Privacy Policy (European Economic Area, United Kingdom, and Switzerland)
Effective Date: June 29, 2025
1. Introduction
This Privacy Policy applies to users in the European Economic Area (EEA), United Kingdom (UK), and Switzerland. It describes how Professional and Friendly ("we," "us," or "our") processes personal data when you use our AI-powered email enhancement service (the "Service") in compliance with the General Data Protection Regulation (GDPR), UK GDPR, and Swiss Federal Data Protection Act.
2. Controller Information
Data Controller:
Professional and Friendly
Email: professionalandfriendly@protonmail.com
3. Legal Bases for Processing
We process your personal data based on the following legal bases:
- Contract Performance (Art. 6(1)(b) GDPR): To provide our email enhancement Service
- Legitimate Interests (Art. 6(1)(f) GDPR): To improve our Service, ensure security, and conduct analytics
- Consent (Art. 6(1)(a) GDPR): Where explicitly obtained for specific processing activities
- Legal Obligation (Art. 6(1)(c) GDPR): To comply with applicable laws
4. Personal Data We Process
4.1 Categories of Personal Data
- Content Data: Email text content you submit for enhancement
- Technical Data: IP address, browser information, device identifiers
- Usage Data: Service interaction logs, feature usage statistics, analytics data
4.2 Special Categories of Personal Data
We do not intentionally collect special categories of personal data (health, biometric, genetic data, etc.). If such data is inadvertently included in email content you submit, please refrain from using our Service for such content.
5. Purposes of Processing
We process your personal data for:
- Providing AI-powered email enhancement services
- Maintaining and improving Service functionality
- User account management and authentication
- Technical support and customer service
- Service security and fraud prevention
- Legal compliance and dispute resolution
6. Third-Party Processing and International Transfers
6.1 OpenAI Partnership
CRITICAL INFORMATION: Our Service uses OpenAI's API, and we participate in OpenAI's data sharing program:
- Data Sharing: We share your email content and AI outputs with OpenAI as part of their data sharing program. Your data may also be temporarily processed by our service providers including hosting services, cloud infrastructure providers, and other technical service providers.
- Training Use: OpenAI may use this shared data to train and improve their AI models
- International Transfer: Data is transferred to the United States where OpenAI processes it
- Safeguards: OpenAI has implemented appropriate safeguards for international transfers
Please review OpenAI's policies for detailed information:
- OpenAI Privacy Policy: https://openai.com/policies/privacy-policy/
- OpenAI EU Privacy Policy: https://openai.com/policies/eu-privacy-policy/
- OpenAI Terms of Use: https://openai.com/policies/terms-of-use/
6.2 Transfer Mechanisms
For transfers outside the EEA/UK/Switzerland, we rely on:
- Adequacy decisions where available
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules
- Appropriate safeguards as required by GDPR
WE STRONGLY ADVISE AGAINST INCLUDING:
- Confidential or sensitive business information
- Personal data of third parties
- Health or medical information
- Financial or payment information
- Any data you consider highly sensitive
7. Data Retention
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Email Content (Input/Output) | Up to 30 days by us and service providers | Service provision |
| Technical/Usage Logs | Up to 90 days | Legitimate interests |
| Analytics Data | Up to 2 years | Legitimate interests |
| Legal/Compliance Records | As required by law | Legal obligations |
8. Your Rights Under GDPR
You have the following rights:
8.1 Access (Art. 15)
Request access to your personal data and information about our processing
8.2 Rectification (Art. 16)
Correct inaccurate or incomplete personal data
8.3 Erasure (Art. 17)
Request deletion of your personal data in certain circumstances
8.4 Restriction of Processing (Art. 18)
Limit how we process your data in specific situations
8.5 Data Portability (Art. 20)
Receive your data in a structured, machine-readable format
8.6 Object to Processing (Art. 21)
Object to processing based on legitimate interests or for direct marketing
8.7 Withdraw Consent
Where processing is based on consent, you may withdraw it at any time
8.8 Automated Decision-Making (Art. 22)
We do not engage in automated decision-making with legal or similarly significant effects
9. Exercising Your Rights
To exercise your rights:
- Email: professionalandfriendly@protonmail.com
- Subject Line: "GDPR Rights Request"
- Include: Your account details and specific request
We will respond within one month of receiving a valid request. This may be extended by two months for complex requests.
10. Data Protection Officer
If required by GDPR, our Data Protection Officer can be contacted at:
[DPO Contact Information]
11. Security Measures
We implement appropriate technical and organizational measures including:
- Encryption of data in transit and at rest (AES-256)
- Access controls and authentication
- Regular security assessments and penetration testing
- Staff training on data protection
- Incident response procedures
12. Data Breach Notification
In case of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours (if required)
- Inform affected individuals without undue delay (if high risk)
- Document all breaches as required by GDPR
13. Children's Data
Our Service is not intended for children under 16 (or the applicable age in your country). We do not knowingly process personal data of children. If we become aware of such processing, we will delete the data immediately.
14. Complaints and Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority:
- EU: Find your authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en
- UK: Information Commissioner's Office (ICO) - https://ico.org.uk/
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
15. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. Material changes will be communicated through:
- Email notification to registered users
- Prominent notice on our website
- In-app notifications
16. Legal Framework
This Privacy Policy is governed by:
- General Data Protection Regulation (EU) 2016/679
- UK General Data Protection Regulation
- Swiss Federal Data Protection Act
- Applicable national data protection laws
17. Contact Information
Data Controller: Professional and Friendly
Address: [Full Address]
Email: professionalandfriendly@protonmail.com
Phone: [Phone Number]
Website: https://www.professionalandfriendly.com
For data protection inquiries specifically: professionalandfriendly@protonmail.com