Privacy policy

Last updated: April 26, 2026

1. Introduction

Frrix (“we”, “our”, “us”) operates frrix.com and the Frrix platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

By using Frrix, you agree to the collection and use of information in accordance with this policy.

2. Information we collect

We collect the following categories of information:

  • Email address: when you join our waitlist or create an account.
  • OAuth tokens: when you connect third-party services (such as Google Search Console, Buffer, or other integrations), we store the OAuth access and refresh tokens required to operate those integrations on your behalf. These tokens are stored server-side and never exposed to the browser.
  • Content data: articles, briefs, notes, and other content you create within the platform. This data is stored to provide the service.
  • Usage data: basic usage information such as job history, word counts, and distribution records, used to operate and improve the platform.

3. How we use your information

  • To provide, operate, and maintain the Frrix platform.
  • To authenticate and interact with connected third-party services on your behalf.
  • To send transactional communications (e.g. waitlist confirmations, account notifications).
  • To improve and develop the platform.

We do not sell your personal data to any third party.

4. Third-party services

We use the following third-party services to operate the platform:

  • Supabase: database and storage infrastructure. Data is stored in Supabase-managed servers. See Supabase's privacy policy at supabase.com.
  • AI model providers: when you create a content job, the job title, brief, and notes are sent to an AI language model to generate a draft. No personally identifiable information is included in these requests beyond what you explicitly provide in the brief. We select AI providers based on quality and privacy standards.
  • Google (Search Console, Analytics): when you connect these integrations, we access your Google data using OAuth credentials you authorize. We access only the scopes you approve and do not store raw analytics data beyond what is needed to display insights in the platform.
  • Buffer and other distribution platforms: when you connect distribution integrations, we store OAuth tokens to publish content on your behalf when you trigger a distribution action.

4a. AI data processing

When you create content jobs on this platform, the inputs you provide — including job titles, notes, briefs, and client instructions — are transmitted to third-party LLM providers to generate the requested outputs. This processing is necessary to deliver the core service.

By default, the LLM providers we use do not train their models on inputs submitted via API. However, you should avoid including sensitive personal data (as defined by applicable privacy laws, including GDPR special category data) in job inputs unless it is strictly necessary for the content you are creating.

You are the data controller for any personal data relating to your end users that you include in job inputs. We process that data as a data processor on your behalf.

We do not sell or otherwise share AI-generated outputs or your input content with third parties beyond what is necessary to operate the service.

5. Data retention

  • Waitlist emails are retained until you request deletion.
  • Account data and content is retained while your account is active.
  • Upon account deletion, your data is removed within 30 days, except where retention is required by law.
  • OAuth tokens are deleted immediately when you disconnect an integration.

6. Security

We implement industry-standard security measures including encrypted data storage, row-level security in our database, and HTTPS for all data in transit. OAuth tokens are stored server-side only and are never sent to the browser.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your personal data.
  • Portability: request your data in a portable format.
  • Objection: object to processing of your data in certain circumstances.

To exercise any of these rights, contact us at privacy@frrix.com.

8. Cookies

Frrix uses a single authentication cookie (“frrix-auth”) to maintain your session. This cookie is essential to the operation of the platform. It is httpOnly, secure, and set with a strict same-site policy. We do not use tracking or advertising cookies.

9. Children's privacy

Frrix is not intended for use by persons under the age of 16. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top of this page and, where appropriate, by email. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your rights, contact us at privacy@frrix.com or via our contact page.