Plain-language summary: We collect only what we need to run FriendJo. We never sell your data. Corporate wellbeing data is always aggregated. We never expose individual employee information. You can request deletion of your data at any time.
Flourixa Technologies Inc. ("Flourixa", "we", "our", or "us") operates FriendJo, an AI companion and organisational wellbeing platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use FriendJo (the "Service").
We are committed to complying with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Where our services are used by individuals in the European Economic Area (EEA) or United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and UK GDPR.
1. Who We Are
Flourixa Technologies Inc. is a company incorporated in Canada. FriendJo is our product. All references to "we", "us", or "our" in this document refer to Flourixa Technologies Inc.
This Policy applies to all users of the FriendJo platform, including individual users of the AI companion service and corporate customers using the FriendJo Corporate Wellbeing tier.
2. Information We Collect
a. Individual Users
- Account information: Email address and profile details you provide when signing up.
- Conversation data: Messages you send to FriendJo AI companions, used to generate responses and improve the service.
- Usage data: Which AI personality you use, session frequency and duration, and feature interactions.
- Payment information: Payment processing is handled entirely by Stripe. We store only a reference to your Stripe customer ID. We never see or store your full card details.
- Device and technical data: Browser type, device type, IP address, and approximate location (country/region) collected via server logs.
- Cookies: Session cookies to maintain your login state. We do not use advertising or tracking cookies.
b. Corporate Customers and Their Employees
- Organisation details: Company name, billing contact, subscription tier, and team member email addresses added by the IT administrator.
- Workplace behavioural metadata: When an IT administrator connects a workplace integration (Microsoft 365, Google Workspace, Slack, Zoom), we collect only behavioural metadata, such as calendar density, after-hours activity, meeting frequency, and response latency. We do not access, read, or store the content of any messages, emails, documents, or calendar event details.
- Aggregated wellbeing signals: Metrics derived from behavioural metadata, used solely to generate organisational wellbeing reports for the IT administrator and authorised managers.
- Corporate user chat messages: Messages sent by corporate users to FriendJo AI companions may be used, in anonymised and aggregated form only, to contribute to organisational sentiment analysis.
3. How We Use Your Information
- To deliver the FriendJo AI companion service and generate responses.
- To manage your account, subscription, and billing.
- To generate organisational wellbeing reports for corporate customers (aggregated data only).
- To improve the platform through anonymised usage analysis.
- To communicate with you about your account, subscription, or service updates.
- To detect and prevent fraud, abuse, or security incidents.
- To comply with applicable legal obligations.
4. Corporate Wellbeing Data: Special Protections
These protections are built into the platform architecture and cannot be overridden, even by organisation owners or administrators.
- Minimum threshold: Wellbeing reports are only generated when an organisation has at least 10 active members. This prevents any report from revealing information identifiable to specific individuals.
- Aggregated data only: All wellbeing metrics represent the organisation as a whole. No individual employee data, scores, or metrics are ever displayed to anyone.
- No message content: Workplace integrations collect only behavioural metadata. We have no access to the content of messages, emails, documents, or calendar entries.
- IT administrator consent: Integrations are connected by the IT administrator on behalf of the organisation. By connecting an integration, the administrator confirms they have the legal authority and appropriate employee notices in place.
- 7-day rolling data window: Raw behavioural signal data is retained for a rolling 7-day window only, after which it is automatically and permanently deleted.
5. Legal Basis for Processing
- Contract performance: Processing necessary to deliver the service you have subscribed to.
- Legitimate interests: Anonymised analytics and platform improvement, balanced against your privacy rights.
- Consent: Where you have explicitly consented, such as when an IT administrator accepts the Data Processing Agreement for workplace integrations.
- Legal obligation: Where required by applicable Canadian or international law.
6. How We Share Information
We do not sell your personal information to any third party, ever.
- Stripe: Payment processing. We share only what is necessary to process your subscription. Stripe's own privacy policy governs their handling of payment data.
- AI model providers: Your messages are sent to AI model providers (Cerebras, Google Gemini, DeepSeek) to generate responses. We share only message content. We never share your name, email, or account details.
- Workplace integration providers: When you connect Microsoft 365, Google Workspace, Slack, or Zoom, data is retrieved under the OAuth permissions you authorise. We act as a data processor on behalf of the corporate customer.
- Legal compliance: We may disclose information where required by law, regulation, or to protect the rights and safety of our users or the public.
- Business transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred. We will provide notice and, where required, seek your consent.
7. Data Retention
- Individual chat history: Session history is stored in your browser's local storage under your control. Server-side session data is cleared when you log out.
- Account data: Retained while your account is active and for up to 12 months after account deletion, unless a shorter period is required by law.
- Corporate behavioural signals: Raw signals retained for a rolling 7-day window. Aggregated wellbeing snapshots retained for 12 months.
- Payment records: Retained as required by Canadian tax and accounting law (typically 7 years).
8. Your Rights
Depending on where you are located, you may have the right to:
- Access the personal information we hold about you.
- Request correction of inaccurate or incomplete information.
- Request deletion of your personal information ("right to be forgotten").
- Object to or restrict certain types of processing.
- Withdraw consent where processing is based on consent.
- Request a portable copy of your data in a structured, machine-readable format.
- Lodge a complaint with your national or provincial data protection authority.
To exercise any of these rights, contact us at privacy@flourixatech.com. We will respond within 30 days.
9. Data Security
We use industry-standard security measures including encrypted connections (HTTPS/TLS), encrypted credential storage, access controls, and regular security reviews. OAuth tokens for workplace integrations are stored encrypted. Access to personal data is limited to authorised personnel only. No online service is 100% secure. Please notify us immediately of any suspected unauthorised use of your account.
10. International Data Transfers
Your information may be processed in countries other than Canada, including where our AI model providers and hosting infrastructure are located. We apply consistent privacy protections regardless of where data is processed, and we use appropriate safeguards such as data processing agreements where required.
11. Children's Privacy
FriendJo is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page. Continued use of FriendJo after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
For any questions, concerns, or rights requests regarding this Privacy Policy or how your data is handled: