Privacy: The Foundation of Community Trust
Privacy isn't a feature at Frega—it's our foundation. Every aspect of the platform is designed with privacy first, ensuring your data is never sold, always protected, and used only for purposes you explicitly agree to.
The "Garden Fence" Data Model
We call Frega's privacy architecture the "garden fence" model—all user data stays within Frega's protected ecosystem and is never sold to third parties.
Core Principles
- Never Sold: Your data is never leased, sold, or shared with third parties for marketing
- Explicit Consent: Data is only used for purposes you explicitly agree to
- GDPR Compliant: Full compliance with UK and EU data protection regulations
- User Control: You can view, export, and delete your data anytime
- Privacy by Design: Privacy built into the platform architecture, not added later
What Data We Collect and Why
Transaction Data
What we collect:
- Growth Points issued and redeemed
- Purchases and payment information
- Business interactions and service usage
Why: To provide Growth Points functionality, transaction statements, and accounting services.
Shared with: Only the businesses you transact with and yourself. Never sold to third parties.
Communication Data
What we collect:
- Frega Chat messages between you and businesses
- Customer support communications
Why: To enable direct communication and provide support.
Shared with: Only participants in conversations. Never analyzed for advertising or sold.
Example: Frega's systems determine from your purchases and interactions that you have a dog. This information is not sold and your identity is not disclosed.
A new vet moves into the area and publishes a promotion for new clients. You receive the offer, because Frega has determined this may be relevant to you and improve your situation.
The vet does not know who you are, unless you contact them to take them up on the offer. This way Frega provides valuable, tailored services without disclosing identities or private information.
Profile Data
What we collect:
- Basic account information (name, email, location if provided)
- Business information (for business accounts)
- Platform preferences and settings
Why: To provide personalized platform experience and enable account management.
Shared with: Only you and businesses you interact with. Never sold to advertisers.
Usage Data
What we collect:
- Platform feature usage
- Login times and devices
- Navigation patterns
Why: To improve platform functionality, security, and user experience.
Shared with: Only used internally, aggregated anonymously for platform improvements.
What We NEVER Do With Your Data
Absolute Commitments
- Never sell your data to advertisers, data brokers, or any third parties
- Never lease your data to other companies
- Never use your data for purposes beyond what you explicitly agree to
- Never share personal data for marketing purposes
- Never allow third-party tracking or advertising cookies
How We DO Monetize (Without Selling Data)
Frega's business model doesn't depend on selling your data. We make money through:
| Revenue Source | How It Works | Data Use |
|---|---|---|
| Growth Points Fees | Businesses pay fees to issue loyalty rewards | Transaction data stays private within garden fence |
| AI Agent Subscriptions | Users pay $2.50/month for AI tools they choose | Agents access only data with explicit permission |
| Premium Services | Optional platform upgrades and enhancements | Your choice to subscribe, data still protected |
| Aggregate Insights | Anonymized, aggregated trends (no individual identification) | Anonymized only—no way to identify individuals |
Notice: Even aggregate insights are anonymized such that no individual can be identified. This is fundamentally different from selling individual user data.
GDPR Compliance
Frega is fully compliant with the General Data Protection Regulation (GDPR)—UK and EU data protection law.
Your GDPR Rights
- Right to Access: View all data we hold about you
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Data Portability: Export your data in machine-readable format
- Right to Restrict Processing: Limit how we use your data
- Right to Object: Object to certain data processing
- Right to Withdraw Consent: Remove consent for data usage anytime
To exercise these rights, contact us or use account settings within the platform.
Data Security
How We Protect Your Data
- Encryption: All data encrypted in transit (HTTPS) and at rest
- Access Controls: Strict role-based access, minimum necessary permissions
- Audit Logging: All data access logged and monitored
- Regular Security Audits: Third-party security assessments
- Incident Response: Protocols for rapid response to any security issues
- Secure Infrastructure: Industry-standard cloud security (Azure)
AI Agent Data Access
When AI agents (from Publishers or Nova) need data access:
- Explicit Permission Required: You control which agents access what data
- Sandbox Environment: Agents operate in controlled environments
- Audit Trail: Every data access logged
- Revocable: You can revoke agent permissions anytime
- GDPR Governed: All access strictly regulated
Location Data
Opt-In Only
Geospatial discovery features that use location data are entirely opt-in:
- You choose whether to share location
- You can disable location tracking anytime
- Location used only for features you enable (e.g., finding nearby businesses)
- Never sold or shared for advertising purposes
The platform works fully without location data — location features are optional—it's purely your choice.
Data Retention
How Long We Keep Data
- Active Accounts: Data retained as long as your account is active
- Transaction Records: Kept for accounting and tax compliance (typically 7 years)
- Deleted Accounts: Personal data deleted within 30 days of account closure (except where legal obligations require retention)
- Aggregate Analytics: Anonymized data may be retained indefinitely (cannot identify individuals)
Requesting Data Deletion
To delete your account and data:
- Contact us through the platform or email
- We verify your identity
- Data is deleted within 30 days
- You receive confirmation of deletion
Note: Some data may need to be retained for legal/regulatory compliance (e.g., tax records).
Third-Party Services
While we don't sell your data, we do use some third-party services to operate the platform:
| Service Type | Purpose | Data Shared | Protection |
|---|---|---|---|
| Cloud Hosting (Azure) | Platform infrastructure | All platform data is stored securely in Azure's infrastructure | GDPR-compliant, encrypted, access controlled |
| Payment Processing | Handle transactions | Payment info only | PCI-DSS compliant, tokenized |
| Email Services | Platform communications | Email addresses, message content | GDPR-compliant, encrypted transit |
All third-party services are:
- GDPR compliant
- Bound by data processing agreements
- Prohibited from using data for their own purposes
- Subject to regular security audits
Privacy vs. Traditional Platforms
| Aspect | Traditional Platforms | Frega |
|---|---|---|
| Business Model | Sell user data and attention to advertisers | Service fees from genuine utility |
| Data Sharing | Sold to hundreds of third parties | Never sold, stays in garden fence |
| User Control | Limited, complex privacy settings | Full control, simple clear options |
| Transparency | Lengthy unclear privacy policies | Clear explanations, direct access |
Children's Privacy
Frega requires all users to be 18 years of age or older. Our platform involves financial transactions, business services, and contractual agreements that require users to have legal capacity to contract.
We do not knowingly collect data from individuals under 18. If you believe someone under 18 has created an account, please contact us immediately and we will delete the account and associated data.
For parents: If you believe your child under 18 has provided us with personal information, please contact us at contact and we will take steps to remove such information from our systems.
Privacy Policy Updates
We may update our privacy practices. We will never reduce your privacy protections without explicit notice as the platform evolves, but our core commitments remain constant:
- Data will never be sold to third parties
- GDPR compliance will be maintained
- User control will be preserved
- Transparency will be prioritized
When we make material changes to our privacy policy, we will:
- Notify users via email and platform notifications
- Provide clear explanation of changes
- Allow you to review and accept changes
- Give you option to delete your account if you disagree
Questions About Privacy?
For our complete legal privacy policy, see Privacy Policy.
For questions or concerns about your data, contact us.
To exercise your GDPR rights, use platform settings or contact our data protection officer.