FRENS

Privacy Policy

v1 · Effective April 17, 2026

1. What This Covers

This policy describes how Frens Corp. ("Frens," "we," "us") collects, uses, and shares information about you when you use the Frens app, website, and AI voice call service.

2. What We Collect

  • Account information. Email address, password (hashed by our auth provider, Clerk), display name, date of birth, time zone, phone number, and the quiet-hours window you configure.
  • Consent records. Each time you accept our call-consent terms, we log the text version you saw, the timestamp, your IP address, and your user agent. We retain these records for at least four years.
  • Payment information. Payment methods are collected and stored by Stripe. We receive only a customer identifier and subscription status.
  • Voice recordings and transcripts. We record the audio of your calls with your Fren and produce written transcripts for use by the service. Audio recordings are biometric data.
  • Call metadata. Time, duration, answer status, and call-quality metrics.
  • Usage analytics. Pages you view, features you use, and device information, collected via PostHog and Sentry for product improvement and error tracking.

3. How We Use It

  • Operate Frens — place calls, run AI personas, and remember what you told your Fren.
  • Bill your subscription.
  • Comply with legal obligations — TCPA consent records, SB 243 crisis reporting, tax records.
  • Improve the service — product analytics, error tracking, and AI safety training (see Section 6).
  • Communicate with you — service emails, call notifications, and re-consent prompts.

4. Biometric Data (Your Voice)

Your voice is biometric data. By using Frens you consent to our recording, storing, and processing your voice audio and transcripts for the purposes described in this policy. We do not sell your voice. We do not share your voice with third parties for their commercial use. We do not clone your voice for use by anyone else without your explicit, separate consent.

5. Who We Share Data With

We share only what each provider needs to perform its function:

  • Clerk — authentication and account management.
  • Stripe — payment processing.
  • Resend — transactional email.
  • Anthropic, OpenAI — large language models. Call transcripts pass through during live calls. These providers commit to not training on our data.
  • Deepgram, Cartesia — speech-to-text and text-to-speech. Voice audio passes through during live calls.
  • Telnyx, Daily — telephony carriers.
  • AWS — hosting and storage of recordings and transcripts.
  • PostHog, Sentry, Statsig, Langfuse — analytics, error tracking, feature flags, and AI trace storage for debugging.

We do not sell your personal information. We may also share data in response to valid legal process, to protect our rights or user safety, or as part of a business transfer (merger, acquisition, or asset sale).

6. AI Training

We may use your call transcripts (not raw audio) to improve the quality and safety of our AI personas. You can opt out of training use in your dashboard; your opt-out does not prevent us from using your data to operate the service itself. We do not share your transcripts with any third party for their own training.

7. How Long We Keep Data

  • Account info — while your account is active, plus 30 days after deletion.
  • Conversation transcripts and recordings — 90 days after each call by default; if you have persistent memory enabled, retained for as long as your account is active. You can delete individual recordings from the dashboard.
  • Consent records — four years minimum (TCPA statute of limitations), longer if required by state law.
  • Billing records — seven years (tax and audit requirements).
  • Crisis-event logs — retained for SB 243 annual reporting to the California Office of Suicide Prevention.
  • Analytics data — 12 months in identifiable form, then aggregated.

8. Your Privacy Rights

Depending on where you live, you may have the right to:

  • Access the data we hold about you.
  • Delete your data, subject to legal retention above.
  • Correct inaccurate data.
  • Opt out of "sale" or "sharing" — we do not sell your data, but you can confirm this and set your preference. We honor Global Privacy Control (GPC) signals.
  • Limit use of sensitive information — including your voice and phone number.
  • Data portability — request an export.

To exercise any of these rights, email privacy@frens.app from the email on your account, or use the Privacy Center in your dashboard.

9. California-Specific Disclosures (CCPA / CPRA)

California residents have rights under the California Consumer Privacy Act. In the last 12 months, we have collected the following categories of personal information: identifiers; commercial information; internet activity; coarse geolocation (IP-based); sensory data (voice recordings); professional and demographic information you provide; and inferences. We disclose categories for operating the service. We do not sell any category.

10. Children

Frens is not for users under 18. We do not knowingly collect information from anyone under 18. If we learn we have collected information from a child, we will delete it. Contact privacy@frens.app to report.

11. Security

We use industry-standard practices to protect your data, including encryption in transit (TLS 1.2+) and at rest, access controls, and regular security review. No system is perfect; use a strong password and enable two-factor authentication.

12. Data Processors Outside the United States

Some of our service providers process data in regions outside the United States. We contract for standard protections in all cases.

13. Changes to This Policy

We may update this Privacy Policy. If we make material changes, we will email you and post the updated version here with a new effective date.

14. Contact

privacy@frens.app
Frens Corp., Delaware, USA

See also: Terms of Service · Safety and Crisis Resources