hello, Frank AI — Privacy Policy

Effective date: October 2025

1. Introduction

Hello, Frank AI Inc. ("Frank," "we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website, platform, and related services (the "Services").

We operate under British Columbia's Personal Information Protection Act (PIPA) and, where applicable, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) for cross-border data transfers.

2. Information We Collect

We only collect information that's necessary to provide and improve our Services, including:

Account details – name, email, company, and preferences.

Connected data – financial and accounting data you choose to sync through secure integrations (e.g., QuickBooks, Xero, Gusto) or open banking providers like Plaid or Flinks.

Usage information – logs, activity data, and interactions within the platform.

Support and communications – messages, tickets, and feedback you send us.

We don't collect unnecessary personal data, and we never sell your information to anyone.

3. How We Use Your Information

We use your information to:

• Deliver and maintain the Services.
• Provide insights, automation, and insights.
• Enable secure integrations with third-party accounting or banking systems.
• Communicate with you about updates, product improvements, or support.
• Improve our platform using aggregated or anonymized data.

When our system calls large language models (LLMs) like OpenAI (ChatGPT), Anthropic, or Google Gemini, we:

• Minimize and redact personal identifiers before any data is sent.
• Only transmit information necessary to fulfill your request.
• Use encrypted, authenticated API connections.

4. Sharing and Disclosure

We may share limited data only in the following cases:

• Service providers who help us operate our Services (hosting, analytics, LLM APIs).
• Financial data partners you connect to (e.g., Plaid, QuickBooks).
• Regulatory or legal obligations when required by law.

All third parties must comply with strict confidentiality and security requirements.

We never sell, trade, or rent your data to anyone.

5. Data Security

We apply industry-standard security measures:

• Encryption in transit and at rest.
• OAuth 2.0 authentication for integrations.
• Role-based access control and audit logging.
• Regular internal reviews and monitoring.

6. Data Retention

We retain personal information only as long as necessary for the purposes described above, or as required by law. You can request deletion of your data at any time by contacting privacy@hellofrank.ai.

7. Your Rights

Under BC's PIPA, you have the right to:

• Access your personal information.
• Correct or update inaccurate information.
• Withdraw consent for specific uses.
• Request deletion or data portability.

Contact us at privacy@hellofrank.ai to exercise these rights.

8. International Data Transfers

Although we are based in Canada, some data may be processed in the United States or other jurisdictions where our cloud or API providers operate. When this occurs, we ensure your information remains protected through appropriate safeguards and contracts.

9. Updates to This Policy

We may update this Privacy Policy from time to time. The "Effective date" at the top will reflect the latest version.

10. Contact Us

For questions, privacy requests, or complaints, please contact: