Privacy Policy

Frenzee is a product of Signal Collective, registered in Hong Kong. We provide a business operations intelligence platform that operates through WhatsApp.

For the purposes of applicable data protection laws, Signal Collective is the data processor. The business owner who uses Frenzee is the data controller for their business data, staff data, and customer data.

A Data Processing Agreement (DPA) is available upon request for business owners who require one for regulatory compliance.

Contact: hello@frenzee.co

Frenzee provides an AI-powered operations assistant that operates within WhatsApp. Our services include:

• Onboarding bot (via WhatsApp Business Platform): Guides new owners through account setup. Operates on the official Meta WhatsApp Business Cloud API.
• Operations assistant (linked device): Connects to your WhatsApp account as a companion device (similar to WhatsApp Web). You select which conversations — group chats and/or 1:1 conversations — Frenzee can access. Frenzee captures messages, transcribes voice notes, detects tasks, and generates daily briefings from those selected conversations only.
• Agentic tools: ~155 tools across invoicing, expenses, scheduling, CRM, team performance, and more. Executed through WhatsApp conversation with the assistant.
• Dashboard: A web interface where the business owner can view captured data, briefings, team insights, and manage their account.

3.1 Business owner data

When you sign up, we collect:

• Name, business type
• Phone number (WhatsApp number used during onboarding)
• Preferred briefing time
• Team or solo designation

3.2 Linked device conversation data

When you link Frenzee to your WhatsApp account, it can access conversations you explicitly select. From those conversations, it captures:

• Text messages (sender name, content, timestamp)
• Voice notes (audio is transcribed to text, then the audio is deleted — see Section 7)
• Photos, documents, and screenshots sent within selected conversations
• Sender identifiers (phone numbers or WhatsApp user IDs)
• Reactions, polls, stickers, and forwarded messages

Scope of capture — critical detail:

• We only capture data from conversations you explicitly select during setup. You see a numbered list of your conversations and choose which are business-relevant.
• Personal conversations that you do not select are never accessed, read, or stored.
• You can add or remove conversations from capture at any time.
• Unlinking Frenzee from your WhatsApp (Settings → Linked Devices) immediately stops all capture.

3.3 Employee and staff data

When staff members send messages in conversations that you have selected for capture, we process their:

• Name (as displayed on WhatsApp)
• Phone number
• Messages and voice note transcriptions
• Activity patterns (message frequency, response times, task completion)

Staff rights: Staff members may contact you (the business owner) or us (hello@frenzee.co) to request access to, correction of, or deletion of their personal data. We respond to all requests within 30 days.

3.4 Payment data

Subscription payments are processed by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers, bank account details, or other payment credentials. Stripe's privacy policy governs payment data processing.

3.5 Cookies and web tracking

Our web dashboard uses the following:

• Authentication cookie ("frenzee_session"): HMAC-signed session cookie, httpOnly, 30-day expiry. Required for dashboard login. Cannot be disabled.
• Google Analytics: Anonymized page view data and session duration. Sets "_ga" and "_gid" cookies. You can opt out via Google's browser plugin or by disabling cookies.

We do not use advertising cookies or retargeting pixels.

• Provide the service: Capturing messages, generating daily briefings, tracking tasks, transcribing voice notes, executing agentic tools (invoicing, scheduling, CRM, etc.), displaying dashboard insights.
• AI processing: Messages and voice notes are sent to third-party AI inference services for categorization, summarization, transcription, and tool execution. See Section 6 for details on each provider.
• Account management: Authentication, billing, subscription management, and support.
• Product improvement: Anonymized, aggregated usage patterns to improve features. We do not use individual message content for product improvement.

We do not use your data for advertising. We do not sell your data to third parties. We do not use your data to train AI models.

We process personal data on the following legal bases:

• Contract performance: Processing necessary to provide the service you signed up for.
• Legitimate interest: Processing for product improvement and security, where such interest is not overridden by data subject rights.
• Consent: The business owner consents to data processing by signing up and linking their WhatsApp account. The business owner is responsible for ensuring appropriate consent or legal basis for processing employee data in their jurisdiction.

We share data with the following processors to provide our service:

AI provider data handling

Groq: Per Groq's API Terms of Service, inference data is processed in real-time. Groq may temporarily retain inputs and outputs for up to 30 days for troubleshooting and abuse monitoring, unless Zero Data Retention (ZDR) is enabled by the customer. Groq does not use customer data to train models.

OpenRouter: Acts as an inference routing layer. Data handling is governed by both OpenRouter's terms and the underlying model provider's terms.

Moonshot AI (Kimi): Used for complex agentic tool execution. Data may be processed in China. Business owners in jurisdictions with restrictions on cross-border data transfers to China should be aware of this processor.

Important: We are working toward self-hosted AI model infrastructure to eliminate third-party AI provider dependencies. This policy will be updated when that transition is complete.

• Active paid accounts: Data retained for the duration of the subscription.
• Free-tier accounts: Captured messages retained indefinitely. Message search limited to 7 days.
• Inactive free-tier accounts: Accounts with no activity for 12 months are classified as dormant. We will notify you before deleting dormant account data.
• Cancelled paid accounts: Data retained for 30 days, then permanently deleted.
• Deleted accounts: All data permanently deleted within 30 days of deletion request.
• Voice note audio: Original audio is deleted immediately after transcription is complete. Only the text transcription is retained. Audio is not stored beyond the processing window (typically under 60 seconds).

To request data deletion, contact hello@frenzee.co, message us on WhatsApp at +1 646 842 5368, or use the "Delete account" option in your dashboard settings.

You can request deletion of all your personal data at any time using any of these methods:

• WhatsApp: Message us at +1 646 842 5368 and say "delete my account."
• Email: Send a request to hello@frenzee.co.
• Dashboard: Go to Settings and select "Delete account."

When you request deletion, we will permanently remove all data associated with your account within 30 days, including: your owner profile, all captured messages, task history, employee data, voice note transcriptions, generated documents, and any other data stored on our systems. Data already processed by third-party services (see Section 6) is subject to those providers' retention policies.

You will receive a confirmation via WhatsApp once deletion is complete.

Depending on your jurisdiction, you have the following rights:

• Access: Request a copy of all personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data.
• Portability: Request your data in a machine-readable format (JSON or CSV).
• Objection: Object to certain types of processing.
• Withdrawal of consent: Unlink Frenzee from your WhatsApp at any time to stop all capture. Delete your account to remove all stored data.
• Complaint: Lodge a complaint with your local data protection authority (see Section 10).

To exercise any right, contact hello@frenzee.co or message us on WhatsApp. We respond to all requests within 30 days.

Hong Kong — Personal Data (Privacy) Ordinance (PDPO)

We comply with the six Data Protection Principles. This privacy policy serves as our Personal Information Collection Statement (PICS) under DPP1.

Employee monitoring: Under the PCPD's Monitoring and Personal Data Privacy at Work guidelines, employers who monitor employee communications must: (a) have a clear, legitimate purpose; (b) inform employees that monitoring occurs; (c) limit the scope to what is necessary; and (d) ensure proportionality. Business owners using Frenzee to capture staff conversations are responsible for complying with these guidelines.

Complaints may be directed to the Office of the Privacy Commissioner for Personal Data (PCPD), Hong Kong.

Singapore — Personal Data Protection Act (PDPA)

We comply with the PDPA. Business owners must ensure they have appropriate consent or a recognized exception under the PDPA for processing employee data. The "reasonable for managing the employment relationship" exception may apply in some cases, but we recommend obtaining explicit consent given the scope of data captured.

Penalties for PDPA violations can reach up to 10% of annual turnover in Singapore or S$1 million, whichever is higher.

Australia — Privacy Act 1988

We comply with the Australian Privacy Principles (APPs). Data is transferred to the US and Asia-Pacific for processing. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC).

Malaysia — Personal Data Protection Act 2010 (PDPA)

We comply with the Malaysian PDPA. Data is processed for the purpose of providing business management services as authorized by the business owner.

Philippines — Data Privacy Act of 2012 (DPA)

We comply with the DPA and its implementing rules. Business owners are personal information controllers.

Your data may be transferred to and processed in the following jurisdictions:

• Hong Kong / Asia-Pacific: VPS hosting (Tencent Cloud)
• United States: AI inference (Groq, OpenRouter), payment processing (Stripe), web hosting (Vercel), document storage (Google Drive), analytics (Google)
• China: AI inference for agentic tool execution (Moonshot AI / Kimi)
• Global (edge locations): Web application delivery (Vercel CDN)

China data transfer notice: Some AI processing is performed by Moonshot AI, which may process data in mainland China. Business owners subject to data localization requirements or cross-border transfer restrictions should evaluate whether this is compatible with their regulatory obligations.

We ensure all cross-border transfers are protected by the receiving party's security measures and contractual data protection commitments.

• Data encrypted in transit (TLS 1.2+) and at rest
• Operations assistant runs on private infrastructure managed by our team
• Database access restricted by row-level security policies
• Authentication via HMAC-signed session cookies (httpOnly, secure)
• No plaintext storage of credentials or tokens
• Voice note audio deleted immediately after transcription

Frenzee is a business-to-business service not intended for use by individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, contact us immediately at hello@frenzee.co.

What the mobile app collects

The Frenzee Chief of Staff mobile app captures audio recordings on your device, uploads them over an encrypted connection to our processing pipeline, and stores the resulting transcript and AI-generated summary against your account. The app also collects:

• Phone number (when you sign in via WhatsApp OTP)
• Apple ID name + email (only if you Sign in with Apple — Apple gates this to first sign-in only)
• Personal notes you attach to a meeting
• Project names, types, and project membership you create
• Subscription state (from Apple via RevenueCat — required to unlock Pro features)
• Coarse crash + performance signals (Sentry — no personal content)

We do not collect precise location, browsing history, search history outside the app, health/fitness data, or anything used for ad-tracking. There are no third-party tracking SDKs in the app.

Sign in with Apple

If you sign in with Apple, Apple sends us an identity token plus the name and email you choose to share. We never receive your Apple password. The email may be a private relay address (anonymous-id@privaterelay.appleid.com) — we honor that and never attempt to deanonymize it.

Subscriptions and in-app purchases

Pro and Student tiers are sold through Apple In-App Purchase, processed by Apple, and delivered to us via RevenueCat. We receive: product identifier, transaction id, original transaction id, purchase date, expiration date, and store (App Store / Play Store). We do NOT receive your full Apple Pay or credit card details.

Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current billing period. Manage or cancel any time in iOS Settings → Apple ID → Subscriptions, or via the Manage Subscription link inside the app.

Student verification

To unlock the Student tier ($3.99/month), we ask for your school email address. We check it against an academic-domain allowlist (.edu, .ac.uk, .edu.hk, .edu.au, plus a curated list of international universities), then send a one-time verification link valid for 30 minutes. Tapping the link grants the Student tier for 12 months, after which we ask you to re-verify. The verification email and your domain are stored alongside your account; we delete them on account deletion.

Google Drive integration (optional)

If you connect Google Drive, we request the drive.file scope, which only allows Frenzee to access files Frenzee creates inside Drive. We cannot read your other Drive files. We use this scope to write a Markdown file per meeting into a folder you pick (or a default "Frenzee" folder we create at the root of your Drive). OAuth tokens are stored encrypted at rest in our database via Supabase Vault. You can disconnect Drive at any time inside the app — we revoke the tokens immediately. Drive folder contents are never deleted by Frenzee, even on account deletion: those files are yours.

Account deletion (Apple App Store Guideline 5.1.1(v))

You can delete your Frenzee account from inside the app: Account → Privacy & Data → Delete account. The flow takes three taps and requires you to type "delete" to confirm. Deletion is permanent after a 7-day grace window, which exists so support can recover an account you deleted by mistake. After 7 days we permanently remove: your owner record, every meeting recording + transcript + summary, personal notes, projects, your contacts, and any flashcard ratings. WhatsApp messages stay in your WhatsApp (we don't own them) and Drive folder contents stay in your Drive (you own them).

Notifications

The mobile app can send push notifications for: summary-ready (post-recording), follow-up due (Pro), weekly review (Pro), and important platform messages. You can toggle each type independently in Account → Notifications, or mute everything at the iOS / Android system level. iOS settings always win — even if a toggle is on inside the app, the OS-level mute keeps things quiet.

Mobile microphone access

We ask for microphone permission only when you tap Record. We never start recording without your explicit tap, and we never record outside an active session. You can revoke microphone permission at any time in iOS / Android Settings.

We may update this policy as our product evolves or legal requirements change. We will notify active users of material changes via WhatsApp message at least 14 days before changes take effect. The "last updated" date at the top reflects the most recent revision.

• Email: hello@frenzee.co
• WhatsApp: +1 646 842 5368
• Company: Signal Collective, Hong Kong