Privacy Policy

Effective Date: 22 March 2026 · Jurisdiction: India · Compliant with: IT Act 2000, DPDP Act 2023

Plain English Summary: We collect only the data we need to run Freeddy. We do not sell your data. We use reputable third parties (Supabase, Stripe) to store and process it securely. You have the right to access, correct, and delete your data at any time.

1. Who We Are

Freeddy (“we”, “us”, “our”) is the operator of the platform accessible at freeddy.online. Our registered mailing address is 380 G/1, South Behala Road, Near Natore Colony, Behala, Kolkata — 700061, West Bengal, India. For any privacy-related queries, contact us at inquiries@freeddy.online.

2. What Data We Collect

2.1 Data You Provide Directly

Account Data: Full name, email address, password (hashed), business name, and country/timezone when you register.
Profile Data: Profile photo, bio, hourly rate, skills, and portfolio links you choose to add.
Billing Data: Subscription plan and billing cycle. Payment card details are processed and stored by our payment processor (Stripe/Razorpay) and are never stored on our servers.
Communications: Messages, proposals, contracts, and files you send or receive through the Freeddy chat portal.
Support Data: Any information you voluntarily provide when contacting our support team.
Waitlist Data: Name and email address submitted through our pre-launch waitlist form.

2.2 Data Collected Automatically

Usage Data: Pages visited, features used, session duration, clickstream data, and the actions taken within the platform.
Device & Log Data: IP address, browser type and version, operating system, device identifiers, referral URL, and access timestamps.
Cookies and Similar Technologies: Session cookies (essential for authentication), preference cookies, and analytics identifiers. See Section 8 for more detail.

2.3 Data From Third Parties

If you connect a third-party service (e.g., Google for authentication), we receive the basic profile data authorised by that service's OAuth flow. We only store what is necessary.

3. How We Use Your Data

We process your data for the following purposes, relying on the following lawful bases:

Performance of Contract: To provide, maintain, and improve the Service, process payments, deliver features, and manage your account.
Legitimate Interests: To detect and prevent fraud and abuse, to understand how users interact with the Service, and to improve security.
Consent: To send you marketing communications, product updates, and waitlist notifications, where you have opted in. You may withdraw consent at any time.
Legal Obligation: To comply with applicable laws, regulations, court orders, and lawful requests from government authorities.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data with:

Service Providers: Supabase (database and authentication), Stripe / Razorpay (payment processing), Resend / SendGrid (transactional email), Ably (real-time messaging), and Vercel (hosting). These providers act as data processors under contractual data processing agreements.
Legal Compliance: When required to do so by law, regulation, judicial process, or lawful government request.
Business Transfer: In connection with a merger, acquisition, or sale of all or substantially all of our assets. You will be notified via email in advance.
Your Clients: Data within the client portal (messages, documents, payment details) is shared with the specific client you designate on the platform. You control this sharing entirely.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it longer for legal, accounting, or fraud-prevention purposes (typically not exceeding 7 years under Indian law).

Waitlist data is retained until the platform launches or until you request deletion, whichever comes first.

6. Data Security

We implement industry-standard security measures, including TLS encryption in transit, AES-256 encryption at rest (via Supabase), Role-Based Access Control (RBAC), and regular security audits. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

In the event of a data breach that is likely to prejudicially affect you, we will notify you and the relevant authorities as required by the Digital Personal Data Protection Act, 2023 (DPDP Act), and the Information Technology Act, 2000.

7. Your Rights

Under the DPDP Act, 2023 and applicable law, you have the following rights regarding your personal data:

Right of Access: To obtain confirmation of whether we process your data and to receive a copy of the data we hold about you.
Right to Correction: To have inaccurate or incomplete personal data corrected.
Right to Erasure: To have your personal data deleted (subject to legal retention obligations).
Right to Grievance Redressal: To raise a complaint about our data processing practices with our designated grievance officer.
Right to Nominate: To nominate another individual to exercise your data rights in the event of your death or incapacity.

To exercise any of these rights, email us at inquiries@freeddy.online with the subject line “Privacy Rights Request”. We will respond within 30 days.

8. Cookies

We use the following types of cookies:

Essential Cookies: Required for authentication and session management. These cannot be disabled without breaking core functionality.
Analytics Cookies: Used to understand usage patterns. We use privacy-respecting analytics. You may opt out at any time.
Preference Cookies: Remember your settings (e.g., theme, language). Optional.

Most browsers allow you to control cookies through their settings. Blocking essential cookies may impair the Service.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it promptly.

10. International Data Transfers

Your data may be processed by our service providers outside of India (e.g., Supabase may store data in the US or EU, Vercel may route data through global edge nodes). By using the Service, you consent to such transfers. We ensure that our sub-processors maintain adequate data protection standards consistent with Indian law.

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have designated the following Grievance Officer for privacy-related complaints:

Name: To be designated upon company formation
Email: inquiries@freeddy.online
Address: 380 G/1, South Behala Road, Near Natore Colony, Behala, Kolkata — 700061, West Bengal, India
Response Time: Within 30 days of receiving the complaint

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email at least 14 days before the change takes effect. The “Effective Date” at the top of this policy indicates when it was last revised.

Last updated: 22 March 2026. This policy is drafted in compliance with the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and the Digital Personal Data Protection Act, 2023 (India).