Privacy Policy for FREAK.BOT

1. Introduction

This Privacy Policy describes how FREAK.BOT ("we," "our," or "us") collects, uses, and protects your information when you use our AI Excel Agent application and related services.

2. Information We Collect

Personal Information

When you use FREAK.BOT, we collect the following personal information:

• Google Account Information: When you connect via Google OAuth, we store:
  • Google email address
  • Google OAuth tokens (encrypted)
  • Basic profile information (name, profile picture)

Authentication Data

• Passwords: Securely hashed passwords for email-based accounts
• Tokens: Encrypted tokens for Google Sheets API access and authentication tokens for session management

Technical Information

• Browser Information: When using our web-based authentication
• Device Information: Basic device specifications for compatibility

Correspondence, Comments and Opinions

When you contact us directly, e.g. by email, phone, through our social media channels or when you complete an online form, we will record your comments and opinions. We use this information to address your questions, issues and concerns.

3. How We Use Your Information

We use your information for the following purposes:

1. Account Management: Creating and managing your user account
2. Authentication: Verifying your identity and maintaining secure sessions
3. Google Sheets Integration: Enabling access to Google Sheets API for spreadsheet operations
4. Service Improvement: Understanding usage patterns to improve our service
5. Security: Monitoring for unauthorized access and preventing abuse
6. Communication: Sending important service updates (optional)

4. Data Storage and Security

Storage Locations

• Database: User account data is stored in encrypted databases

Security Measures

• Token Security: OAuth tokens are encrypted and never exposed in plain text
• Access Controls: Strict access controls limit who can access user data
• Regular Updates: Security patches and updates are applied regularly

5. Storing and Transferring Your Personal Information

We implement appropriate technical and organizational measures designed to protect your personal information against accidental or unlawful destruction, loss, change or damage. However, as no protection measure is 100% secure and we cannot guarantee against unauthorized or illegal access, disclosure, modification, or loss of data.

International Transfers of your Personal Information

The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the European Economic Area ("EEA"), your personal information may be processed outside of the EEA including in the United States.

In the instance of such a transfer, we ensure that:

• the personal information is transferred to countries recognized as offering an equivalent level of protection; or
• the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission.

If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Privacy Policy.

6. Data Retention

We retain your data for as long as your account is active. You can delete your account at any time, which will:

• Remove your account and all associated data
• Revoke all Google OAuth tokens
• Delete any stored files or preferences

7. Recipients of Personal Information

In addition to the recipients listed above, we may also share your personal information with the following (as required in accordance with the uses set out in this policy):

• Service providers and advisors: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing professional services, such as legal and accounting services, processing payments, mailing, email or chat services, fraud prevention, or providing analytic services.
• Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business.
• Law enforcement, regulators and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements, including our Terms of Service; and/or (iii) exercise or protect the rights, property, or personal safety of FREAK.BOT, its users or others.

8. Third-Party Services

Google Services

When you connect your Google account, FREAK.BOT accesses Google Sheets API with the following permissions:

• Read and write access to Google Sheets through Google Drive
• Basic profile information (email, name)

9. Links to Third Party Sites

The Service may, from time to time, contain links to and from third-party websites, including those of our partner networks, advertisers, partner merchants, news publications, and retailers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.

10. Your Rights in Respect of Your Personal Information

In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold as a controller:

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy.

Due to the confidential nature of data processing, we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.

We will seek to respond to any request relating to your rights within one month of receipt of such request.

Where, given the complexity of the claim or the number of requests received, the above deadline cannot be met, we will inform you of the extended deadline in which we will respond to your request. Such extension may not be more than two months from the date on which we notify you that an extension is required.

Where we do not follow up on your request, we will inform you within the one-month deadline of the grounds on which we have based our decision and of your right to refer a complaint to your national data protection authority.

11. Our Policy Towards Children

Our Services are not directed at persons under 18 and we do not knowingly collect personal information from any persons under 18. If you become aware that your child has provided us with personal information, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us.

12. Notice to You

If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the Service. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.

13. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated effective date. We will notify you of any material changes via email or through the application.

14. Contact Us

If you have questions about this privacy policy or your data, please contact us at: