FRIENDLIAI PRIVACY POLICY
Effective Date: Sep 11, 2025
1. Introduction
2. Scope
3. What Information We Collect
4. Use of Cookies and other Tracking Technologies
5. Why We Collect Information
6. When We Disclose Information
7. Automated Decision Making
8. Retention of Personal Information
9. Your Choices About the Information We Collect
10. Children’s Privacy
11. Visitors to the Site Outside of the United States
12. Links
13. Security
14. Your California Privacy Rights
15. Your Privacy Rights under Other US State Laws
16. Your Rights Under the General Data Protection Regulation
17. Your Rights Under the UK GDPR
18. Changes to This Privacy Policy
19. Contact Us
ANNEX 1: ADDITIONAL CLAUSES FOR KOREAN RESIDENTS
1. Personal Data Retention Period
2. Consignment of Personal Data Processing
3. Destruction of Personal Data
4. The Chief Privacy Officer and Staff Responsible for Privacy Inquiries
5. Complaint to the Data Protection Authority
1. Introduction
Welcome. You have arrived at a website provided by FriendliAI (“FriendliAI,” “we,” “our” or “us”). Our mission is to empower organizations to harness the full potential of their generative AI models with ease and cost-efficiency.
At FriendliAI, we take your privacy seriously. We provide this Privacy Policy (“Policy”) to tell you what information we collect about you, how we obtain it, how we share it, and how you may limit the ways in which we use your Personal Information. If you have questions about this Policy after you review it, feel free to contact us at privacy@friendli.ai.
2. Scope
This Policy governs www.friendli.ai, its subdomains, and all subdomains or portals that link to this Policy (“Site”); or when you provide Personal Information or interact with us online or in-person. This Policy also applies to Personal Information that we may collect from you via phone calls or other communications with our representatives or in any other instance when you contact us. For the purpose of this Policy, “Personal Information” or “Personal Data” means any information relating to an identified or identifiable individual that is protected by applicable privacy laws. The definition of Personal Information does not include publicly available information from federal, state, or local government records, such as professional licenses and real estate or property records.
We refer to all the above as our “Services.” Our Services are used by our business partners (“Partners”), current and potential clients (“Clients”) and website visitors (“Site Visitors”).
Any Personal Information so collected will be used solely for the purposes for which your consent has been specifically given, and the provision of such Personal Information to, and handling by, third parties will be limited specifically to authorized persons only.
By using our Sites or otherwise using our Services, you acknowledge this Policy and agree to our Terms of Service (“Terms”).
3. What Information We Collect
As a rule, we limit the Personal Information we collect to that which is adequate, relevant and reasonably necessary for us to provide our Services to you.
Information That You Provide to Us
As you interact with our Site or Services, we collect the following Personal Information via the online chat function and webforms or inputs/uploads on our Site, when you use an authentication token to access the Services, and through telephone calls, letters, emails and other communications with you.
Site Visitors
- Contact information such as your first and last name, email address, job title, home or business address, telephone numbers, mobile numbers.
Partners
- Contact information such as your first and last name, job title, email address, business address, shipping address, telephone numbers, mobile numbers;
- Name and user ID of other third-party platforms or social media sites (Google, Github, etc.) that regular members have allowed access to, profile values provided by other third-party platforms or social media sites, gender, age;
- Financial information such as your business credit card or debit card number, bank account information and your payment, service and purchase history; and
- Other information that could reasonably be used to identify you personally.
Clients
- Contact information such as your first and last name, user name, email address, home or business address, billing address, telephone numbers, mobile numbers;
- Name and user ID of other third-party platforms or social media sites (Google, Github, etc.) that regular members have allowed access to, profile values provided by other third-party platforms or social media sites, gender, age, profile images or avatar associated with your profile;
- Authentication tokens for access to third party services or cloud storage, requests made to inference servers and responses generated by AI models; and
- Other information that could reasonably be used to identify you personally.
Information That Is Automatically Collected
Like many businesses, we and our service providers automatically collect and/or store certain information when you visit or interact with the Site or Services (“Usage Information”), including via cookies and other tracking technologies (see Use of Cookies and Other Tracking Technologies section below). This Usage Information may be stored and/or accessed from your personal computer, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Site. Usage Information includes:
- Your IP address, IDFA, Android/Google Advertising ID, IMEI, or another unique identifier;
- Your Device functionality (including browser, browser language, settings and behavior, operating system, hardware, mobile network information);
- Referring and exit web pages and URLs;
- The areas within the Site that you visit and your activities there, including remembering you and your preferences;
- Your Device location or other location information, including the zip code, state or country from which you accessed the Services;
- Your Device characteristics (such as device type (computer vs. mobile) and ID, operating system, hardware);
- Certain other Device data, including the time of day you visit our Site or other information used to provide analytics or other usage information;
- Information about your engagement with our emails; and
- Statistical information about how both unregistered and registered users, collectively, use the Site and Services.
Information Collected from Third Parties
The Site includes functionality that allows certain kinds of interactions between the Site and your account on a third-party website or application. The use of this functionality may involve the third-party site providing information to us. For example, we might obtain information about the traffic and usage of FriendliAI from third parties. We might also allow you to login to the Site using third-party platforms such as Google and GitHub or provide links to facilitate sending postings to social media (like a “Share” or “Forward” button). These third parties also use cookies and other tracking technologies to capture information about your interactions with FriendliAI.
FriendliAI does not have control over the information that is collected, used, and shared by these third parties. We encourage you to review the privacy statements of these third parties to understand their privacy practices.
4. Use of Cookies and other Tracking Technologies
We use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies used on the Site, include, but are not limited to, the following (as well as future-developed tracking technology or methods that are not listed here):
- Cookies. A cookie is a file placed on a Device to uniquely identify your browser or to store information on your Device. Our Site may use HTTP cookies, HTML5 cookies and other types of cookie technology to store information on local storage.
- Pixels: A pixel is a small graphic file that allow us and third parties to monitor the use of the Site and provide us with information based on your interaction with the Site
- Web Beacons. A Web Beacon is a small tag (which may be invisible to you) that may be placed on our Site’s pages and messages.
- Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on.
- ETag, or entity tag. An Etag or entity tag is a feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
- Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
- Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user).
We may use the following types of cookies:
- Strictly necessary cookies. These cookies are essential for you to browse the Sites and use its features, such as accessing secure areas of the site.
- Functionality cookies. Also known as “preference cookies,” these cookies allow the Sites to remember choices you have made in the past, like what language you prefer, or what your user name and password are so you can automatically log in.
- Analytics cookies. Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. Their purpose is to improve website functions. This includes cookies from third-party analytics services if the cookies are for the exclusive use of the owner of the website visited.
- Advertising cookies. These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.
We use Google Analytics to help us understand how our customers use the Site. Read more about how Google uses your Personal Information or opt-out of Google Analytics.
5. Why We Collect Information
We use the information we collect about you in a variety of ways, including the following:
To Provide Our Services
We process certain Personal Information when you access or use our services, including to:
- process your purchases of, or requests for, products and services;
- create and verify user accounts;
- facilitate the functionality of our Site, including payment-related functionality; and
- customize experiences and personalization when you are on our Site.
To Communicate with You
We process certain information to communicate with you in relation to your accounts, our services, our marketing, and your requests, including to:
- communicate with you about orders, our Services, accounts and programs;
- respond to your customer service inquiries and requests for information;
- post your comments or statements on our Site;
- send you personalized promotions, content, and special offers;
- communicate with you about our brands, products, events, or other promotional purposes;
- implement your communications preferences, such as sharing information with our business partners so that they may email you about their promotions, products and initiatives; and
For Improvement of Our Site or Services
We want to ensure that our Site and Services are continually improving and expanding so that we meet and exceed your needs and expectations. To do so, we may process certain Personal Information, including to:
- maintain, improve, and analyze our Site or Services; and
- detect, prevent, or investigate suspicious activity or fraud.
To Comply with Applicable Laws
We may be required to process certain Personal Information under certain laws and regulations, such as tax laws, as well as to:
- maintain appropriate records for internal administrative purposes; and
- comply with applicable legal and regulatory obligations, and respond to lawful governmental requests, as needed.
To Enforce our Terms, Agreements, or Policies
To maintain a safe, secure, and trusted environment for you when you use our Site and Services, we use your Personal Information to ensure our terms, policies, and agreements with you and any third parties are enforced.
With Your Consent
We process certain Personal Information to fulfill any other business or commercial purposes at your direction or with your consent.
6. When We Disclose Information
To the extent permitted by law, certain Personal Information about you may be disclosed in the following situations:
- Service providers. To provide information to our affiliates and nonaffiliated third parties who perform services or functions for us in conjunction with our services to you, but only if we have a contractual agreement with the other party which prohibits them from disclosing or using the information other than for the purposes for which it was disclosed. Examples of such disclosures include using a payment processor, reservations maker, merchandise store, customer service provider, email marketing provider, or food delivery service.
- Legal process. To comply with a validly issued and enforceable subpoena or summons; as a part of any actual or threatened legal proceedings or alternative dispute resolution proceedings either initiated by or against us, provided we disclose only the information necessary to file, pursue, or defend against the lawsuit and take reasonable precautions to ensure that the information disclosed does not become a matter of public record.
- Business transactions. In conjunction with a prospective purchase, sale, or merger of all or part of our practice, if we take appropriate precautions (for example, through a written confidentiality agreement) so the prospective purchaser or merger partner does not disclose information obtained in the course of the review.
Finally, we may aggregate, de-identify, and/or anonymize any information collected through the Site or Services such that such information is no longer linked to your personally identifiable information. We may use and share this aggregated and anonymized information (non-Personal Information) for any purpose, including without limitation, for research and marketing purposes, and may also share such data with our affiliates and third parties, including advertisers, promotional partners and others.
7. Automated Decision Making
We do not make any automated individual decisions, such as profiling, that would significantly affect your use of our Services.
8. Retention of Personal Information
FriendliAI will retain your Personal Information only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
All information you provide to us is stored on our secure servers or those of our third-party data storage providers.
We retain Personal Information as follows:
- User information (email, nickname, name and user ID of the social media account that regular member has allowed access to, profile value provided by social media, gender, age): retained until five (5) days after withdrawal from regular and/or social membership.
- Information such as log data (including IP information, browser type, visited domain, visited page, mobile device and application ID, search term, etc.), links, cookie data, Service usage history, bad usage record, etc.: retained until five (5) days after withdrawal from regular and/or social membership.
- AI inference information: retained for up to one (1) day after the organizations and projects had been deleted.
We utilize the following criteria to determine the length of time for which we retain Personal Information:
-
How long we have had a relationship with you or provided our Services to you;
-
The business purposes for which the information is used, and the length of time for which the information is required to achieve those purposes;
-
Whether we are required to retain the information, or the information is otherwise necessary, in order to: comply with legal obligations or contractual commitments: defend against potential legal claims: detect or prevent potential illegal activity or actions in violation of our policies and procedures; secure our systems and online environment; or protect health and safety;
-
The privacy impact on individuals of ongoing retention; and
-
The manner in which information is maintained and flows through our systems, and how best to manage the lifecycle of information in light of the volume and complexity of the systems in our infrastructure.
When the purpose of collection and use of Personal Information is finally achieved, FriendliAI will destroy the personal data without delay after a predetermined period in line with its internal policy and applicable laws and regulations, unless the Personal Information must be retained in accordance with the relevant laws and regulations.
Notwithstanding the above, if the applicable laws and regulations require us to retain any Personal Information collected hereunder, we will have the right to retain any user’s Personal Information for such prescribed duration.
9. Your Choices About the Information We Collect
Communications Preferences
We prefer to keep your Personal Information accurate and up to date. If you would like to change your contact information, please contact us using the information in the Contact Us section below. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable (but we may retain prior information as business records).
You can opt out of receiving marketing emails from us at any time. You will still receive transactional messages from us. To manage your email preferences with us, please click on the Unsubscribe link in any email you receive from us or contact us using the information in the Contact Us section below. Your choice will not affect our ability to share information in the other ways described in this Policy.
Controlling Your Cookies
You can opt-out of cookies by enabling an opt-out preference signal on your browser or opting-out of cookies in our Sites’ cookie preference centers.
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below to learn how to modify your web browser’s settings on the most popular browsers:
Note that if you turn cookies off, you may be unable to access certain parts or benefit from the full functionality of the Sites. To learn more about cookies and similar technologies or to opt-out of targeted advertising cookies, visit resources from the Digital Advertising Alliance (“DAA”) or the Network Advertising Initiative (“NAI”). We do not control these opt-out links or whether any organization chooses to participate in these opt-out programs.
Please note that even if you exercise the opt-out choices above, you may continue to receive advertisements, for example, ads based on the website you are viewing (e.g., contextually based ads), or ads that are not targeted at you and may be less relevant. Also, if your browser (like some Safari browsers) is configured to reject opt-out cookies when you opt out on the DAA or NAI websites, your opt-out may not be effective.
Do Not Track
Do Not Track (“DNT”) is a web browser setting that requests that a web application disable its tracking of an individual user. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party websites or online services (e.g., browser do not track signals), but there is no universally agreed upon standard for what an organization should do when it detects a DNT signal. Currently, we do not monitor or take any action with respect to these signals or other mechanisms. You can learn more about Do Not Track here.
10. Children’s Privacy
Our Site is not intended for use by children under the age of 16. We do not request, or knowingly collect, any personally identifiable information from children under the age of 16. If you are the parent or guardian of a child under 16 who you believe has provided her or his information to us, please contact us using the information in the Contact Us section below to request the deletion of that information.
11. Visitors to the Site Outside of the United States
If you are visiting the Site from a location outside of the U.S., your connection will be through and to servers located in the U.S. All information you receive from the Site will be created on servers located in the U.S., and all information you provide will be maintained on web servers and systems located within the U.S. The data protection laws in the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By using the Site or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information in the United States and in other countries, as set forth in this Policy.
12. Links
For your convenience, the Site and this Policy may contain links to other websites. FriendliAI is not responsible for the privacy practices, advertising, products, services, or the content of such other websites. None of the links on the Site should be deemed to imply that FriendliAI endorses or has any affiliation with the links.
13. Security
We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from the Site, and you provide us with your information at your own risk.
14. Your California Privacy Rights
This section of the Policy applies solely to California residents. We adopt this Section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”). Any terms defined in the CCPA or CPRA have the same meaning when used in this Section.
California residents have the following rights:
- To know the categories of Personal Information being collected about you, the purposes for which the categories of Personal Information are collected or used, and whether that information is sold or shared;
- To know the length of time we intend to retain each category of Personal Information;
- To know whether your Personal Information is sold or disclosed and to whom;
- To access your Personal Information;
- To delete the Personal Information you have provided to us, with certain exceptions;
- To correct your Personal Information;
- To opt out of the sale of Personal Information;
- To know if Sensitive Personal Information (“SPI”) is being collected about you, the categories of SPI being collected, the purposes for which the categories of SPI are collected or used, and whether the SPI is sold or shared;
- To limit the use of your SPI if it is used for cross-contextual behavioral advertising or for the purposes of inferring characteristics about you; and
- Not to be discriminated against, even if you exercise your privacy rights.
Request for Information, Correction, or Deletion
California residents have the right to request, under certain circumstances, that a business that collects Personal Information about them disclose the information listed below for the preceding 12 months:
- The categories of Personal Information collected about you;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting, selling or sharing Personal Information;
- The categories of third parties to whom the business discloses Personal Information; and
- The specific pieces of Personal Information collected about you.
Please note that if we collected information about you for a single one-time transaction and do not keep that information in the ordinary course of business, that information will not be retained for purposes of a request under this section. In addition, if we have de-identified or anonymized data about you, we are not required to re-identify or otherwise link your identity to that data if it is not otherwise maintained that way in our records.
You can also request that we correct or delete your Personal Information. There may be certain exceptions to our obligation to correct or delete your information such as if you have an existing account or transaction with us or if we have a legitimate business reason to keep your information.
Personal Information Collected
We have collected the following categories of Personal Information from consumers within the last twelve (12) months:
| Category of Personal Information | Examples of this Category | Sources of Personal Information | Business Purpose for Collection |
|---|---|---|---|
| Identifiers | Real name, alias, postal address, unique personal identifier, online identifier, Internal Protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers. | You Automatically Third Parties | To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Personal information described in California Civ. Code § 1798.80(e) | Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | You Automatically Third Parties | To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Characteristics of protected classifications under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or credit, marital status, medical condition (AIDS/HIV status, cancer), physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information), political activities or affiliations, familial status, source of income status, status as a victim of domestic violence, assault, or stalking. | N/A | N/A |
| Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | You Automatically | To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Biometric information | An individual’s genetic, physiological, biological or behavioral characteristics. | N/A | N/A |
| Internet or other electronic network activity information | Browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. | Automatically | To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Geolocation data | Physical location and/or movements. | N/A | N/A |
| Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | N/A | N/A |
| Professional or employment related information | Current or past job history or performance evaluations | You | To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Non-public education information (per the Family Educational Rights and Privacy Act – 20 U.S.C. § 1232g, 34 CFR Part 99) | Education records directly related to a student maintained by an educational institution or party acting on its behalf. | N/A | N/A |
| Inferences drawn from other Personal Information | Information used to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | You Automatically Third Parties | To provide, improve and market our products and Services To provide information you requested To identify potential customers To verify identity To prevent fraud To comply with law |
| Sensitive Personal Information | Social security number, driver’s license number, account log-in, debit, or credit card number in combination with password or PIN, precise geolocation (less than 1850 square foot radius), racial/ethnic origins, religious or philosophical beliefs, union membership, contents of e-mails or texts to others, genetic/biometric data, health information, sex life/sexual orientation data | N/A | N/A |
Information related to how long we retain each category of Personal Information is included in the Retention of Personal Information section above.
Personal Information Sold or Shared
We have sold or shared (as those terms are defined in the CCPA) to third parties the following Categories of Personal Information in the last twelve (12) months:
| Category of Personal Information | Recipient Categories | Purpose for Sale/Sharing |
|---|---|---|
| Identifiers | Advertising, marketing, and analytics providers | Marketing |
| Commercial information | Advertising, marketing, and analytics providers | Marketing and analytics |
| Internet or other electronic network activity information | Advertising, marketing, and analytics providers | Marketing and analytics |
| Inferences drawn from other Personal Information | Advertising, marketing, and analytics providers | Marketing and analytics |
We do not sell or share the Personal Information of consumers under 16 years of age.
Personal Information Disclosed for Business Purposes
We have disclosed the following categories of Personal Information for business purposes in the last twelve (12) months:
| Category of Personal Information | Recipient Categories | Business Purpose for Disclosure |
|---|---|---|
| Identifiers | Service Providers | Helping to ensure the security and integrity of Personal Information Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services |
| Commercial information | Service Providers | Helping to ensure the security and integrity of Personal Information Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services |
| Internet or other electronic network activity information | Service Providers | Helping to ensure the security and integrity of Personal Information Performing services on behalf of the business Internal research for technological development and demonstration Activities to verify or maintain the quality of, improve, upgrade, and/or enhance of our Services |
Do Not Sell My Personal Information
As a California resident, you also have the right, at any time, to tell us not to sell Personal Information – this is called the “right to opt-out” of the sale of Personal Information. We do not sell Personal Information, but we recognize that some privacy laws define “Personal Information” in such a way that making available identifiers linked to you for a benefit may be considered a “sale”. To opt-out of this, please click on this .
Right to Limit Use of Sensitive Personal Information
California residents have the right to limit the use of each type of Sensitive Personal Information for each purpose with each type of third-party partner. Currently, we do not provide your Sensitive Personal Information to any third parties.
Right Not to Be Discriminated Against
We will not discriminate against you for exercising any of your rights under the CCPA. Unless permitted by California law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Third Party Marketing
California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us a list of what Personal Information (if any) we disclosed to third parties for their own direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. We do not currently disclose Personal Information protected under this section to third parties for their own direct marketing purposes.
Exercising Your California Privacy Rights
You or your authorized agent may make a request to access, correct, delete, opt-out of the sale of your Personal Information, or limit the use of your Sensitive Personal Information by contacting us using the information in the Contact Us section below.
If you use an authorized agent to submit your request, we may require proof of the written authorization you have given. We also may require you to confirm your identity and your residency to obtain the information, and you are only entitled to make this request twice in a 12-month period. For emails, please include “California Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a California resident. We will acknowledge your request within 10 days and respond to your request within 45 days or let you know if we need additional time. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.
15. Your Privacy Rights under Other US State Laws
Based on the applicable law in the state where you live, you may have the following rights with respect to your Personal Information:
- To confirm whether or not a controller is processing your Personal Information and to access such Personal Information;
- To know the categories of Personal Information we collect about you, the purposes for the collection, how long we retain your Personal Information, and whether that information is sold or shared or disclosed and to whom;
- To correct inaccuracies in your Personal Information;
- To delete your Personal Information;
- To obtain a copy of your Personal Information that you previously provided to us in a portable, and if technically feasible, readily usable format, if processing is carried out by automated means;
- To opt out of the processing of your Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.
- Not to discriminate against you because you have exercised any of these rights, including by:
- denying you Services;
- charging different prices or rates for our Services, including through the use of discounts or other benefits or imposing penalties;
- providing you a different level or quality of Services; and/or
- suggesting that you will receive a different price or rate for Services, or at a different level or quality of Services.
To exercise any of these rights, you may make a request to confirm, access, correct, delete, obtain a copy, or opt-out of the processing of your Personal Information for targeting advertising, sale, or profiling by using this or contacting us using the information in the Contact Us section below.
We may require you to confirm your identity and your residency in order to obtain the information, and you are only entitled to make this request up to twice annually. For emails, please include “Privacy Rights” as the subject line. You must include your full name, email address, and attest to the fact that you are a resident. We will process your request within 45 days or let you know if we need additional time or cannot process your request. If you make this request by telephone, we may also ask you to provide the request in writing so that we may verify your identity. If we are unable to honor your request for any reason, we will notify you of the reason within the request time period.
Right to Opt Out
You may have the right to opt out of the processing of your Personal Information for purposes of (i) targeted advertising, (ii) the sale of Personal Information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. To exercise your right, please click on this on the bottom of the webpage where your information is being collected.
Opt-Out Preference Signals
Some browsers and browser extensions support opt-out preference signals such as the Global Privacy Control (“GPC”) that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales. GPC is a web browser-level setting, maintained by either a browser or a browser extension, that a user or privacy-focused technology can set. In certain regions, when we detect such a signal, we will make reasonable efforts to respect your choices as required by applicable law.
Appeals of Our Decisions
In some jurisdictions, you may appeal to us if we refuse to take action on your exercise of certain choices described above. In order to appeal such a refusal, please contact us using the information in the Contact Us section below with the subject line “Appeal of Refusal to Take Action on Privacy Request” and provide the relevant information in the email.
If we decline to take action on any request you make, we will provide you with the information required by the applicable law where you live. This may include an explanation of why we declined your request, information on how to appeal our decision, and/or how to make a complaint to your state Attorney General.
16. Your Rights Under the General Data Protection Regulation
This section of the Policy applies if you are a data subject who resides or is located in the European Economic Area (“EEA”). We adopt this section to comply with European privacy laws, including the General Data Protection Regulation (“GDPR”). Any terms defined in the GDPR have the same meaning when used in this section.
Under applicable law, we are considered the “data controller” of the Personal Information we handle under this Policy. In other words, we are responsible for deciding how to collect, use and disclose this information, subject to applicable law.
We want to ensure that the Personal Information we possess is always accurate and therefore we encourage you to update your information in case any changes have occurred. We have listed below the rights that you may be able to exercise in respect of the processing of your Personal Information, subject to applicable law. We take reasonable steps to ensure that the Personal Information that we process is limited to the Personal Information that are required in connection with the purposes set out in this Policy.
If you are a resident of or located within the EEA, you have certain data protection rights. These rights include:
- The right to access, update or delete the information we have collected from you.
- The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing of your Personal Information.
- The right of restriction. You have the right to request that we restrict the processing of your Personal Information.
- The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your Personal Information.
Legal Basis for Processing Personal Information
We rely on the following legal bases for processing your Personal Information:
- Contract: To conclude or perform a contract with you; for example:
- To manage and fulfill orders and to provide other Services;
- To manage our accounts and records;
- To handle your inquiries and requests;
- Legitimate Interests: When we process your Personal Information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Information for activities where our interests are overridden by the impact on you unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below. Examples of legitimate interests include:
- To respond to your customer service inquiries and requests for information;
- To maintain, improve, and analyze our Site and Services we offer;
- To conduct marketing activities;
- To detect, prevent, or investigate security breaches or fraud; and
- To facilitate the functionality of our Site;
- Legal Compliance: To comply with our legal obligations; for example:
- To maintain appropriate records for internal administrative purposes and as required by applicable law, and
- Consent: We will send you information by email on our Services or other promotions only with your consent or if you otherwise opt-in to receiving those communications. If you do not provide us with your consent to the processing of your Personal Information for this purpose, we will not send you this information. You have the right to withdraw your consent at any time as described below.
How to Exercise Your Rights Under the GDPR
If applicable, you may exercise any of your rights under the GDPR by submitting a verifiable data subject request to us by using the contact details below. You may make a request related to your Personal Information or on behalf of someone for which you have authorization. You must include your full name, email address, and attest to the fact that you are a citizen or resident of the EEA by including your country of citizenship or residence in your request. We may require you to confirm your identity and/or legal standing for the request as well as your residency in the EEA to obtain the information. We will respond to your request within 30 days or let you know if we need additional time.
Please note that we will ask you to verify your identity before responding to such requests, and we may deny your request if we are unable to verify your identity or authority to make the request.
Should you wish to raise a concern about our use of your data (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority; however, we hope that we can assist with any queries or concerns you may have about our use of your Personal Information first by contacting us using the information in the Contact Us section below.
17. Your Rights Under the UK GDPR
If you are based in the United Kingdom, the following provisions also apply:
If we share your Personal Information within FriendliAI or with third parties located outside the United Kingdom, we take steps to ensure that appropriate safeguards are in place to guarantee the continued protection of your Personal Information, such as by entering into the international data transfer addendum to the European Commission’s Standard Contractual Clauses, adopted by the UK Government under section 119A of the Data Protection Act 2018.
You have the same data subject rights as those for the EU listed above, except that references to the "GDPR" should be read as references to the "UK GDPR" and complaints should be filed with the UK supervisory authority, the Information Commissioner’s Office.
18. Changes to This Privacy Policy
We may change this Privacy Policy at any time. We will post all changes to this Policy on this page and will indicate at the top of the page the modified policy’s effective date. We therefore encourage you to refer to this page on an ongoing basis so that you are aware of our current privacy policy. If required by the applicable law, we will notify you of the changes.
By continuing to use the Site or Services or providing us with information following such a replacement Policy being uploaded, you agree that you will be bound by the Privacy Policy as changed.
19. Contact Us
If you have any questions or suggestions regarding this Policy, please contact us as follows:
Data Controller
FriendliAI is the data controller of Personal Information processed in relation to the Service. You may contact the us through the following contact information:
FriendliAI
Address: 303 Twin Dolphin Drive, Suite 600 Unit 6009, Redwood City, CA 94065
Phone Number: (650) 563-5047
Email Address: privacy@friendli.ai
ANNEX 1: ADDITIONAL CLAUSES FOR KOREAN RESIDENTS
1. Personal Data Retention Period
Notwithstanding the Retention of Personal Information section of the Privacy Policy, FriendliAI may use and retain Korean residents’ personal data until the end of the relevant retention period in the below cases:
| Cases | Retention Period |
|---|---|
| Investigation is necessary to find out the reason for termination in case FriendliAI terminates the relevant service agreement due to a reason attributable to user | Three (3) years from the date of termination |
| Investigation in progress due to violation of any applicable laws and regulations | Until the completion of the investigation |
| Existence of claims and/or obligations | Until the settlement of the claims and/or obligations |
| Records related to resolution of user’s complaints or settlement of disputes | Three (3) years |
| Records related to payment for and provision of services | Five (5) years |
2. Consignment of Personal Data Processing
The following with regard to the consignment of processing personal data of Korean residents:
Consignment of personal data processed overseas:
| Consignee | Destination Country | Time and Method of Transfer | Personal Data | Purpose of Use | Period of Retention and Processing |
|---|---|---|---|---|---|
| Amazon Web Services, Inc. (aws-korea-privacy@amazon.com) | U.S. | Transferred through server | Any personal data processed | Data management | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Oracle Corporation (https://www.oracle.com/legal/data-privacy-inquiry-form) | U.S. | Transferred through server | Any personal data processed | Data management | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Stripe, Inc. (privacy@stripe.com) | U.S. | Transferred through server | Name, email, billing address, credit card information, purchase amount, date of purchase | Electronic payment processing | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| WorkOS, Inc. (support@workos.com) | U.S. | Transferred through server | Name, email, organization name, authentication and identity provider information, login data | Authentication, and Identity Management | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Google LLC (googlekrsupport@google.com) | U.S. | Transferred through server when Service usage history occurs | Service usage history | Analysis of usage patterns | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Amplitude, Inc. (privacy@amplitude.com) | U.S. | Transferred through server when Service usage history occurs | Service usage history | Analysis of usage patterns | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Microsoft Clarity (clarity@microsoft.com) | U.S. | Transferred through server when Service usage history occurs | Service usage history | Analysis of usage patterns | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| HubSpot, Inc. (privacy@hubspot.com) | U.S. | Transferred through server when Service usage history occurs | Service usage history | Analysis of usage patterns | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Twilio Inc. (privacy@twilio.com) | U.S. | Transferred through server when sending emails | Email address | Sending email | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Vercel Inc. (privacy@vercel.com) | U.S. | Transferred through server during bot detection and latency tracking | IP address, user agent, request metadata used for bot detection and latency measurement | Bot detection (automated traffic identification), latency tracking, and security | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Functional Software, Inc. (compliance@sentry.io) | U.S. | Transferred through server during error monitoring and performance tracking | No personal data collected; only error logs and performance metadata (such as stack traces, timestamps, request paths without identifiers) | Application error monitoring and performance tracking | Until member’s membership withdrawal; or until the consignment agreement is terminated |
| Cloudflare, Inc. (dpo@cloudflare.com) | U.S. | Transferred through server during bot detection | IP address, user agent, request metadata used for bot detection | Bot detection (automated traffic identification) and security | Until member’s membership withdrawal; or until the consignment agreement is terminated |
3. Destruction of Personal Data
In the event the personal data needs to be retained by Korean Data Protection laws, such personal data will be segregated, moved to a separate database and safely stored in a different location.
The process and method of Korean residents’ personal data destruction are as follows:
- Destroying Procedure: FriendliAI will determine the personal data to be destroyed, and such personal data will be destroyed with an approval of FriendliAI's Chief Privacy Officer.
- Destroying Method: Hard copy printouts of personal data are shredded or burned, whereas electronic files of personal data are destroyed through a technical or physical means to ensure that the relevant data cannot be recovered.
4. The Chief Privacy Officer and Staff Responsible for Privacy Inquiries
The Chief Privacy Officer and the department responsible for handling privacy inquiries are designated as below to oversee all matters related to customer privacy and handle complaints, as well as to address any damage from privacy-related issues. For the avoidance of doubt, the Chief Privacy Officer is not the Data Protection Officer under the European General Data Protection Regulation (GDPR):
| Chief Privacy Officer | Staff Responsible for Privacy Inquiries |
|---|---|
| Name: Byung Gon Chun Title: Director | Department: Legal Phone number: +1(650)563 5047 Email address: privacy@friendli.ai Contact Person: Elizabeth Yoon |
The users may contact the above department and staff for all personal data protection inquiries, complaint handling, damage relief, etc., that occurred while using FriendliAI's Service. FriendliAI will endeavor to respond and process any inquiry promptly.
5. Complaint to the Data Protection Authority
A Korean resident may submit a complaint to the below institutions:
Personal Data Breach Reporting Center: 118 (www.privacy.kisa.or.kr);
Personal Data Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr);
Cybercrime Investigation Division at the Supreme Prosecutors’ Office: 02-3480-3573 (www.spo.go.kr);
Cybercrime Investigation Bureau at the National Police Agency: 182 (http://cyberbureau.police.go.kr).