Back to Home

Privacy & Data Protection

Our commitment to protecting your data

Our Approach to Data Protection

At PersonalFreedom.AI, protecting your data is fundamental to how we operate. We follow industry best practices and recognized frameworks to ensure your information is handled responsibly and securely.

Note: While we implement security controls modeled on industry frameworks like SOC 2, ISO 27001, and NIST, we are not currently certified under these programs. We are transparent about our practices and continuously work to improve our security posture.

1. Data Protection Principles

GDPR Principles We Follow

Applies to: All users, with specific rights for EU/EEA residents

Your Rights:

  • Right to Access - Obtain a copy of your personal data
  • Right to Rectification - Correct inaccurate personal data
  • Right to Erasure - Request deletion of your data
  • Right to Portability - Transfer your data to another service
  • Right to Object - Opt-out of certain processing activities
  • Right to Restrict Processing - Limit how we use your data
  • Right to Withdraw Consent - Change your mind about data processing

How We Protect Your Data:

  • Privacy by Design in all our products and services
  • Data Processing Agreements with service providers
  • Regular security assessments and reviews
  • Prompt breach notification procedures
  • Clear documentation of data processing activities

California Privacy (CCPA)

Applies to: California residents

Your Rights:

  • Right to Know - What personal information we collect and how we use it
  • Right to Delete - Request deletion of your personal information
  • Right to Opt-Out - We do not sell personal information
  • Right to Non-Discrimination - Equal service regardless of privacy choices
  • Right to Correct - Fix inaccurate personal information

2. Security Practices

Administrative Safeguards

  • Designated security personnel
  • Employee training on data protection
  • Access management and review procedures
  • Risk assessment processes
  • Incident response planning

Technical Safeguards

  • Encryption for data in transit and at rest
  • Access controls and authentication
  • Audit logging and monitoring
  • Regular security testing
  • Secure software development practices

Physical Safeguards

  • Secure hosting facilities
  • Physical access controls
  • Environmental protections
  • Backup and recovery systems

3. Industry Frameworks We Follow

Our security program is modeled on recognized industry frameworks:

SOC 2 Trust Services Criteria

We implement controls aligned with the five Trust Services Criteria:

  • Security - Protection against unauthorized access
  • Availability - System uptime and performance
  • Processing Integrity - Accurate and complete processing
  • Confidentiality - Protection of confidential information
  • Privacy - Personal information handling

ISO 27001 Best Practices

Our information security management follows ISO 27001 principles:

  • Risk-based approach to security
  • Continuous improvement process
  • Documented security policies and procedures
  • Regular review and updates

NIST Cybersecurity Framework

Our risk management approach aligns with NIST CSF:

  • Identify - Asset management and risk assessment
  • Protect - Access control and data security
  • Detect - Monitoring and anomaly detection
  • Respond - Incident response procedures
  • Recover - Recovery planning and improvements

4. Data Governance

Data Classification

  • Public - Marketing materials, public documentation
  • Internal - Internal communications, procedures
  • Confidential - Customer data, business information
  • Restricted - Sensitive personal information

Data Lifecycle Management

  • Collection - Minimal data, clear purpose
  • Processing - Lawful basis, limited use
  • Storage - Encrypted, access controlled
  • Sharing - Need-to-know, agreements in place
  • Retention - Time-limited, documented
  • Deletion - Secure, irreversible

5. Third-Party Data Handling

Vendor Assessment

  • Security review for all service providers
  • Data Processing Agreements required
  • Regular review process
  • Minimal data sharing principle

Key Service Providers

We use reputable service providers including:

  • Cloud Infrastructure - Major cloud providers with strong security
  • Payment Processing - PCI-compliant payment processors
  • Email Services - Reputable email delivery services

6. Your Privacy Rights

How to Exercise Your Rights

Submit privacy requests through:

Response Timeline

  • Acknowledgment - Within 48 hours
  • Verification - Within 5 business days
  • Fulfillment - Within 30 days (45 days for complex requests)

7. Incident Response

Our Response Process

  • Detection - Monitoring and alerting
  • Assessment - Impact analysis
  • Containment - Stop and prevent further issues
  • Notification - Users and authorities as required
  • Recovery - Restore normal operations
  • Review - Learn and improve

8. Continuous Improvement

We are committed to continuously improving our security and privacy practices. This includes:

  • Regular security assessments
  • Staying current with evolving threats
  • Updating policies and procedures
  • Employee training and awareness
  • Listening to customer feedback

We are working toward formal certifications and will update this page as our compliance program matures.

Contact Us

For privacy or security inquiries:

Available Documentation

  • Privacy Policy
  • Terms of Service
  • Data Processing Agreement (DPA) - available on request
  • Security Overview - available on request