Privacy Policy
Last updated: May 27, 2026
Table of Contents
- Overview
- Responsibility Toward Personal Information
- Collection and Use of Personal Information
- Personal Information We Collect Automatically
- Sharing of Personal Information
- Specific Provision for EU and UK Residents
- Specific Provision for California Residents
- Specific Provision for Canadian Residents
- Residents Outside the EU, UK, Canada, California
- Children's Privacy
- Safeguards and Retention of Personal Information
- Your Choices and Privacy Controls
- Updates to the Privacy Policy
- Contact Us
OVERVIEW
Freshlake AI Inc. (“Freshlake”, “we”, or “us”) respects your privacy and is committed to protecting Personal Information. This privacy policy (“Policy”) explains how we collect, use, and disclose Personal Information when individuals or organizations visit our website located at https://freshlake.ai (the “Website”), create a Freshlake account, use the Freshlake platform and services for harnessed AI agents and agent-enabled knowledge work (collectively, the “Services”), or otherwise interact with us.
The Services are currently offered in alpha-preview unless Freshlake expressly states otherwise. This means the Services are early-stage and evolving, and our data practices may change as we add, remove, test, or modify features, integrations, workflows, usage limits, telemetry, and support processes. Alpha-preview access, including free, promotional, trial, discounted, or gifted credits, is provided in part so Freshlake can learn from real-world usage and improve, develop, evaluate, and train Freshlake Technology. We will update this Policy as our practices materially change.
This Policy applies to anyone using our Services – whether on their own behalf or on behalf of their employer or another organization.
RESPONSIBILITY TOWARD PERSONAL INFORMATION
Freshlake’s Role in Handling Personal Information
Depending on how you’re interacting with Freshlake, we may have different responsibilities under data protection laws. These roles affect how your data is handled, who makes decisions about it, and what rights apply. That’s why it’s important to explain when Freshlake acts as a Data Controller and when we act as a Data Processor.
When Freshlake collects and uses your information to run its own business – like creating user accounts, sending updates, analyzing usage, improving the platform, or processing job applications – Freshlake is in control of that data. In legal terms, we’re acting as a Data Controller because we decide why and how that information is used.
When you use Freshlake to upload or process personal data – for example, to run an agent task, use tools or connectors, execute work in a sandbox, retrieve information, generate work artifacts, or monitor activity on your own projects – and that data includes information about other people, we may process that data for you as a Data Processor. We use that data based on your instructions, your use of the Services, and the terms of your agreement with us.
Freshlake may also act as a Data Controller for certain processing connected with operating, securing, analyzing, improving, developing, evaluating, and training the Services and related Freshlake Technology, including where we use Alpha Learning Data for alpha-preview learning and product development as described in this Policy.
If you are an individual whose Personal Information is being processed by Freshlake on behalf of a customer (for example, your employer or a service provider you use), and you have concerns about how your data is being handled, please contact that organization directly. They are responsible for managing your Personal Information and directing us on how to process it.
If you access Freshlake through an account, domain, identity provider, workspace, payment method, or invitation associated with an organization, that organization or its administrators may be able to view and manage information associated with your account, including workspace membership, usage records, connected systems, Customer Data, work artifacts, billing information, and credits.
Non-Standard Deployments
Freshlake does not currently offer self-managed or self-deployed versions of the Services as a standard offering. Customer-hosted, customer-managed, on-premise, private cloud, or other non-standard deployments are outside the scope of this hosted alpha-preview Policy unless Freshlake publishes or approves separate privacy and security terms approved by Freshlake.
COLLECTION AND USE OF PERSONAL INFORMATION
We believe in being clear and transparent about the information we collect and how we use it.
In this section, we’ve provided a table that explains:
- What kinds of information we collect
- Where it comes from
- Why we collect it
- The legal reasons (or “legal basis”) we rely on to collect and use it, where required by law
By “Personal Information,” we mean any information that relates to an identifiable individual – such as a name, email address, IP address, device ID, or anything else that could be used on its own or together with other data to identify someone. This includes information you provide directly when signing up for Freshlake, data collected automatically when you use our platform (such as job logs, tool activity, connector activity, credit usage, or session activity), and any data you upload or connect to run agent tasks or knowledge-work workflows.
Terms such as “Customer Data,” “Inputs,” “Outputs,” “Alpha Learning Data,” “Documentation,” “Freshlake Interfaces,” and “Freshlake Technology” have the meanings described in our Terms of Service when they are used in connection with the Freshlake platform.
Aggregated and Non-Identifiable Data
We may collect and use information that does not identify an individual, such as aggregated or de-identified data (“Non-Personal Information”). This may include platform usage patterns, performance metrics, and other statistical or analytical information. We may also transform collected data so that it can no longer reasonably be used to identify a specific individual. This type of data is not considered Personal Information under applicable privacy laws, and Freshlake may use or share it for any lawful purpose.
For clarity, if we combine Non-Personal Information with Personal Information (for example, linking anonymized usage data with an account ID), the combined data will be treated as Personal Information for as long as it remains linked.
AI Inputs, Outputs, and Third-Party Providers
Freshlake may process prompts, instructions, uploaded files, connected documents, workflow context, tool outputs, connector payloads, sandbox files, configuration files, generated artifacts, and related metadata to provide the Services. Freshlake may also use Alpha Learning Data to operate, secure, analyze, improve, develop, train, fine-tune, evaluate, test, benchmark, and commercialize Freshlake Technology. Where the Services use third-party AI model providers, cloud providers, tool providers, connectors, sandbox or runtime providers, payment processors, or other third-party providers, these providers may process Inputs, Outputs, and usage metadata as necessary to provide model processing, tool execution, safety monitoring, abuse prevention, billing, debugging, and compliance. If Freshlake permits a customer to use its own provider accounts, API keys, storage, tools, or connectors, those providers’ terms, settings, logging, retention, and training policies may also apply. Freshlake does not use Customer Data, Inputs, or Outputs to train third-party foundation models or general-purpose AI models for the third-party provider’s independent benefit without the customer’s express consent, except where the customer selects, connects, or enables a third-party provider or feature whose terms, settings, or policies permit such use.
SUMMARY OF PERSONAL INFORMATION COLLECTED AND USED
| Category of Data | Examples | Source | Purpose | Legal Basis |
|---|---|---|---|---|
| Account Information | Name, email, company, job title, password or SSO token | Provided by user during account setup or login | To create and manage your Freshlake account | Contractual necessity |
| Authentication Data | Login timestamps, session history, authentication tokens | Collected from authentication systems | To authenticate users and manage secure access | Contractual necessity / Legitimate interest |
| Payment & Billing Data | Billing address, transaction amount, masked card details | Provided by user and processed by payment service providers | To process payments and manage billing | Contractual necessity / Legal obligation |
| Usage & Activity Logs | Freshlake Interface usage, tool calls, sandbox sessions, credit usage, session metadata, job history, transcripts, logs, evaluation results, and artifact metadata | Automatically collected during use of the Freshlake platform | For billing, platform monitoring, support, audit, abuse prevention, product development, model training, model fine-tuning, agent evaluation, harness improvement, and workflow improvement | Legitimate interest / Contractual necessity |
| Agent Task, Input & Output Data | Prompts, instructions, uploaded files, connected documents, workflow context, tool outputs, connector payloads, sandbox files, configuration files, generated artifacts, reports, code, summaries, recommendations, and other outputs | Provided by users or connected systems, or generated during use of the Services | To run agent tasks, operate harnesses, generate work artifacts, configure workflows, provide the Services, improve the Services, and develop, train, fine-tune, evaluate, test, and benchmark Freshlake Technology | Contractual necessity / Legitimate interest / Processor role |
| Marketing & Communication Preferences | Email preferences, survey responses, interaction history | Provided by user or collected through platform/email interactions | To send updates, newsletters, and collect feedback | Consent / Legitimate interest |
| Marketing & Advertising Identifiers | Email, IP address, cookie identifiers, device/browser metadata | Collected via tracking pixels, cookies, or SDKs | To enable third-party platforms to associate visits to our platform with known user profiles and send relevant marketing communications | Consent / Legitimate interest (varies by jurisdiction) |
| Analytics & Device Data | IP address, browser type, operating system, device ID, geolocation | Collected from browser or device during website or platform use | To improve the Website, analyze traffic, and enhance platform performance | Legitimate interest |
| Deployment & Infrastructure Metrics | Resource usage, deployment metadata, runtime logs, sandbox runtime, model/API token usage, storage, bandwidth, tool or connector usage, and permitted customer-configured provider metadata | Automatically collected from hosted infrastructure and permitted integrations where enabled or required to provide the Services | For infrastructure optimization, billing, security, support, troubleshooting, and operational integrity | Legitimate interest |
| Call and Meeting Recordings | Audio recordings, video recordings, AI-generated summaries, meeting notes | Collected during phone or video calls via conferencing or telephony platforms | To document conversations, follow up on action items, improve service quality, and maintain internal records | Legitimate interest / Consent (where required) |
| Event or Webinar Information | Name, email address, location, company, and other info | Provided directly by user during registration or event participation | To manage event participation, send follow-ups, and improve future events | Consent / Legitimate interest |
| Job Applicant Information | Resume, cover letter, contact details, employment history, qualifications | Provided directly by user during job application | To evaluate and respond to job applications and manage recruitment processes | Consent / Legitimate interest / Legal obligation |
| Aggregated or De-identified Data | Platform usage trends, anonymized metrics, volume logs | Derived from user interactions | To improve services, monitor system health, and inform product development | Not considered Personal Information |
Additional Information About Recorded Conversations
When you speak with Freshlake by phone or participate in a video meeting (such as for onboarding, support, or product discussions), we may record the call or meeting. We may also use built-in tools to create summaries, transcripts, or meeting notes using AI features. These recordings and notes help us keep track of requests, follow up accurately, and improve our customer experience. Where required by law, we will notify you before recording and obtain your consent if necessary.
Access to Customer Content
Freshlake personnel do not review Customer Data, Inputs, or Outputs except where necessary to provide, secure, troubleshoot, support, improve, train, evaluate, test, benchmark, or enforce the Services or Freshlake Technology; where requested or authorized by the customer or an administrator; where required by law; or where Freshlake reasonably believes access is necessary to prevent harm, abuse, security incidents, or violations of applicable terms.
PERSONAL INFORMATION WE COLLECT AUTOMATICALLY
When you visit our website or use the Freshlake platform, we may automatically collect certain information from your device or browser. This information helps us operate and improve the Services, analyze usage trends, detect security issues, and personalize user experiences. This data is typically collected using cookies, pixels, web beacons, and similar tracking technologies.
These tools may support marketing activities, including cross-site identification based on hashed email or behavioral data. Where required by law, we will obtain your consent before using these technologies. You may opt out of such processing at any time – see our Interest-Based Advertising section for more details.
The types of data we collect automatically may include:
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Device and Browser Information | IP address, browser type, operating system, device ID, screen resolution | To optimize website and platform experience, ensure compatibility and troubleshoot issues | Legitimate interest |
| Cookies and Tracking Technologies | Session cookies, persistent cookies, authentication tokens | To maintain login sessions, remember preferences, and support site functionality | Consent / Legitimate interest |
| Analytics and Performance Data | Pages visited, time spent, clicks, scroll depth, user flow | To analyze usage trends, improve design, and enhance features | Legitimate interest |
| Referring URLs and Clickstreams | Referrer pages, outbound link tracking, campaign parameters | To understand traffic sources and improve marketing effectiveness | Legitimate interest |
| Advertising and Attribution Data | Pixel tags, conversion tracking data, ad campaign IDs | To measure ad performance and personalize or suppress advertising | Consent (where required) |
| Cross-Site Identity Resolution Technologies | Hashed email, cookie IDs, device/browser metadata used by third-party partners | To enable our marketing partners to associate your activity on our platform with other data they may hold and deliver targeted communications or advertising | Consent (where required), Legitimate interest (where permitted) |
Cookie Categories
Freshlake uses different types of cookies and similar technologies, each serving a specific purpose:
- Essential cookies are required for the platform to function properly. These include login tokens, session management, and security-related cookies. Because they are strictly necessary, they cannot be turned off through cookie settings.
- Optional cookies include analytics and performance cookies, as well as advertising or marketing-related cookies. These help us understand how users interact with our Services or allow us to personalize content and measure campaign effectiveness. These cookies are only activated if you give your consent.
You can manage your cookie preferences through your browser settings or, where applicable, through our cookie banner or consent manager. However, certain features of the Freshlake platform may not function properly without cookies.
Interest-Based Advertising
We may partner with advertising networks and third-party platforms that use cookies, pixels, and similar technologies to serve you personalized ads across the internet. These technologies help us and our partners understand what interests you and improve the relevance of ads you see.
While Freshlake does not sell Personal Information for monetary compensation, we may “share” certain identifiers – such as cookie data or hashed email addresses – with third-party partners for the purpose of delivering interest-based advertising, where permitted by law or with consent where required. Under applicable privacy laws (such as the California Consumer Privacy Act), this may be considered a “sale” or “sharing” of Personal Information.
You may opt out of certain interest-based advertising through your browser settings, device settings, our cookie banner or consent manager where available, or by visiting:
Even if you opt out, you may still see Freshlake ads – they just won’t be tailored based on your activity. Please note, opt-outs are browser-specific and require cookies to be enabled.
Analytics and Third-Party Links
We use third-party analytics tools (e.g., Google Analytics, Microsoft Clarity) to collect information about how users interact with our website and platform. This may include tracking page views, user clicks, time spent on pages, and general engagement patterns.
These tools may use cookies or other tracking technologies to gather this data across sessions or websites. You can opt out of Google Analytics tracking by installing their browser opt-out add-on here.
Additionally, our website may contain links to external websites and services that we do not operate or control. These third-party sites have their own privacy policies, and we are not responsible for how they collect or use your information.
We may use cookies and tracking technologies provided by marketing and advertising partners, including identity resolution providers, as described above.
SHARING OF PERSONAL INFORMATION
Freshlake does not sell your Personal Information for money. However, we may share certain Personal Information with trusted third party service providers and marketing partners in accordance with applicable privacy laws. This includes sharing data for purposes such as cross-site advertising, analytics, and audience targeting, which may be considered “sharing” or “selling” under laws like the California Consumer Privacy Act (CCPA/CPRA).
We disclose Personal Information to third parties who provide services on our behalf or who help deliver, secure, support, bill, analyze, advertise, and improve the Freshlake platform. These partners are contractually obligated to maintain appropriate security and confidentiality and to use Personal Information only as permitted for the applicable service relationship, except where you select, connect, or enable a third-party provider, account, model, tool, connector, storage service, or integration whose own terms, settings, or policies apply.
We may share Personal Information in the following circumstances:
| Recipient / Category | Purpose / Description |
|---|---|
| Service Providers | We share Personal Information with third-party providers that help us deliver our Services, including hosting providers, AI model providers, tool providers, connector providers, sandbox or runtime providers, payment processors, analytics platforms, customer support tools, and communication providers. These providers are only given the information necessary to perform their services and may not use it for their own purposes, except where you select, connect, or enable a third-party provider, account, model, tool, connector, storage service, or integration whose own terms, settings, or policies apply. |
| Legal and Regulatory Authorities | We may disclose Personal Information if required by law, court order, subpoena, or to comply with lawful investigations, fraud prevention, or legal process in any applicable jurisdiction (including Canada, the U.S., or other countries where we or our service providers operate). We may also disclose information to establish, exercise, or defend legal claims, or to prevent actual or suspected harm. |
| Professional Advisors | We may share Personal Information with auditors, legal counsel, or other professional advisors where necessary for compliance, audit, risk management, or legal defense. |
| Corporate Transactions | Personal Information may be disclosed or transferred as part of a proposed or completed merger, acquisition, financing, reorganization, bankruptcy, or sale of Freshlake assets or business operations. |
| Customer Instruction (as Data Processor) | When acting as a processor, we share or process Personal Information only as instructed by our customers and subject to our agreement with them. |
| Marketing and Advertising partners | To help us reach users through targeted outreach or advertising (including through cross-site tracking or identity resolution techniques) |
In some cases, our service providers or partners may access, store, or process Personal Information outside of Canada (including in the United States or other jurisdictions), where privacy laws may differ. We require all such service providers to implement appropriate safeguards, and we remain responsible for their handling of your Personal Information under this Policy.
For more information about interest-based advertising and how to opt out, please see our Interest-Based Advertising section.
SPECIFIC PROVISION FOR EU AND UK RESIDENTS
If you are located in the European Economic Area (EEA) or the United Kingdom, your Personal Information is processed in accordance with General Data Protection Regulation (GDPR) and the UK GDPR respectively.
Freshlake acts as a Data Controller when we determine the purposes and means of processing your Personal Information (e.g., for account management, security, or platform operations).
We rely on legal bases described in Collection and Use of Personal Information, including consent, contractual necessity, legitimate interest, and legal obligation, depending on the purpose of processing.
When we rely on legitimate interest as a legal basis, we consider and balance our interest in the processing against the potential impact on your rights and freedoms. We will only proceed where we believe the impact on your privacy is limited, proportionate, and not overridden by your interests. You have the right to object to this type of processing at any time, as described below.
Your Rights under GDPR and UK GDPR
You have the following rights regarding your Personal Information, subject to certain legal limitations:
| Right | What It Means | Limitations or Conditions |
|---|---|---|
| Access | You can request confirmation of whether we process your data, and ask for a copy. | May be limited for repetitive, excessive, or manifestly unfounded requests |
| Correction | You can ask us to correct inaccurate or incomplete Personal Information. | May require verification or supporting documentation |
| Erasure | You can request that we delete your Personal Information. | Not absolute - we may retain data for legal claims, compliance, security, operational requirements, backup retention, or rights reserved under the Terms of Service |
| Restriction | You can request that we temporarily stop using your Personal Information. | Typically applies during a dispute or verification |
| Objection | You can object to processing based on our legitimate interests. | We may continue if we demonstrate overriding legitimate grounds |
| Data Portability | You can request a machine-readable copy of your data to transfer it to another provider. | Applies only to data you provided, and only if processed under consent or contract |
| Withdraw Consent | If you previously gave consent, you can withdraw it at any time. | Withdrawal does not affect the lawfulness of processing already carried out, or processing based on other legal grounds |
| Lodge a Complaint | You may lodge a complaint with your local Data Protection Authority. | See information below for contact info |
If you request deletion of your Personal Information, deletion may be subject to legal, security, operational, backup, archival, contractual, and technical limitations, including the applicable Terms of Service. Residual copies may remain in backups or archives until removed through regular retention and purge processes.
To exercise any of these rights or ask questions about our privacy practices, please contact us at: privacy@freshlake.ai
International Data Transfers
If we transfer your Personal Information outside the EEA or UK (e.g., to service providers in the U.S. or elsewhere), we will ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission or UK Information Commissioner’s Office
- Additional protective measures if required
Freshlake does not currently maintain a designated Data Protection Officer (DPO) or EU/UK representative under Article 27 of the GDPR or UK GDPR. We continue to monitor our obligations under applicable data protection laws, and if this changes, we will update this Policy accordingly.
Data Protection Authority Contact Information
If you reside in the EEA, you can find your local supervisory authority here: https://edpb.europa.eu/about-edpb/board/members_en
SPECIFIC PROVISION FOR CALIFORNIA RESIDENTS
This Section applies to California residents and supplements this Privacy Policy, in accordance with California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Terms defined in the CCPA have the same meaning when used in this Section.
Categories of Personal Information Collected and Disclosed
In the past twelve (12) months, we have collected and disclosed the following categories of Personal Information for business and operational purposes:
| Category | Examples | Disclosed to |
|---|---|---|
| Identifiers | Name, email address, IP address, account username | Service providers |
| Customer Records | Name, address, phone number, job title and other contact or profile information | Service providers |
| Internet or Network Activity | Browsing behavior, interactions with our Services, usage logs | Analytics and performance tools |
| Geolocation Data | Region or city derived from IP address | Infrastructure providers |
| Professional Information | Company name, role, industry (if provided) | Support and engagement tools |
| Inferences | Usage patterns, preferences | Internal use only |
| Audio/Visual Data | Support call or video recordings (with notice) | Support platforms or internal staff |
Freshlake has not sold any Personal Information in the preceding 12 months. Although Freshlake does not sell Personal Information for monetary value, some of our data practices (such as identity resolution for targeted advertising) may be considered “sharing” under California law. You may opt out at any time using the link in our Interest-Based Advertising section.
How We Use This Information
We use the Personal Information listed above for the business purposes outlined in Collection and Use of Personal Information of this Policy. These include service delivery, support, analytics, fraud prevention, platform improvement, and legal compliance.
Your Rights Under California Law
You may exercise the following rights under the CCPA/CPRA:
| Right | What It Means | Limitations / Notes |
|---|---|---|
| Right to Know | You can request to know what Personal Information we have collected, used, shared, or disclosed about you. | We may limit the frequency of requests (twice per 12 months) and must verify your identity before responding. |
| Right to Delete | You can request that we delete Personal Information we have collected from you. | Some data may be retained where required by law or necessary for fraud prevention, security, or operational needs. |
| Right to Correct | You can request that we correct inaccurate Personal Information we hold about you. | May require verification and supporting documentation, especially for account-related fields. |
| Right to Opt Out of “Sharing” | You can request that we stop “sharing” your Personal Information for cross-context behavioral advertising. | Only applies to applicable data; does not affect essential service operations. |
| Right to Limit Sensitive Personal Information Use | You can limit how your Sensitive Personal Information is used. | Freshlake does not intentionally request or require Sensitive Personal Information for ordinary alpha-preview use. Customers must not submit Sensitive Personal Information unless expressly permitted by Documentation. If submitted, it is processed as Customer Data under the Terms and this Policy. |
| Right to Non-Discrimination | You have the right not to be treated unfairly for exercising your privacy rights. | We will not deny you services, charge different prices, or provide different levels of service based on your request. |
Withdrawing Consent
If you have provided consent to receive marketing communications or to the use of cookies and analytics tools, you may withdraw that consent at any time. You can do so by following the unsubscribe link in any marketing email, adjusting your browser settings, or contacting us at privacy@freshlake.ai.
Please note that withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.
Freshlake does not charge you for exercising these rights.
How to Exercise Your Rights
To submit a request under CCPA or CPRA, you may:
- Email us at privacy@freshlake.ai
- Use an authorized agent to submit the request on your behalf (subject to verification)
We may need to verify your identity before responding and will do so within the timeframe required by law (typically 45 days).
SPECIFIC PROVISION FOR CANADIAN RESIDENTS
This section applies to individuals resident in Canada and describes how Freshlake collects, uses, and discloses Personal Information in accordance with federal and provincial privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as provincial laws such as British Columbia’s Personal Information Protection Act (PIPA-BC), Alberta’s Personal Information Protection Act (PIPA-AB), Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (as amended by Law 25).
Consent and Use of Personal Information
Freshlake collects, uses, and discloses Personal Information with your knowledge and consent, unless otherwise permitted or required by law. We collect only what is necessary for the purposes described in Collection and Use of Personal Information.
You may withdraw your consent at any time, subject to legal or contractual limitations. To do so, contact privacy@freshlake.ai.
Your Rights Under Canadian Privacy Laws
Depending on where you reside, you may have the following rights:
| Right | What It Means | Limitations / Notes |
|---|---|---|
| Access | You can request a copy of the Personal Information we hold about you. | We may refuse access where required or permitted by law (e.g., solicitor-client privilege, proprietary information, or threats to safety). |
| Correction | You can request correction of inaccurate or incomplete Personal Information. | We may ask for documentation to support your correction request and may not change opinions or interpretations. |
| Withdraw Consent | You may withdraw your consent to our use of your Personal Information. | Withdrawal does not affect processing already done based on prior valid consent. We may retain data where legally required. |
| De-indexing / “Right to be Forgotten” (Quebec) | In some cases, you may request that we stop making your information public or remove links to it. | Only applies to Quebec residents. Applies where continued disclosure causes serious harm, subject to a balancing test. |
| Automated Decision-Making (Quebec) | You may request information about automated decisions made about you and ask for human intervention. | Applies to Quebec residents only. Freshlake must explain the logic and effects of the decision. |
These rights may vary depending on your province of residence and the legal basis for processing. Some exceptions apply – for example, where fulfilling a request would reveal someone else’s Personal Information, violate legal privilege, or conflict with legal obligations.
To exercise any of these rights, contact us at privacy@freshlake.ai. We may need to verify your identity before responding.
Security and Breach Notification
Freshlake takes reasonable security measures to protect Personal Information against unauthorized access, loss, or misuse. If a privacy breach creates a real risk of significant harm (as defined by applicable laws), we will notify you and the appropriate regulator, if required.
International Data Transfers
Your Personal Information may be stored or processed outside Canada, or even the Province you reside (e.g., in the U.S.). These jurisdictions may not have privacy laws equivalent to Canadian standards. Freshlake requires all service providers handling your information outside Canada to maintain protections consistent with this Policy and applicable laws.
Contact Our Privacy Officer
Freshlake has appointed a Privacy Officer responsible for compliance with applicable Canadian privacy laws. You can contact our Privacy Officer at: privacy@freshlake.ai
If you are not satisfied with our response, you may file a complaint with the appropriate privacy regulator:
- Office of the Privacy Commissioner of Canada
Website: https://www.priv.gc.ca
Phone: 1-800-282-1376 - Commission d’accès à l’information du Québec (if you reside in Quebec)
Website: https://www.cai.gouv.qc.ca - Alberta Information and Privacy Commissioner
Website: https://www.oipc.ab.ca - British Columbia Information and Privacy Commissioner
Website: https://www.oipc.bc.ca
RESIDENTS OUTSIDE THE EU, UK, CANADA, CALIFORNIA
If you reside outside the European Union, United Kingdom, Canada, or the State of California, your Personal Information will be processed in accordance with the practices described in this Privacy Policy.
Freshlake will handle your Personal Information in a manner consistent with the standards described above, regardless of your location. Where required by applicable law, or otherwise at Freshlake’s discretion, we may respond to requests to access, correct, or delete your data, subject to verification, legal exceptions, contractual limitations, security, abuse prevention, backup retention, and Freshlake’s rights under the Terms of Service.
If you have questions about your rights or how we process your Personal Information in your jurisdiction, please contact us at privacy@freshlake.ai.
CHILDREN’S PRIVACY
Freshlake’s platform and services are not directed at children, and we do not knowingly collect Personal Information from anyone under the age of 13 (or such higher age as required by applicable law). If we become aware that we have collected Personal Information from a child without appropriate parental or legal guardian consent, we will take reasonable steps to delete the information as soon as possible.
Please note that the age at which individuals are legally allowed to consent to data processing varies by jurisdiction. For example in the United States, the minimum age is generally 13 and in the European Union and United Kingdom, the age of digital consent is 16 unless a Member State has set a lower age (no lower than 13).
If you are a parent or guardian and you have reasons to believe that your child has provided us with Personal Information, please contact us by sending an email to privacy@freshlake.ai, stating “Minors Content Removal Request” in the subject line, and tell us what information you want us to remove. We will remove any such data to the extent required by applicable law.
SAFEGUARDS AND RETENTION OF PERSONAL INFORMATION
Security Measures
Freshlake takes reasonable administrative, technical and physical measures designed to protect Personal Information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. These measures may include, as appropriate, encryption, access controls, network security monitoring, and system audits. Access to Personal Information is restricted to personnel and authorized service providers who require access to perform their job duties, and is managed on a need-to-know basis. If we become aware of a data breach that presents a real risk of significant harm, we will notify affected individuals and regulators in accordance with applicable laws.
Retention
We retain Personal Information for as long as necessary or permitted to fulfil the purposes set out in this Policy, exercise rights under the Terms of Service, or comply with legal, contractual, security, abuse prevention, backup, archival, or operational requirements. Retention periods may vary based on data type, service context, and applicable law. When Personal Information is no longer required, we may take steps to delete, de-identify, or anonymize it. Please note that residual copies may remain in backups or archives until removed through regular retention and purge processes.
We may retain aggregated and de-identified information beyond applicable retention periods for purposes such as research, analytics, and improving our platform. This data cannot be used to identify any individual.
Privacy Governance Practices
Freshlake uses internal privacy practices designed to support responsible handling of Personal Information and compliance with applicable privacy laws. These may include, as appropriate:
- Documented administrative, technical, and physical safeguards
- Internal policies to manage access, use, and destruction of data
- Retention and destruction practices
- Processes to handle data subject requests and complaints
- Designated roles and responsibilities for personnel handling Personal Information
- A Privacy Officer responsible for overseeing our compliance program and privacy practices
Submission of Confidential or Sensitive Information
Freshlake does not review, classify, or specially handle user-submitted content unless we are contractually obligated to do so. By submitting content through our platform, you are responsible for ensuring that you have the appropriate legal rights to upload or process such data, and you understand that Freshlake may retain or process this information in accordance with this Privacy Policy and the applicable Terms of Service.
Unless Freshlake Documentation expressly permits the relevant category of data, you should not submit regulated, restricted, privileged, confidential client, children’s, payment card, health, biometric, government identifier, export-controlled, or other highly sensitive information to the Services.
YOUR CHOICES AND PRIVACY CONTROLS
You have control over how we use your Personal Information. Depending on your location and applicable law, you may have the right to access, correct, delete, or withdraw consent to the use of your Personal Information. Details about these rights and how to exercise them are provided in the regional sections of this Privacy Policy.
Marketing Communications
Freshlake may send you email communications about our products, services, updates, or events. In some cases, we may do this based on your prior relationship with us (such as if you have signed up for an account or used the Freshlake platform), or where permitted by applicable law.
You can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in any of our emails. You may also opt out by contacting us at privacy@freshlake.ai.
Please note that we may still send you important service-related messages (such as security notices or account updates), even if you opt out of marketing emails.
Withdrawing Consent
You may withdraw your consent to our use of your Personal Information at any time by contacting us at privacy@freshlake.ai.
Please note that this right applies only to processing activities that rely on your consent as the legal basis (such as optional marketing communications or analytics, where applicable).
Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal, and it does not apply to data we process on other legal grounds, such as contractual necessity, legal obligation, or legitimate interest.
Interest-Based Advertising
You can opt out of interest-based advertising by adjusting your browser settings or visiting the opt-out links listed in the Interest-Based Advertising section above.
Data Access and Correction
You may request access to or correction of the Personal Information we hold about you by emailing privacy@freshlake.ai. We may request additional details to verify your identity before responding.
We may deny a request if we are unable to verify your identity or if it conflicts with legal or contractual obligations.
UPDATES TO THE PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. If we make changes that materially affect your rights or the way we use your Personal Information, we will notify you where required by law – or where the changes are materially detrimental – through appropriate channels, such as our website or direct communication.
We encourage you to review this Privacy Policy periodically. The “Last Updated” date at the top of this page reflects the most recent version. Your continued use of the Freshlake platform after any changes take effect means the updated Policy applies to our handling of Personal Information from that point forward, unless otherwise required by applicable law.
CONTACT US
If you have any questions, concerns, or complaints about how Freshlake handles your Personal Information, or if you wish to exercise any of your rights under applicable privacy laws, please contact us at:
Freshlake AI Inc., Attn: Privacy Officer, at privacy@freshlake.ai, and at any mailing address Freshlake designates on the Website.
This includes any questions about this Privacy Policy or how we and our service providers (including those outside of Canada) manage Personal Information.
If you are not satisfied with our response, you may also contact your applicable privacy or data protection authority. Contact details for key regulators (including those in Canada, the UK, EU, and the U.S.) are provided in the jurisdiction-specific sections of this Policy.
THIS PRIVACY POLICY IS NOT A CONTRACT BUT OUTLINES OUR PRIVACY PRACTICES.