Privacy Policy

1. Information We Collect

1.1 Google Account Information

When you authenticate with Frevo using Google Sign-In, we collect:

Email address (primary identifier for your account)
Full name (for personalization and communication)
Profile picture (for account display purposes)
Google user ID (for secure authentication)
Account creation and last login timestamps

1.2 Freelancer Platform Data

When you use our AI proposal generation features, we collect:

Job descriptions and requirements (only when you use AI bid generation)
Your freelancer profile information and details
Project owner contact information for dashboard display
Generated proposal content and customizations
Job filtering preferences and search criteria

1.3 Usage and Analytics Data

We automatically collect service usage information:

API usage patterns and frequency
Feature utilization statistics
Daily usage counts for proposals and profile views
Performance metrics and error logs
Session duration and activity patterns

1.4 Technical and Security Data

For security and service optimization, we collect:

IP addresses and approximate location data
Browser type, version, and user agent information
Device information and operating system details
Chrome extension usage and interaction patterns
Security-related activity and authentication logs

1.5 Subscription and Payment Data

For subscription management, we store:

Subscription plan type and status
Billing cycle and payment history
Payment processor information (handled by third-party providers)
Subscription start and end dates
Usage limits and quota tracking

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Core Service Delivery

Authenticate users securely through Google OAuth
Generate personalized AI-powered proposals using OpenAI GPT-3.5-turbo
Provide advanced project filtering and search capabilities
Display user dashboards with relevant project owner information
Manage subscription tiers and enforce usage limits

2.2 Service Improvement and Analytics

Analyze usage patterns to enhance features and user experience
Monitor system performance and optimize API response times
Track daily usage for quota management and analytics
Generate insights for product development and feature prioritization
Identify and resolve technical issues and bugs

2.3 Account and Subscription Management

Process payments and manage subscription billing cycles
Enforce usage limits based on subscription plans
Send important service notifications and updates
Provide customer support and respond to user inquiries
Manage account settings and user preferences

2.4 Security and Fraud Prevention

Monitor for suspicious activity and unauthorized access attempts
Implement rate limiting to prevent service abuse
Maintain activity logs for security auditing
Protect against fraudulent subscription usage
Ensure compliance with platform terms of service

3. Information Sharing and Disclosure

3.1 Third-Party Service Providers

We share limited information with trusted third-party providers:

Google: Authentication data for Google OAuth sign-in and account verification
OpenAI: Job descriptions and context for AI proposal generation (no personal data)
Payment Processors (Paddle/Stripe): Billing information for subscription management
Database Providers: Encrypted user data for secure storage and backup
Analytics Platforms: Anonymized usage statistics for service improvement

3.2 Data Processing Safeguards

All third-party sharing follows strict guidelines:

Minimal data sharing - only what's necessary for specific functions
Contractual data protection agreements with all service providers
Regular security audits and compliance monitoring
No sale or monetization of personal user data
Immediate data deletion when services are no longer needed

3.3 Legal Requirements

We may disclose your information if required by law or to:

Comply with legal obligations
Protect our rights and property
Prevent fraud or security issues
Protect user safety

4. Data Security and Protection

We implement enterprise-grade security measures to protect your information:

4.1 Technical Safeguards

TLS/SSL encryption for all data transmission between clients and servers
Encrypted database storage with AES-256 encryption for sensitive data
Secure JWT token-based authentication with configurable expiration
Rate limiting and DDoS protection to prevent service abuse
Regular security updates and vulnerability patching

4.2 Access Controls and Monitoring

Role-based access control with principle of least privilege
Multi-factor authentication for administrative access
Comprehensive activity logging and security monitoring
Regular security audits and penetration testing
IP address tracking and suspicious activity detection

4.3 Infrastructure Security

Secure cloud hosting with enterprise-grade infrastructure
Regular automated backups with encryption at rest
Network segmentation and firewall protection
Incident response procedures and security breach protocols
Compliance with industry security standards and best practices

5. Data Retention and Deletion

5.1 Retention Periods

We retain different types of data for varying periods:

Account Information: Retained while your account is active and for 90 days after deletion
Proposal History: Stored for the duration of your subscription plus 1 year for support purposes
Usage Analytics: Aggregated data retained for 2 years for service improvement
Security Logs: Maintained for 1 year for security monitoring and incident response
Billing Records: Kept for 7 years as required by financial regulations

5.2 Data Deletion Rights

You have full control over your data:

Request immediate account deletion through your dashboard settings
Export your data before deletion for personal backup
Selective deletion of specific proposals or activity data
Complete data purge within 30 days of deletion request
Confirmation of deletion provided upon completion

6. Your Privacy Rights and Controls

We respect your privacy rights and provide comprehensive controls:

6.1 Data Access and Portability

View all personal information stored in your account dashboard
Download your complete data history in machine-readable format
Access detailed usage analytics and activity logs
Review subscription history and payment records

6.2 Data Control and Correction

Update profile information and preferences at any time
Correct inaccurate information through your account settings
Manage subscription settings and usage preferences
Control data sharing preferences for analytics and improvements

6.3 Privacy Controls

Opt out of non-essential data collection and analytics
Control marketing communications and notifications
Withdraw consent for specific data processing activities
Request data minimization for privacy-sensitive information

7. Cookies and Tracking

We use cookies and similar technologies to:

Remember your preferences
Analyze usage patterns
Improve user experience
Provide personalized content

You can control cookie settings through your browser preferences.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during such transfers.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will take steps to delete the information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. International Data Transfers and GDPR Compliance

For users in the European Union and other regions with data protection laws:

We comply with GDPR, CCPA, and other applicable privacy regulations
Data transfers are protected by appropriate safeguards and security measures
EU users have additional rights under GDPR including data portability and erasure
We process data based on legitimate interests and user consent
You may contact our Data Protection Officer for privacy-related inquiries