Privacy Policy

The Platform is operated by Lionizer Holding B.V., a Dutch company providing AI-powered sales intelligence software under the Frivend brand. We act as the data controller for data collected directly through our website and as a data processor for data processed on behalf of our business customers ("Tenants").

Our Tenants — the organisations that subscribe to Frivend — are the data controllers for the personal data of their employees (sales representatives) who use the bot. Frivend processes that data solely on their behalf and under their instructions.

We collect the following categories of personal data:

We do not collect sensitive personal data (special category data under GDPR) and we do not knowingly collect data from children under the age of 16.

We use personal data for the following purposes:

• Providing the service — authenticating users, routing messages, retrieving CRM data, and generating AI-powered sales insights.
• AI-powered sales guidance — message content and CRM data are sent to OpenAI's API to generate personalised sales insights. See Section 4 for details on OpenAI's data handling.
• Account management — sending verification emails, password reset links, and service communications.
• Security and integrity — detecting and preventing abuse, fraud, and unauthorised access.
• Service improvement — aggregated and anonymised usage analytics to improve bot quality.

Our legal bases under GDPR are: (a) contract performance — to provide the Platform you or your employer subscribed to; (b) legitimate interests — for security, abuse prevention, and service improvement; and (c) consent — where explicitly obtained.

We do not sell your personal data. We share data only with the following categories of recipients:

• OpenAI, L.L.C. — message content and CRM summaries are transmitted to OpenAI's API to generate AI-powered sales guidance. OpenAI processes data under its API data usage policies and does not use API data to train its models by default. See OpenAI Privacy Policy.
• Microsoft Corporation — if you use the Teams bot, messages transit through the Microsoft Bot Framework. See Microsoft Privacy Statement.
• Meta Platforms, Inc. — if you use the WhatsApp bot, messages transit through Meta's Cloud API. See WhatsApp Privacy Policy.
• Creatio — CRM data is read from the Tenant's Creatio instance using the credentials provided by the Tenant. Frivend acts as a client of the Tenant's own CRM.
• Infrastructure providers — cloud hosting and database services used to run the Platform. All providers are contractually bound to process data only on our instruction.
• Tenant admin — the administrator of your employer's Frivend account can see the list of registered bot users (name, email, registration date) and disconnect users. They cannot read message content.

All third-party processors are required to handle data in compliance with GDPR and applicable data protection law.

We retain personal data only for as long as necessary:

• Bot registration data (name, phone, email link) — retained until the user is disconnected by the admin or requests deletion.
• Message content — not stored persistently. Messages are processed in-flight to generate responses and are not written to a database.
• Account data — retained for the duration of the Tenant's subscription plus 30 days after termination to allow data export.
• Server logs — retained for up to 90 days for security and debugging purposes.

Under GDPR and applicable privacy laws, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your personal data ("right to be forgotten").
• Restriction — ask us to restrict processing of your data in certain circumstances.
• Portability — request your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting past processing.

To exercise any of these rights, contact us at privacy@frivend.com. We will respond within 30 days. If you are an employee of a Tenant, some requests may need to be handled by your employer as the data controller.

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with your national data protection authority.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:

• Encrypted connections (HTTPS/TLS) for all data in transit.
• Hashed and salted password storage — passwords are never stored in plain text.
• Access controls limiting who can access personal data within Frivend.
• Authentication tokens with short expiry periods.

No system is completely secure. If you discover a security vulnerability, please report it responsibly to privacy@frivend.com.

Frivend uses the Meta WhatsApp Business Cloud API to operate a business messaging bot. When you send a message to a Frivend-connected WhatsApp business number:

• Your message is delivered by Meta's infrastructure to Frivend's server via a secure webhook.
• Your phone number and display name are stored to identify your account and route future messages.
• Your message content is sent to OpenAI to generate AI-powered sales guidance, then returned to you via WhatsApp.
• Frivend does not initiate unsolicited messages. The bot only responds to messages you send.

Your use of WhatsApp is also governed by Meta's Privacy Policy and WhatsApp Terms of Service.

To stop using the WhatsApp bot and have your data removed, ask your company administrator or contact us at privacy@frivend.com.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify Tenant administrators by email. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: