Privacy Policy

Welcome to Freename AI (the "Platform"), accessible at freename.ai, which is operated by Freename AG, Samstagernstrasse 41, 8832 Wollerau, Switzerland (hereinafter "freename", "We", "Us", "Our"). We are committed to protecting and respecting your privacy.

By accessing or using the Platform, you acknowledge that you have read this policy, that you understand your rights in relation to the personal data you provide, and that you understand how we will collect, use and process it. If you do not agree with this policy in general or any part of it, you should refrain from using the Platform.

Our offer is subject to the Swiss Federal Act on Data Protection (revFADP) and any applicable foreign data protection law, in particular the General Data Protection Regulation of the European Union (hereinafter "GDPR") where it applies to you.

This Privacy Policy covers the Freename AI Platform only. Freename.com (NFT/Web3 minting) and the domain-registration services of Freename Ltd each have their own separate privacy notices.

Freename AG
Samstagernstrasse 41
8832 Wollerau, Switzerland

privacy@freename.com

Freename AG is the controller for the processing of personal data through the Platform. In some instances, there may be other persons responsible for the processing of personal data; in such a case, we inform you. In particular, where you use the Platform to build a website that collects personal data from its own end users (for example, sign-ups or ecommerce orders on a website you generate), you are the controller of that end-user data and freename acts as a processor on your behalf (see Section 11).

Freename AG has not appointed a Data Protection Officer. For any question about this Privacy Policy or about the personal data we process, please use the address above.

2.1 Terms

• Personal data: all information that relates to an identified or identifiable person.
• Data subject: natural or legal person whose data is processed.
• Processing: any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving or destruction of data.
• European Economic Area (EEA): the European Union (EU) together with the Principality of Liechtenstein, Iceland and Norway.
• User Inputs: the prompts, text, files, images, brand assets and other materials you submit to the Platform.
• Generated Output: the code, copy, images and other assets produced by the Platform from User Inputs.
• Generated Sites: the websites, web applications and online stores deployed to third-party hosting infrastructure through the Platform.

2.2 Extent of personal data processing

In principle, we process personal data of our users only to the extent necessary to provide a functional Platform and present our content. The processing of personal data of our users generally occurs on the basis of the performance of our contract with you, on our overriding legitimate interests, or with your consent. An exception applies to cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2.3 Legal basis

We process personal data in accordance with Swiss data protection law, in particular the revFADP and the Ordinance to the Federal Act on Data Protection (OFATP). We process personal data — if and insofar as GDPR is applicable — in accordance with at least one of the following legal bases:

• Art. 6(1)(b) GDPR, for processing necessary for the performance of a contract with the data subject and for the implementation of pre-contractual measures (for example, creating your account, providing the Platform, processing your payments);
• Art. 6(1)(f) GDPR, for processing necessary to safeguard our legitimate interests or those of third parties, unless overridden by the fundamental freedoms and rights of the data subject. Legitimate interests include our interest in providing the Platform securely and reliably, in protecting it against misuse, in improving it, and in establishing, exercising or defending legal claims;
• Art. 6(1)(c) GDPR, for processing necessary for the fulfilment of a legal obligation to which we are subject (for example, tax and accounting records);
• Art. 6(1)(a) GDPR, for processing with the consent of the data subject (for example, non-essential cookies or marketing communications where required by law);
• Art. 6(1)(d) GDPR, for processing necessary to protect vital interests of the data subject or of another natural person.

2.4 Type, scope and purpose

We process personal data that is necessary to provide our services in a permanent, user-friendly, secure and reliable manner. The categories of personal data we process are set out in Section 2.5 below.

We process personal data for the period of time required for the respective purpose or as required by law. Personal data whose processing is no longer required will be made anonymous or deleted. Specific retention periods are set out in Section 10.

We process personal data only with the consent of the data subject unless the processing is permitted for other legal reasons. In this context, we process information that you voluntarily and personally submit to us when registering an account, when contacting us (by email, support form, or otherwise) or when using the Platform.

If you transmit personal data about third parties to us (including by using the Platform to build a website that collects data from those third parties), you are obliged to guarantee data protection as against such third parties, to obtain any necessary consents, and to ensure the accuracy of such personal data.

We also process personal data that we receive from third parties, obtain from publicly accessible sources, or collect when providing our services, if and to the extent that such processing is permitted by law.

2.5 Categories of personal data we process

• Account data — email address, hashed password (held by our authentication provider; we do not have access to your plaintext password), name where you provide it, account creation date, and any profile information you choose to add.
• Authentication and session data — session tokens, login timestamps, IP addresses at login, and basic device information needed to manage your logged-in session and to detect anomalous access.
• Billing data — name, billing address, VAT number where applicable, invoice history, plan and credit-package selections, and subscription status. Actual card and bank details are processed by our payment processors and are not accessible to freename.
• Content you submit — your User Inputs and the resulting Generated Output. We transmit User Inputs to our AI model providers to produce Generated Output. We do not use User Inputs or Generated Output to train our own machine-learning models, and we contractually require our AI model providers not to use this data to train theirs.
• Usage data — information about how you use the Platform, including pages and features accessed, timestamps, projects created, builds launched, deployments, credit consumption, errors encountered, and similar telemetry.
• Technical data — IP address, browser type and version, operating system, device identifiers, referrer URL, language preference, and similar technical data, primarily for security and for the proper display of the Platform.
• Cookies and similar technologies — as described in Section 5.
• Communications — the content of your communications with us, your contact details, and metadata about the exchange.
• Integration data — where you connect a third-party account (for example, a Stripe Connect merchant account, a Shopify store, or an X/Twitter account), the identifiers and access tokens needed to operate the integration and metadata returned by those integrations as needed to display their state in the Platform.
• End-user data processed on your behalf — where you use the Platform to build a website that collects data from its end users (sign-ups, orders, contact-form submissions), that end-user data is processed by us on your behalf as a processor. See Section 11.
• No special categories of data — the Platform is not designed to process special categories of personal data within the meaning of Article 9 GDPR (such as data about health, religion, political opinions, biometrics, or sexual orientation). You should not submit such data to the Platform.

We may have personal data processed by commissioned third parties, or process it together with third parties or with the help of third parties, or transfer it to third parties. Such third parties are in particular providers whose services we make use of. We guarantee appropriate data protection for such third parties by entering into data-processing agreements and, where required, by incorporating standard contractual clauses into those agreements.

Such third parties may be located in Switzerland, in the European Economic Area (EEA), or in other states — including the United States — provided that their data protection law guarantees adequate data protection in the opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) and — if and insofar as GDPR is applicable — in the opinion of the European Commission, or if adequate data protection is guaranteed for other reasons, such as by a corresponding contractual agreement (in particular based on the European Commission's Standard Contractual Clauses and, where applicable, the Swiss Addendum and the UK International Data Transfer Agreement), or by appropriate certification. Exceptionally, such a third party may be located in a country without an adequacy decision, provided that the conditions under data protection law are met, such as the express consent of the data subject.

The specific third parties we use are listed in Section 9.

Data subjects whose personal data we process have the rights granted by Swiss data protection law, including:

• the right to information;
• the right to rectify, delete or block processed personal data;
• the right to object to processing.

Data subjects whose personal data we process may — if and to the extent that GDPR is applicable — also exercise the following rights:

• Right of access (Art. 15 GDPR) — obtain confirmation whether we are processing their personal data and, if so, information about the processing.
• Right to rectification (Art. 16 GDPR) — obtain the correction of inaccurate data and the completion of incomplete data.
• Right to erasure (Art. 17 GDPR) — obtain the deletion of their personal data where one of the grounds listed in Article 17 applies.
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR) — receive their personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to object (Art. 21 GDPR) — in particular to object to processing based on legitimate interests and to processing for direct marketing.
• Right to withdraw consent (Art. 7(3) GDPR) — where processing is based on consent, withdraw that consent at any time with effect for the future.

To exercise these rights, please contact us at privacy@freename.com. We may need to verify your identity before responding.

Data subjects whose personal data we process also have a right of appeal to a competent supervisory authority:

• The supervisory authority for data protection in Switzerland is the Swiss Federal Data Protection and Information Commissioner (FDPIC), https://www.edoeb.admin.ch.
• If GDPR applies to you, you may also lodge a complaint with the supervisory authority in your EU Member State of habitual residence, place of work, or place of the alleged infringement.

We take appropriate and suitable technical and organisational measures to ensure data protection and, in particular, data security. These include transport encryption (SSL/TLS, in particular HTTPS, marked in most browsers by a padlock in the address bar), restricted access to personal data on a need-to-know basis, authentication through a specialised identity provider, monitoring for anomalous access, and regular review of our security measures. Despite such measures, the processing of personal data on the internet can always have security gaps, and we therefore cannot guarantee absolute data security.

Access to our online offer is subject — as all internet traffic — to mass surveillance without cause or suspicion and to other monitoring by security authorities in Switzerland, in the European Union (EU), in the United States of America (USA) and in other countries. We cannot directly influence the corresponding processing of personal data by secret services, police forces and other security authorities.

5.1 Cookies

We use cookies and similar technologies on the Platform. Cookies — both our own cookies (first-party cookies) and cookies from third parties whose services we use (third-party cookies) — are data that is stored in your browser. Cookies cannot execute programs or transmit malware such as Trojans and viruses.

When you visit the Platform, cookies can be stored temporarily in your browser as "session cookies" (automatically deleted when you close your browser) or for a defined period of time as "persistent cookies". Persistent cookies make it possible to recognise your browser the next time you visit the Platform.

We categorise the cookies we use as follows:

• Strictly necessary cookies — cookies that are essential for the operation of the Platform, including authentication, session management, security, and basic usability. These cookies do not require your consent because they are strictly necessary to provide a service that you have requested. You cannot disable them without affecting the Platform's functionality.
• Preference cookies — cookies that remember choices you have made (such as language or UI preferences) to provide a more personalised experience. Where required by law, we set these cookies only with your consent.
• Analytics cookies — cookies that help us understand how visitors interact with the Platform, so we can measure and improve its performance. We set these cookies only with your consent.
• Marketing cookies — cookies used to deliver relevant advertising and to measure the effectiveness of marketing campaigns. We set these cookies only with your consent.

The specific cookies used on freename.ai, their providers, their purposes, and their typical lifetimes are published and kept up to date on the "Cookie settings" panel accessible from the footer of the Platform. The list may be updated from time to time.

You can deactivate or delete cookies in your browser settings at any time, either in whole or in part. Without cookies, the Platform may not be fully available. You can also manage your consent to non-essential cookies at any time through the "Cookie settings" link in the footer.

For cookies that are used to measure success and reach or for advertising, a general opt-out is possible for many services via the YourAdChoices (Digital Advertising Alliance), the Network Advertising Initiative (NAI), or Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).

5.2 Server log files

We collect the following information for each access to the Platform, provided that this information is transmitted by your browser to our server infrastructure or can be determined by our web server: date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, browser including language and version, individual sub-pages of the Platform called up including transferred data volume, and the last website called up in the same browser window.

We store this information, which may also represent personal data, in server log files. It is required to provide our online services in a permanent, user-friendly and reliable manner, and to ensure data security and, in particular, the protection of personal data — including by third parties or with the help of third parties — on the legal basis of our legitimate interests (Art. 6(1)(f) GDPR).

6.1 Measurement of success and reach

We send notifications and communications, such as transactional emails and (where you have subscribed) marketing newsletters, by email and through other communication channels. Notifications and messages can contain web links or tracking pixels that record whether an individual message was opened and which web links were clicked. Such tracking may also record usage on a personalised basis. We need this statistical recording of usage to measure success and reach in order to provide notifications and messages in an effective, user-friendly, permanent, secure and reliable manner based on the needs and reading habits of recipients.

6.2 Consent and objection

You expressly consent to the use of your email address and other contact addresses when you submit this information to us for the purposes for which you submitted it. Use of your email address and other contact addresses may also be permitted for other legal reasons, in particular where we send you transactional communications that are necessary to provide the Platform (account notifications, security alerts, billing, terms updates).

You can unsubscribe from marketing notifications and newsletters at any time by using the unsubscribe link in the relevant message or by contacting privacy@freename.com.

Unsubscribing from marketing messages does not affect our ability to send you transactional messages that are necessary for the Platform.

6.3 Service providers for notifications and messages

We may send notifications and communications with the help of service providers. Cookies and similar technologies may be used in this process. We guarantee appropriate data protection for such services by contractual means.

We are present on social media platforms and other online platforms to communicate with interested people and to inform them about our offer. Personal data processed through those platforms may also be processed outside Switzerland and the European Economic Area (EEA). The general terms and conditions, terms of use, data protection declarations and other provisions of the individual operators of such platforms apply in addition to this Privacy Policy. These provisions inform you in particular about the rights of affected persons, including the right to information.

Where the Platform allows you to connect your own social-media account (for example, an X/Twitter account for marketing features), the processing of data by that social-media platform is governed by the social-media platform's own privacy policy. Freename's role is limited to exchanging the data needed to operate the connection.

We may use third-party analytics providers to analyse how the Platform is used, to measure its performance, and to evaluate the effectiveness of links from third parties to the Platform. The specific analytics providers currently in use on freename.ai, together with their purpose and opt-out options, are published in the "Cookie settings" panel accessible from the footer.

Where an analytics cookie is not strictly necessary for the operation of the Platform, we set it only with your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time through the "Cookie settings" link in the footer of the Platform.

Where an analytics provider transfers data outside Switzerland or the EEA (in particular to the United States), we rely on the safeguards set out in Section 2 bis.

We use the following third-party services to provide the Platform in a stable, user-friendly, secure and reliable manner. For full details of how each provider processes personal data, please refer to their own privacy policies.

9.1 Authentication

• Okta, Inc. (Auth0) — authentication provider. Handles user sign-up, sign-in, session management, and issuance of authentication tokens for the Platform. Data shared typically includes email address, hashed credentials, and basic session metadata. Processor, acting on our behalf. Data may be processed in the USA and in Ireland; appropriate safeguards apply.

9.2 AI model providers

We transmit your User Inputs and relevant context to one of the following providers to generate Generated Output. These providers are contractually bound not to use your User Inputs or your Generated Output to train their models.

• OpenAI, L.L.C. (USA) — processor. Generates website code, text content, and assists with editing, code repair and prompt planning.
• Anthropic, PBC. (USA) — processor. Alternative model provider used for website code generation, editing and code repair.
• xAI Corp. (USA) — processor. Generates images, videos and ad-copy content for marketing materials and website assets.

9.3 Hosting and deployment

• Vercel Inc. (USA) — processor. Hosts the Platform's frontend and the Generated Sites you publicly deploy. Also provides the deployment pipeline and custom-domain attachment for your published sites.

9.4 Payment processing

All payments on the Platform are processed by specialised payment providers. Freename does not receive or store your card or bank-account details; we only receive transaction metadata such as confirmation of payment, last four digits of the card, and the country of issue. Where you enable an ecommerce integration for a Generated Site using Stripe Connect, Stripe processes payments directly between your end customers and a Stripe account that belongs to you; Freename is not in the payment flow (see Section 11).

9.5 Ecommerce and social integrations (optional)

• Shopify International Limited (Ireland) — independent controller. Used only if you choose to connect a Shopify store to a Freename AI project. We receive an OAuth token scoped to the permissions you grant and use it to install themes and retrieve store data needed for the integration.
• X Corp. ("Twitter") (USA) — independent controller. Used only if you choose to connect an X account for marketing or handle-suggestion features. We receive an OAuth token scoped to the permissions you grant.

9.6 SEO and visibility analytics

• Ahrefs Pte. Ltd. (Singapore) — processor. Provides domain-authority, traffic and keyword metrics for the Visibility section of the Platform. When you request a visibility analysis, the relevant domain name is transmitted to Ahrefs.

9.7 Stock imagery in Generated Sites

• Pexels GmbH (Germany) — independent controller. When the builder inserts stock photography into a Generated Site, those images are sourced via Pexels under the Pexels licence.

9.8 Database and authentication for Generated Sites (optional)

Where you enable database or authentication features for a Generated Site, end-user data collected through that site is handled as described in Section 11.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

• Account data — for the duration of your account; after closure, limited data may be retained for up to 10 years where necessary for legal claims, audit, or compliance, with other data deleted or anonymised earlier.
• Billing and invoicing data — retained for at least 10 years from the end of the relevant financial year to comply with Swiss accounting and tax requirements.
• User Inputs and Generated Output — retained for the duration of your account; subject to reasonable backup-retention and typically up to 12 months.
• Usage and technical data, server log files — retained for the duration of your account, and a limited period up to 12 months.
• Communications with support — retained for the duration of your account and thereafter for a limited period (typically 2–5 years) to manage requests and legal claims.
• Consent records (cookies, marketing) — retained for the duration of the consent and for up to 5 years thereafter to demonstrate that consent was validly obtained.
• End-user data processed on behalf of a customer — processed in accordance with customer instructions; in the absence of instructions, deleted or returned upon termination of the account, subject to applicable legal retention obligations.

Where you use the Platform to build a website that itself collects personal data from its end users (for example, sign-up forms, contact forms, ecommerce orders), you are the controller of that end-user personal data and freename acts as a processor on your behalf. In particular:

• You determine what data your Generated Site collects, why, and for how long. You are responsible for providing a privacy policy on your Generated Site, for handling end-user rights requests, and for the lawful operation of your Generated Site generally.
• Freename processes end-user data strictly on your instructions, solely to provide the Platform and the features you have enabled (such as database hosting or authentication for your Generated Site).
• Where a third party in your Generated Site's stack acts as an independent controller (most commonly Stripe for payment processing through Stripe Connect), the contractual relationship for that service is directly between you and the third party.

Freename's processor commitments in respect of end-user data on your Generated Site are set out in the Data Processing Agreement incorporated into our Terms and Conditions, which applies automatically when you enable features that cause freename to process end-user data on your behalf.

Where personal data is transferred outside Switzerland or the European Economic Area, freename relies on appropriate safeguards — including the European Commission's Standard Contractual Clauses and, where applicable, the Swiss Addendum and the UK International Data Transfer Agreement — and, where required, on other lawful transfer mechanisms such as adequacy decisions or the express consent of the data subject.

You can request further information about the safeguards in place for a specific transfer by contacting privacy@freename.com.

We do not make decisions that produce legal effects or similarly significantly affect you based solely on automated processing, within the meaning of Art. 22 GDPR.

The Platform is AI-assisted by its nature, and content is generated automatically based on your prompts. Such generation is not an "automated decision" about you — it is a service feature you actively invoke. You remain in control of whether and how to use the Generated Output.

The Platform is not intended for, and may not be used by, persons under the age of 18 (or the age of digital majority in their jurisdiction, whichever is higher). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will delete it without undue delay.

We may amend and supplement this Privacy Policy at any time. We will provide information about such adaptations and additions in a suitable form, in particular by publishing the current version on the Platform together with the "Last updated" date. Material changes will be notified to you by email to the address registered on your account or by prominent notice on the Platform.

For any question about this Privacy Policy or about the personal data we process:

Freename AG
Samstagernstrasse 41
8832 Wollerau, Switzerland

Email: privacy@freename.com