Privacy Policy

Last updated: 6 March 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

David Rähles
Unter der Linde 11
80939 München, Germany
E-Mail: hello@fridakailo.com

2. What Frida Kailo Is

Frida Kailo is a managed personal AI assistant service. Each customer receives a dedicated virtual private server (VPS) provisioned on Hetzner Cloud infrastructure. The assistant connects to the customer's personal services (email, calendar, messaging, smart home, etc.) and performs tasks on the customer's behalf. This website (fridakailo.com) serves as the marketing site, customer portal, and onboarding flow for the service.

3. No Tracking, No Analytics, No Advertising

This website does not use any analytics, tracking, or advertising services. Specifically:

  • No Google Analytics, Google Tag Manager, or any similar analytics tool
  • No third-party tracking pixels or conversion tracking
  • No advertising networks or retargeting services
  • No social media tracking widgets or share buttons
  • No fingerprinting, behavioural profiling, or cross-site tracking of any kind
  • No cookie consent banner is required because no non-essential cookies are set

4. Cookies

We use only strictly necessary, first-party session cookies required for the website to function. These are:

  • fk_session — authenticates your login session
  • fk_invite_code — remembers your invite code during onboarding
  • fk_verify_email — used during the email verification flow

All session cookies are httpOnly, secure, and sameSite=lax. They cannot be read by JavaScript and are transmitted only over HTTPS. They expire when your browser session ends or are cleared upon logout. No personal data is stored in these cookies.

5. Data We Collect

5.1 Waitlist sign-up

If you join the waitlist, we store your email address to notify you when access becomes available. Legal basis: your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time by emailing hello@fridakailo.com.

5.2 Onboarding & account creation

When you sign up for the service, we collect: your name, email address, postal address, and (optionally) company name. This data is necessary for contract performance (Art. 6(1)(b) GDPR) and legal obligations such as invoicing (Art. 6(1)(c) GDPR).

5.3 Payment data

Payments are processed by Stripe, Inc. We do not store your credit card details. Stripe processes your payment data as an independent controller under their own privacy policy. Legal basis: contract performance (Art. 6(1)(b) GDPR).

5.4 Server logs

Our hosting provider Vercel, Inc. automatically collects server access logs (IP address, timestamp, requested URL, HTTP status code, user agent). These logs are used solely for security, error diagnosis, and abuse prevention. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). Logs are retained according to Vercel's data retention policy and are not used for profiling or analytics.

5.5 Smart onboarding enrichment (optional)

During onboarding you may opt in to smart enrichment. When enabled, we look up publicly available professional information about you so that Frida knows who you are from day one. This is entirely optional and requires your explicit consent.

Sources consulted:

  • GitHub public profile and repositories
  • Gravatar profile
  • Personal websites and company websites
  • Web search results via Brave Search

What we collect:

Publicly available professional information — such as your role, company, bio, skills, projects, and interests. We collect positive findings only.

What we do NOT collect:

  • No special category data per GDPR Art. 9 (health, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sexual orientation)
  • No salary or compensation information
  • No negative, controversial, or sensitive personal content

Purpose:

Personalising your AI assistant experience so that Frida can provide relevant help from the very first interaction, without you having to explain your background manually.

Legal basis:

Your explicit consent (Art. 6(1)(a) GDPR). You opt in during onboarding and can withdraw consent at any time.

Where enrichment data is stored:

  • In Fridakailo's database (Turso) as part of your account profile
  • Pushed to your personal VPS as a USER.md file that Frida references

Your controls:

  • View, edit, or delete enrichment data via your account page
  • Ask Frida to forget specific information at any time
  • Re-run enrichment whenever you like to refresh the data
  • Disable future enrichment at any time from your account page and delete existing enrichment data

6. Third-Party Services

This website integrates the following third-party services:

Google Fonts

We load the Playfair Display typeface from Google Fonts. When you visit this website, your browser connects to Google's servers (fonts.googleapis.com, fonts.gstatic.com), which may transmit your IP address to Google LLC. Legal basis: legitimate interest (Art. 6(1)(f) GDPR) in consistent typography. Google's privacy policy: policies.google.com/privacy.

Stripe

Payment processing for subscriptions and one-time fees. Stripe processes payment data as an independent controller. Stripe's privacy policy: stripe.com/privacy.

Resend

Transactional email delivery (verification codes, account notifications). Resend processes your email address as a data processor on our behalf. Legal basis: contract performance (Art. 6(1)(b) GDPR).

Vercel

Website hosting and deployment. All HTTP requests pass through Vercel's infrastructure. Vercel processes server logs as a data processor on our behalf. Vercel's privacy policy: vercel.com/legal/privacy-policy.

Turso (LibSQL)

Database hosting for application data (accounts, sessions, invite codes). Turso processes data as a data processor on our behalf. Legal basis: contract performance (Art. 6(1)(b) GDPR).

Calendly

Scheduling widget for booking onboarding calls. When you visit the scheduling page, Calendly's script is loaded and your booking data is processed by Calendly. Legal basis: consent (Art. 6(1)(a) GDPR) — you choose to book. Calendly's privacy policy: calendly.com/privacy.

Hetzner Cloud

VPS infrastructure for customer AI assistant instances. Customer VPS data is provisioned and managed on Hetzner's EU-based data centres. Legal basis: contract performance (Art. 6(1)(b) GDPR).

7. International Data Transfers

Some of the services listed above (Stripe, Vercel, Google, Calendly) are operated by US-based companies. Data transfers to the United States are covered by the EU-U.S. Data Privacy Framework or, where applicable, Standard Contractual Clauses (SCCs). Hetzner and Turso process data within the EU.

8. Data Retention

  • Waitlist emails: until you withdraw consent or we contact you, whichever comes first
  • Account data: for the duration of the contractual relationship and as required by law (typically 6-10 years for tax/accounting records under German law)
  • Enrichment data: until you delete it, withdraw consent, or delete your account — whichever comes first
  • Session cookies: expire at the end of your browser session
  • Server logs: per Vercel's retention policy (typically 30 days)

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing based on legitimate interest (Art. 21 GDPR)
  • Withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3) GDPR)

To exercise any of these rights, contact us at hello@fridakailo.com.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77 GDPR). The supervisory authority for Bavaria is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

← Back to home