privacy@frankflags.com.
General support: support@frankflags.com.
Other legal questions: legal@frankflags.com.