Privacy Policy of
Friendli Suite
FriendliAI Corp.(the “Company”, “we”, “our”, or “us”) is fully committed to complying with various personal data protection laws and regulations applicable to the users of our services who sign up via the our website (“member”, “you”, or “your”), including but not limited to the European General Data Protection Regulation (GDPR) (collectively, the “Data Protection Laws”), and requests your consent to collect and use your personal data to the extent necessary for the Company’s operations of services. This Privacy Policy applies to all of our services rendered under our website, API, SDK, and CLI (collectively, the “Service”) to ensure your confidence in our Service. Any personal data so collected will be used solely for the purposes for which your consent has been specifically given, and the provision of such personal data to, and handling by, third parties will be limited specifically to authorized persons only. The Company will promptly notify you of any amendments made to this Privacy Policy that may impact your personal data.
Table of Contents
(1) Data Controller
(2) Purpose of Personal Data Processing
(3) Items of Personal Data Collected
(4) How Personal Data is Collected
(5) Personal Data Processing and Retention Period
(6) Provision of Personal Data to Third Parties
(7) Consignment of Personal Data Processing
(8) International Data Transfer for EU Residents
(9) Rights as a Data Subject
(10) Automated Decision-Making Technology
(11) Destruction of Personal Data
(12) Technical/Managerial Measures regarding Personal Data Protection
(13) Protecting the Privacy of Children
(14) Cookies
(15) The Chief Privacy Officer and Staff Responsible for Privacy Inquiries
(16) Complaint to the Data Protection Authority
(17) Revision of this Privacy Policy
1. Data Controller
The Company is the data controller of personal data processed in relation to the Service. You may contact the Company through the following contact information:
FriendliAI
Address: 303 Twin Dolphin Drive, Suite 600 Unit 6009, Redwood City, CA 94065
Phone Number: (650) 563-5047
Email Address: privacy@friendli.ai
2. Purpose of Personal Data Processing
2.1
The Company collects personal data for the below purposes, among others:
(a)
Providing Service: Confirmation of user’s intent to use the Service, identification of individual user or administrator of corporate user such as and Owner of Team, provision of requests and response logs generated by the Service when requested by the users, prevention of illegal use of the Service, provision of various notices/notifications, payment of service fees, update of necessary information, etc.
Member Management: Verification of member’s information to register, identification according to the provision of membership Service, maintenance and management of membership status, provision of various notices/notifications, management of questions or feedback, update of necessary information, etc.
(b)
Development of Services and Statistical Analysis: Development of new Services and provision of customized Services, provision of Services and advertisements according to statistical characteristics, confirmation of validity of the Service, provision of event information and opportunities to participate, identifying frequency of user’s access, internal analysis of user’s Service use, etc.
(c)
Complaint Management: Identifying complainant, receipt of and response to complaints, contact/notification for fact-finding, notification of complaint review results, etc.
2.2
Any and all personal data collected hereunder will not be used for any purpose other than those specified in Subparagraph 2.1 above, and if the purpose of personal data processing is modified in the future for any reason, the Company will, if necessary, obtain each user’s consent pursuant to the relevant Data Protection Laws.
3. Items of Personal Data Collected
3.1
The Company collects the below personal data:
(a)
Providing Service and Member Management:
1)
Required information for regular members: email address, nickname, name, country, associated organizations (schools or companies), name and user ID of other third-party platforms or social media sites (Google, Github, etc.) that regular members have allowed access to, profile values provided by other third-party platforms or social media sites, gender, age.
2)
Required information for social members: name and user ID of other social media site accounts that social members have allowed access to, profile values provided by other social media sites.
3)
Required information related to artificial intelligence (“AI”) inference: authentication tokens for access to cloud storage, requests made to inference servers and responses generated by AI models.
(b)
Complaint handling:
1)
Required Information: ID, email address, name, phone number, inquiry details, etc.
(c)
Payment and Purchase information:
1)
Required information : name, email address, billing address, credit card information, purchase amount, date of purchase , etc.
(d)
Information that may be automatically created and collected in the process of your use of our Service:
1)
Log data (including IP information, browser type, visited domain, mobile device and application ID, search term, etc.) and links, cookie data, Service usage history, bad usage history, etc.
3.2
A user has the right not to give its consent to the collection or use of its personal data. However, if the user withholds such consent at the time of its registration(sign-up), such user may be restricted in its use of our Friendli Suite Service and/or receipt of user benefits thereunder.
4. How Personal Data is Collected
(a)
In the process of membership registration and Service use, the user agrees to the collection of personal data and enters it directly.
(b)
Personal data is collected when information is generated through log analysis program and information collected by ‘cookie’.
(c)
Personal data is collected when authentication token is used to access cloud storage for the use of Service.
(d)
When the user runs Service to process inference requests, inference server directly collects inference requests and responses.
5. Personal Data Processing and Retention Period
5.1
User information (email, nickname, name and user ID of the social media account that regular member has allowed access to, profile value provided by social media, gender, age): retained until five (5) days after withdrawal from regular and/or social membership.
5.2
Information such as log data (including IP information, browser type, visited domain, visited page, mobile device and application ID, search term, etc.), links, cookie data, Service usage history, bad usage record, etc.: retained until five (5) days after withdrawal from regular and/or social membership.
5.3
AI inference information: retained for up to one (1) day after the organizations and projects had been deleted.
5.4
Notwithstanding Subparagraphs 5.1 and 5.2 above, if the applicable laws and regulations require the Company to retain any personal data collected hereunder, the Company will have the right to retain any user’s personal data for such duration as prescribed thereby.
6. Provision of Personal Data to Third Parties
Without your specific consent, the Company will not provide your personal data to any third party for such third party’s own use.
7. Consignment of Personal Data Processing
To provide Service seamlessly, the Company provides users’ personal data to a third-party service provider (the “Consignee”) to the minimum extent, under which such Consignees are strictly prohibited from using your personal data for any purpose without our specific instruction.
8. International Data Transfer for EU Residents
8.1
If you are an EU resident, please note that your personal data may be transferred outside the European Economic Area (“EEA”). Whenever the Company transfers an EU resident’s personal data outside of the EEA, the Company will implement at least one of the below safeguards to ensure that your personal data is given the same level of protection as given in Europe:
(a)
The Company will only transfer the personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; and
(b)
Where the Company uses certain service providers, the Company will use specific contracts approved by the European Commission.
9. Rights as a Data Subject
9.1
Under certain circumstances, you have rights under the Data Protection Laws in relation to your personal data as below:
(a)
You have the right to access your personal data. This allows you to request a copy of the personal data we have in our possession and to confirm that we are processing it properly;
(b)
You can ask us to rectify any inaccuracies in your personal data;
(c)
You have the right to request the erasure of your personal data unless processing is necessary for (i) compliance with any laws and regulations, (ii) reasons of public interest, or (iii) the establishment, exercise or defense of legal claims; (d) You may object to our processing of your personal data (i) if such processing has an impact on your fundamental rights or (ii) if we are processing your personal data for direct marketing purpose. Please note that in some cases, however, we may have compelling legitimate grounds to process your information that override your fundamental rights;
(d)
You may object to our processing of your personal data (i) if such processing has an impact on your fundamental rights or (ii) if we are processing your personal data for direct marketing purpose. Please note that in some cases, however, we may have compelling legitimate grounds to process your information that override your fundamental rights;
(e)
You may have the right to restrict our processing of your personal data (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to delete it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
(f)
You may have the right to request us to transfer your personal data to another data controller. Please note that this right only applies to automated information that you initially provided your consent for us to use or where we used the information to perform a contract entered into with you;
(g)
Where you have provided your consent to the processing of your personal data for any purpose, you have the right to withdraw such consent at any time by notifying us. Please note, however, that if you withdraw your consent, we may not be able to provide Service to you.
9.2
The exercise of the above rights is generally free of charge. Where requests are manifestly unfounded or excessive, in particular because of their repetitiveness, we may charge an appropriate service fee in accordance with the applicable statutory regulations or refuse to process such request.
10. Automated Individual Decision-Making Technology
The Company will not make any automated individual decisions, such as profiling, that would significantly affect your use of our Service.
11. Destruction of Personal Data
When the purpose of collection and use of personal data is finally achieved, the Company will destroy the personal data without delay after a predetermined period in line with its internal policy and applicable laws and regulations, unless the personal data must be retained in accordance with the relevant laws and regulations.
12. Technical/Managerial Measures regarding Personal Data Protection
12.1
The Company protects your personal data through below technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access and unauthorized disclosure and alteration:
(a)
Administrative measures: establishment and implementation of internal management plans, regular employee training, and operation of the organization dedicated to personal data protection.
(b)
Technical measures: management of access rights to personal data processing systems, installation of access control systems, encryption of unique identification information, password and credit card number, and installation of security programs.
(c)
Physical measures: Control of access to computer rooms, data storage rooms, etc.
13. Protecting the Privacy of Children
The Company does not collect or manage personal data of children or allow children to use our Service. If we learn that we have collected personal data of a child without the consent of the child’s parent or guardian, we will delete such data. We encourage parents with concerns to contact us.
14. Cookies
14.1
A cookie is a small file that our web server places on a user’s computer hard drive and contains a unique identifier. Cookies enable the Company to track usage patterns and provide personalized content. The Company has no access to data stored by cookies.
(a)
Purpose of the Use of Cookies: Cookies make websites work more efficiently and, simultaneously, provide the Company with information necessary to deliver optimized information and customized services for each user.
(b)
Installation, operation and rejection of cookies: Cookies may be installed automatically when using the PeriFlow website. However, the users can disable cookies by altering the settings on their device or browser (Web: Tools > Internet Options > Privacy menus at the top of the browser). If users do not accept our essential cookies, the users may experience some inconvenience in the use of our Service. Examples of essential cookies include secured login details and other settings.
(c)
Please click the below links for the instruction to change the cookie settings:
15. Complaint to the Data Protection Authority
You may submit a complaint to your local or other regulatory authorities in the country of your residence if you believe that the data processing described here violates any applicable Data Protection Laws.
16. Revision of this Privacy Policy
Privacy notice takes effect from its effective date. Should there be any ground for a material change to the users’ right to data privacy, the Company will notify the users at least thirty (30) days before such change is implemented. Other changes will be notified to the users at least seven (7) days prior to their implementation.
ANNEX 1: ADDITIONAL CLAUSES FOR KOREAN RESIDENTS
1. Personal Data Retention Period
1.1
Notwithstanding the section 5 of the Privacy Policy, the Company may use and retain Korean residents’ personal data until the end of the relevant retention period in the below cases:
CasesRetention Period
Investigation is necessary to find out the reason for termination in case the Company terminates the relevant service agreement due to a reason attributable to userThree (3) years from the date of termination
Investigation in progress due to violation of any applicable laws and regulationsUntil the completion of the investigation
Existence of claims and/or obligationsUntil the settlement of the claims and/or obligations
Records related to resolution of user’s complaints or settlement of disputesThree (3) years
Records related to payment for and provision of servicesFive (5) years
2. Consignment of Personal Data Processing
2.1
The following with regard to the consignment of processing personal data of Korean residents:
(a)
Consignment of personal data processed overseas:
ConsigneeDestination CountryTime and Method of TransferPersonal DataPurpose of UsePeriod of Retention and Processing
Amazon Web Service Inc.(aws-korea-privacy@amazon.com )U.S.Transferred through serverAny personal data processedData managementUntil member’s membership withdrawal; or until the consignment agreement is terminated
Stripe, Inc.(privacy@stripe.com)U.S.Transferred through serverName, email, billing address, credit card information, purchase amount, date of purchase Electronic payment processingUntil member’s membership withdrawal; or until the consignment agreement is terminated
Google LLC (googlekrsupport@google.com)U.S.Transferred through server when Service usage history occurs Service usage historyAnalysis of usage patternsUntil member’s membership withdrawal; or until the consignment agreement is terminated
Amplitude, Inc. (privacy@amplitude.com)U.S.Transferred through server when Service usage history occurs Service usage history Analysis of usage patternsUntil member’s membership withdrawal; or until the consignment agreement is terminated
Twilio Inc. (privacy@twillio.com)U.S.Transferred through server when sending emailsEmail addressSending emailUntil member’s membership withdrawal; or until the consignment agreement is terminated
3. Destruction of Personal Data
3.1
In the event the personal data needs to be retained by Korean Data Protection laws, such personal data will be segregated, moved to a separate database and safely stored in a different location.
3.2
The process and method of Korean residents’ personal data destruction are as follows:
(a)
Destroying Procedure: The Company will determine the personal data to be destroyed, and such personal data will be destroyed with an approval of the Company's Chief Privacy Officer.
(b)
Destroying Method: Hard copy printouts of personal data are shredded or burned, whereas electronic files of personal data are destroyed through a technical or physical means to ensure that the relevant data cannot be recovered.
4. The Chief Privacy Officer and Staff Responsible for Privacy Inquiries
4.1
The Chief Privacy Officer and the department responsible for handling privacy inquiries are designated as below to oversee all matters related to customer privacy and handle complaints, as well as to address any damage from privacy-related issues. For the avoidance of doubt, the Chief Privacy Officer is not the Data Protection Officer under the European General Data Protection Regulation (GDPR):
Chief Privacy OfficerStaff Responsible for Privacy Inquiries
Name: Byung Gon Chun Title: DirectorDepartment: Legal Phone number: +1(650)563 5047 Email address: privacy@friendli.ai Contact Person: Elizabeth Yoon
4.2
The users may contact the above department and staff for all personal data protection inquiries, complaint handling, damage relief, etc., that occurred while using the Company's Service. The Company will endeavor to respond and process any inquiry promptly.
5. Complaint to the Data Protection Authority
5.1
A Korean resident may submit a complaint to the below institutions:
(a)
Personal Data Breach Reporting Center: 118 (www.privacy.kisa.or.kr);
(b)
Personal Data Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr);
(c)
Cybercrime Investigation Division at the Supreme Prosecutors’ Office: 02-3480-3573 (www.spo.go.kr);
(d)
Cybercrime Investigation Bureau at the National Police Agency: 182 (http://cyberbureau.police.go.kr).
To see previous version, clickhere.