Privacy Policy

1. Introduction

Welcome to AI OG ("we," "us," or "our"), a service provided by French OG. We provide an AI-powered dating and relationship assistant via WhatsApp. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our service, in compliance with UK data protection law.

By using our service, you acknowledge that you have read and understood this Privacy Policy.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data: Your WhatsApp phone number.
• Contact Data: Your WhatsApp phone number.
• Financial Data: Billing details and payment transaction information processed through our payment provider, Stripe. We do not store your full card details.
• Content Data: All text messages and any images or screenshots (e.g., dating profiles, conversation screenshots) you send to our service for analysis.
• Technical Data: Internet protocol (IP) address, message metadata (timestamps, delivery status), device type, and error logs for service diagnostics.
• Usage Data: Information about how you use our service, such as the number of messages sent, features used, and service usage patterns.

3. Legal Basis for Processing

Under GDPR and UK data protection law, we process your personal data based on the following legal bases:

• Contract Performance
  • Purpose: To provide our AI dating coach service
  • Data: Messages, images, phone number, usage data
  • Justification: Necessary to perform our contract with you
• Legitimate Interest
  • Purpose: Service improvement, security, and business operations
  • Data: Usage patterns, technical data, error logs
  • Justification: Our legitimate interest in improving service quality and security
• Consent
  • Purpose: Marketing communications and optional features
  • Data: Contact preferences, marketing data
  • Justification: Your explicit consent, which you can withdraw at any time
• Legal Obligation
  • Purpose: Compliance with applicable laws
  • Data: As required by law (e.g., financial records for tax purposes)
  • Justification: Compliance with legal requirements

4. How We Use Your Personal Data

We use your data for the following purposes, based on a lawful basis under UK GDPR:

• To Provide Our Service: To perform our contract with you, we process your messages and images to provide AI-powered dating advice, generate personalised insights, and manage your account.
• To Improve Our Service: Based on our legitimate interest to enhance our service, we monitor usage patterns to improve our AI models, debug technical issues, and develop new features.
• To Manage Our Business: To perform our contract and for our legitimate interests, we process payments, manage subscriptions, and send you essential service updates.
• To Comply with Law: We may process your data to comply with a legal or regulatory obligation.
• Marketing and Communications: With your consent, we may send you information about new features, promotions, and updates to our service.

5. Our Third-Party Data Processors

Our service is built using trusted third-party providers who process your data on our behalf:

• Twilio (for WhatsApp API):
  • Purpose: To send and receive WhatsApp messages.
  • Data Shared: Your phone number and message content.
  • Privacy Policy: Twilio Privacy Policy
• OpenAI (for AI Analysis):
  • Purpose: To provide AI-powered text and image analysis.
  • Data Shared: Your anonymised messages and images.
  • Model Used: We use advanced models like GPT-4 to provide high-quality responses.
  • Privacy Policy: OpenAI Privacy Policy
• Supabase (for Database):
  • Purpose: Securely storing your user data and preferences.
  • Data Shared: Phone number, subscription status, and usage metrics.
  • Privacy Policy: Supabase Privacy Policy
• Stripe (for Payments):
  • Purpose: To securely process payments and manage subscriptions.
  • Data Shared: Billing information and payment status.
  • Privacy Policy: Stripe Privacy Policy
• Railway (for Hosting):
  • Purpose: To host our application and infrastructure.
  • Data Shared: Technical logs and application data.
  • Privacy Policy: Railway Privacy Policy

6. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way. These include:

• Technical Safeguards: We use encryption, where all data is encrypted in transit using HTTPS/TLS and at rest using industry-standard encryption. Access control is maintained through multi-factor authentication and role-based access controls. Our network security includes firewalls, intrusion detection, and monitoring systems. We also practice data minimisation, meaning we only collect and process the data that is absolutely necessary to provide the service.
• Organizational Safeguards: Our staff receives regular privacy and security training. Access to personal data is strictly limited to authorised personnel who have a business need to know. We have an incident response plan with procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We also conduct regular audits, including periodic security assessments and vulnerability testing.
• Data Processing Controls: Data is only used for the specific purposes outlined in this policy, which is our purpose limitation. We have retention controls in place for the automated deletion of data according to our retention schedule. Where possible, data is anonymized or pseudonymized.

7. Data Retention

‍

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

• For active users, messages are retained for up to 30 days to allow for conversation history and service improvement. Images are processed immediately and deleted within 24 hours. Account data is retained while your subscription is active.
• For inactive users, personal data for free trial users is deleted after 90 days of inactivity. For cancelled subscriptions, personal data is deleted after 30 days of cancellation. Some data may be retained longer if required by law, for example, financial records for tax purposes.
• Regarding backup and recovery, copies may remain in backup systems for up to 90 days for disaster recovery purposes. Backups are automatically purged according to our retention schedule.

8. Your Legal Rights

Under UK data protection law and GDPR, you have the following rights:

• You have the right of access, which is the right to ask for a copy of your personal data and information about how we process it.
• You have the right to rectification, which is the right to ask us to correct inaccurate or incomplete data.
• You have the right to erasure, also known as the 'right to be forgotten,' which is the right to ask us to delete your personal data in certain circumstances.
• You have the right to restrict processing, which is the right to ask us to suspend the processing of your personal data in certain circumstances.
• You have the right to data portability, which is the right to request the transfer of your data to you or to a third party in a machine-readable format.
• You have the right to object to our processing of your data, for example, for marketing or legitimate interests.
• Where processing is based on consent, you have the right to withdraw that consent at any time.
• You also have rights related to automated decision making and profiling, if applicable.

To exercise any of these rights, please contact us at contact@french-og.com. You can also send "STOP" to our WhatsApp number to opt out of the service, or send "DELETE" to request data deletion. You can also request a data export by emailing us. We will respond to your request within one month, or two months for complex requests.

9. International Data Transfers

Some of our third-party providers are based outside the UK and EU, so their processing of your personal data will involve a transfer of data outside these regions.

Whenever we transfer your personal data outside the UK or EU, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: The transfer is to a country that has been deemed to provide an adequate level of protection for personal data by the UK Government or European Commission (Adequacy Decisions). We use specific contracts approved by the UK and EU which give personal data the same protection it has domestically (Standard Contractual Clauses or SCCs). Where transfers are within a corporate group, they are done with approved binding corporate rules. Transfers may also occur under approved certification schemes with binding enforceable commitments.

Specifically, transfers to OpenAI, Twilio, and Railway in the United States are protected by Standard Contractual Clauses. Transfers to Supabase and n8n in the European Union benefit from adequacy decisions. Any other transfers will be subject to appropriate safeguards.

10. Cookies and Tracking

Our WhatsApp service does not use cookies directly, but our website and third-party services may use cookies and similar technologies. Essential cookies are required for the basic functionality of our website and services. Analytics cookies help us understand how visitors interact with our website to improve user experience. Marketing cookies are used to deliver relevant advertisements and track campaign effectiveness, and are only used with your consent. You can control cookie preferences through your browser settings.

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately, and we will take steps to delete such information.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify authorities by reporting the breach to the relevant supervisory authority within 72 hours. We will also notify you by informing affected individuals without undue delay if the breach poses a high risk. We will take immediate steps to contain and remedy the breach for mitigation and maintain records of all breaches and our response for documentation.

13. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes via WhatsApp message or email.

We will post updates on this page with the new effective date and will clearly indicate what has changed in significant updates. Your continued use of our service after changes constitutes acceptance. We encourage you to review this policy periodically.

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law.

UK users can contact the Information Commissioner's Office (ICO). Their website is https://ico.org.uk/ and their phone number is 0303 123 1113.

EU users can contact their local data protection authority. A list is available at https://edpb.europa.eu/about-edpb/board/members_en.

15. Contact Information & Complaints

For any privacy-related questions, to exercise your rights, or to make a complaint, please contact us. Our email is contact@french-og.com and our website is https://french-og.com. We aim to respond to all privacy inquiries within 5 business days.