Privacy Policy

Effective Date: April 24, 2026

Frisby AI Operations ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website and services (the "Service"). Please read this policy carefully.

1. Information We Collect

1.1 Account Information

When you make a purchase through PayPal, we may receive your name and email address from PayPal's transaction notification. We also collect email addresses voluntarily provided through our newsletter signup, white paper downloads, and lead capture forms.

1.2 Payment Information

Payments are processed through PayPal. We do not store your credit card numbers, bank account details, or other sensitive payment information on our servers. PayPal processes your payment information in accordance with their own privacy policy.

1.3 Usage Data

We automatically collect certain information when you use the Service, including:

• Pages visited, features used, and actions taken
• Date and time of visits
• Browser type and version
• Operating system
• Referring URLs
• IP address (anonymized where possible)
• Device information

1.4 Document Data

All document analysis is performed entirely within your web browser using client-side JavaScript. Your documents are never uploaded to, transmitted to, or stored on any server. We have no access to the content you analyze.

1.5 Attorney-Client Privilege & Confidential Documents

All document analysis is performed client-side in your browser. Document content is NOT transmitted to, stored on, or accessible by Frisby AI Operations servers. Your documents never leave your device. This client-side architecture ensures attorney-client privilege, work product protection, and confidentiality are maintained throughout the analysis process. No document content is logged, cached, or retained by our systems.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process transactions and send related information
• Send administrative communications (account confirmations, security alerts, support messages)
• Respond to inquiries and provide customer support
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations

3. Third-Party Services

We use the following third-party services:

3.1 PayPal

We use PayPal to process payments. When you make a purchase, your payment information is transmitted directly to PayPal. See PayPal's Privacy Policy.

3.2 Plausible Analytics

We use Plausible Analytics, a privacy-focused web analytics tool. Plausible does not use cookies, does not collect personal data, and is fully compliant with GDPR, CCPA, and PECR. All data is aggregated and no individual visitors can be identified. See Plausible's Data Policy.

3.3 Microsoft Clarity

We use Microsoft Clarity to understand how users interact with the Service through session recordings and heatmaps. Clarity may record anonymized user sessions including mouse movements, clicks, and scrolling behavior. Clarity is loaded ONLY after you accept cookies via our consent banner. Clarity may use cookies for analytics purposes. See Microsoft's Privacy Statement.

4. Cookie Policy

Our Service uses a limited number of cookies:

• Essential cookies: Required for basic site functionality (e.g., session management).
• Analytics cookies: Used by Microsoft Clarity for usage analytics. You can opt out via the cookie consent banner.
• Preference cookies: Store your cookie consent preference.

Note: Plausible Analytics does not use cookies. You can manage your cookie preferences through your browser settings or the cookie consent banner on our site.

5. Local Storage (Browser Storage)

In addition to cookies, our Service uses your browser's localStorage to store certain data directly on your device. The types of data stored in localStorage include:

• Access tokens: Used for subscription authentication.
• Purchase records: Records of purchases made through the Service for your reference.
• Scan and analysis history: Records of documents you have scanned or audited, along with their results.
• Cookie consent preference: Your choice to accept or decline analytics cookies.
• Visited agent tracking: Which agents you have visited within the Service.
• Lead capture emails: Email addresses stored locally before any transmission.
• Custom compliance rules: Any custom auditing rules you have configured.

This data is stored only in your browser and is never transmitted to our servers. Clearing your browser data will permanently delete these records and we cannot recover them.

6. Data Retention

We do not operate backend servers or databases. Your usage data exists only in your browser's localStorage. PayPal retains transaction records per their own retention policy. Analytics data (Plausible, Clarity) is retained per each provider's policy. Email addresses collected via lead forms are stored in your browser's localStorage.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

7.1 Access

You may request a copy of the personal data we hold about you.

7.2 Deletion

You may request that we delete your personal data. We will comply unless we have a legal obligation to retain it.

7.3 Portability

You may request your personal data in a structured, commonly used, machine-readable format.

7.4 Correction

You may request correction of inaccurate personal data.

7.5 Objection & Restriction

You may object to or request restriction of processing in certain circumstances.

Since most of your data is stored locally in your browser, you have direct control. You can delete all locally stored data by clearing your browser's localStorage. For any data we may have received via PayPal or analytics providers, contact us to exercise your rights at [email protected]. We will respond within 30 days.

8. CCPA Compliance

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We do not sell personal information.

To submit a CCPA request, email [email protected] with the subject line "CCPA Request."

9. GDPR Compliance

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following provisions apply:

• Legal Basis: We process your data based on (a) your consent, (b) performance of a contract, (c) legitimate interests, or (d) legal obligation.
• GDPR Inquiries: For GDPR inquiries, contact John Frisby at [email protected].
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
• Data Transfers: If your data is transferred outside the EEA, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses).

10. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us immediately.

11. Security Measures

We protect your information through:

• HTTPS encryption for all pages
• Content Security Policy headers
• Anti-tampering protections on payment forms
• Client-side token integrity verification
• Cookie consent before any analytics tracking

Since we do not store your data on servers, the primary security boundary is your own browser and device. While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before taking effect. The "Effective Date" at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

If you have questions or concerns about this Privacy Policy, please contact us:

• John Frisby, President
• Email: [email protected]
• Phone: (281) 638-4704
• Website: frisbyaiops.com