What Frey sees, stores, and forgets.

Frey is operated by Freydom UG (haftungsbeschränkt) i.G., Frankfurt am Main, Germany. The data controller for the purposes of the DSGVO/GDPR is Freydom UG. Our Impressum and full Datenschutzerklärung are linked at the foot of every Freydom property.

When you connect a Google account, Frey requests:

• Google Calendar — event titles, times, attendees, locations, and free/busy, to brief you on your day and prep meetings. Frey can also add an event or time-block when you ask it to, with no attendees, so no invitations are ever sent to anyone.
• Gmail — message subjects, senders, bodies, and your contact directory, to triage and summarise. Frey can save a draft to your Drafts folder when you ask — but it never sends, deletes, labels, or moves anything. You review and send every email yourself.

We request the narrowest scopes that make each feature work, and nothing we don't use.

Your Google OAuth tokens are encrypted at rest with AES-256-GCM, under a key separate from every other secret in our system. We never see or store your Google password. Message bodies and event details are processed in the moment to answer your request and generate your briefing; they are not retainedunless you explicitly save (“keep”) an item. Your chat history with Frey is stored per-account so conversations stay continuous.

One deliberate exception, because it powers the Spend view: when Frey scans your receipt and invoice emails, it stores the extracted facts only — vendor, amount, currency, date, billing cadence — never the email itself. You can remove any entry on the Spend page (✕), and the entire ledger is deleted with your account. Frey never connects to a bank.

To deliver the product we share the minimum necessary with:

• Google — the source of your calendar + mail data (your own accounts).
• Google (Gemini API) — the model that reads the relevant snippet to answer you. Google states Gemini API data is not used to train its models.
• Stripe — payment processing. We never see or store your card details.
• Resend / Amazon SES — transactional email (receipts, account notices).
• Hetzner — EU (Germany) hosting. Your data stays in the EU.

We do not sell your data, and we do not use your email or calendar content to train any model of our own.

Frey's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In concrete terms:

• Google user data is used only to provide the user-facing features described above — briefings, meeting prep, inbox triage, and drafts you explicitly request.
• We do not transfer Google user data to third parties except as necessary to provide these features (the processors listed above), to comply with applicable law, or as part of a merger or acquisition with prior notice to you.
• We do not use Google user data for advertising of any kind.
• No humans read your Google data except (a) with your explicit consent for a specific item, (b) where necessary for security purposes such as abuse investigation, (c) to comply with applicable law, or (d) after aggregation and anonymisation for internal operations.
• Google user data is never used to train or improve generalised AI or machine-learning models. Snippets are processed transiently through the Gemini API solely to answer your specific request; Google states Gemini API data is not used to train its models.

OAuth tokens persist until you disconnect or delete your account. Chat history persists until you delete it or your account. Anonymous chat counters expire after 24 hours. On account deletion, everything is removed within 30 days (immediately in most cases).