Privacy policy

FriggHome — Privacy Policy

Effective date: 16.09.2025
Entity: Frigg Home AD, registered at 10 Tsar Osvoboditel Blvd, 3rd floor, 1000 Sofia, Bulgaria (“FriggHome”, “we”, “us”, “our”).

This Policy explains how we collect, use, share, and protect information when you visit our sites, use our mobile/desktop apps, and operate FriggBox hardware (Lite & Ultra) and related services (together, the “Services”).

Plain-English summary (not a substitute for the full policy):
• We don’t store your seed phrases or private keys. Those stay on your device.
• We collect minimal account and device telemetry to run the service, improve reliability, and fulfill orders.
• Rewards (if any) come from third-party protocols and on-chain activity is public by design.
• You can switch off optional analytics/crash reports.
• We don’t sell your personal data.

1) Information we collect

1.1 You provide to us

  • Account & contact data: name, email, password (hashed), country/region, preferences.

  • Orders & support: shipping address, phone (optional), order details, RMA/support messages, tickets, call recordings (where lawful/with notice).

  • Identity/KYC (only if required): date of birth, ID document data, and verification output from providers [e.g., SumSub/Persona] for sanctions/export/tax compliance.

  • Surveys/feedback/ambassador program: responses, content you submit, referral info.

1.2 Collected automatically

  • Device telemetry (FriggBox): device model, OS/firmware version, uptime, temperatures, CPU/RAM/disk utilization, role status (e.g., validator/relay active), performance counters, non-content error logs, and a device identifier.

  • App & web analytics: pages viewed, buttons clicked, rough location (from IP), session duration, campaign UTMs, crash logs.

  • Network data: IP address, time stamps, and routing meta-data necessary to deliver traffic through the Smart-Home Proxy or messaging relay. We do not collect the content of your encrypted messages.

1.3 Financial & payments

  • Payments are processed by third parties (e.g., Stripe). We receive payment confirmations and limited billing details; we do not store full card numbers or CVV.

  • On-chain addresses you provide or connect may be stored to display balances/rewards and for compliance (e.g., sanctions screening).

1.4 Public/on-chain data

Blockchain transactions and addresses are public and permanent. Anyone (including us) can view them. Think carefully before sharing addresses that link to your identity.

1.5 We do not collect

  • Seed phrases, private keys, or message contents. These remain on-device or end-to-end encrypted.

  • Sensitive categories unless you provide them for KYC/AML or support and we have a legal reason to process them.

2) How we use information (purposes & legal bases)

We process data to:

  • Provide the Services (set up accounts, fulfill orders, ship, returns/warranty, device activation, updates). (Legal basis: contract necessity)

  • Operate and secure devices and apps (telemetry, fraud/abuse prevention, incident response). (Legitimate interests; some security measures are legal obligations)

  • Improve performance and UX (aggregate analytics, A/B tests, crash diagnostics). (Legitimate interests / consent where required)

  • Communicate (transactional emails, service notices, shipping updates). (Contract necessity / legitimate interests)

  • Marketing (only if you opt-in): newsletters, waitlist updates, campaigns. (Consent; you can unsubscribe any time)

  • Compliance (KYC/AML/sanctions, tax, accounting, export). (Legal obligation / public interest)

Where we rely on consent, you can withdraw it at any time in the app or via the links in our emails.

3) Cookies & tracking

We use:

  • Essential cookies (security, session, checkout).

  • Analytics (privacy-respecting analytics; IPs truncated where possible).

  • Marketing (only if you opt-in).
    Manage preferences in our Cookie Settings and your browser settings. Some features won’t work without essential cookies.

4) Sharing your information

We share data with:

  • Payment processors (e.g., Stripe), fraud prevention, and KYC providers (if required).

  • Fulfillment & logistics partners (3PLs, carriers, customs brokers) to deliver your order.

  • Cloud & infrastructure vendors (hosting, email, analytics, error logging).

  • Professional advisors (legal, auditors) under confidentiality.

  • Public/leaderboards (optional): if you opt-in, we may publish anonymized or pseudonymous device metrics (e.g., uptime rankings).

  • Business transfers: if we merge/sell assets, data may transfer under equivalent safeguards.
    We do not sell your personal data or “share” it for cross-context behavioral advertising as defined by the CPRA.

5) International transfers

We may process data outside your country. When we transfer personal data from the EEA/UK/Switzerland to other regions, we use EU Standard Contractual Clauses (SCCs) and the UK Addendum/IDTA, plus supplemental measures where needed.

6) Data retention

We keep data only as long as needed:

  • Account & order records: duration of your account + up to 6 years (tax/accounting/legal).

  • Telemetry & logs: typically 30–365 days (rolling), then aggregated or deleted.

  • KYC data: as legally required (usually 5–10 years, jurisdiction-dependent).

  • Marketing data: until you unsubscribe or your account is deleted.

7) Security

We use industry-standard safeguards: encryption in transit, access controls, least-privilege, and vulnerability management. No system is 100% secure; you are responsible for securing your environment, strong passwords, updates, and offline backups of keys/seed phrases.

8) Your choices & controls

  • Telemetry controls: In the app, toggle Diagnostics/Analytics on or off. Critical security/operational telemetry may remain enabled to keep your device working safely.

  • Marketing: Unsubscribe via email footer or app settings.

  • Cookies: Manage in Cookie Settings.

  • Role participation: You choose which protocols/roles to run. Each has its own terms and eligibility rules.

9) Your rights

If you are in the EEA/UK/Switzerland (GDPR/UK GDPR)

You can access, correct, delete, or port your data; object to or restrict processing; and withdraw consent at any time. You also have the right to complain to your local supervisory authority.
Contact: support@frigghome.com. We may request proof of identity.

If you are in California (CCPA/CPRA)

You have the rights to know, delete, correct, to opt-out of sale/share (we don’t sell/share), and to limit use of sensitive information. We won’t discriminate for exercising rights.
Submit requests: support@frigghome.com.

Other regions

Local laws may grant additional rights. We’ll honor them where applicable.

10) Children’s privacy

Our Services are not for children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child provided data, contact us to delete it.

11) Third-party protocols & links

When you enable roles that interact with third-party protocols or services, their privacy terms apply to that interaction. On-chain data is public. Our sites/apps may link to other websites; we are not responsible for their practices.

12) Changes to this Policy

We may update this Policy to reflect technical, legal, or operational changes. If we make material changes, we’ll notify you (e.g., email, in-app, or banner). The “Effective date” shows when it last changed.

13) Contact us

  • Support: support@frigghome.com

  • Postal: FriggHome AD, 10 Tsar Osvoboditel Blvd, 3rd floor, 1000 Sofia, Bulgaria.

  • EU representative (GDPR Art. 27): [Christine De Biasi, 10 Tsar Osvoboditel Blvd, 3rd floor, 1000 Sofia, Bulgaria (FriggHome's HQ)]

14) Region-specific disclosures (summaries)

EEA/UK — Legal bases map (examples)

  • Account creation, orders, shipping → Contract

  • Device security/telemetry → Legitimate interests (and legal obligation for security)

  • Marketing emails → Consent

  • KYC/sanctions → Legal obligation / public interest

California — Notice at collection (examples)

  • Identifiers (name, email, IP, address) — collected for account, shipping, security.

  • Commercial info (orders, RMA) — collected for fulfillment and support.

  • Internet/network activity (app/web analytics) — collected for security and service improvement.

  • Geolocation (coarse) — inferred from IP for fraud prevention and localization.

  • Sensitive personal info (KYC, if required) — used only for compliance; not used to infer characteristics.
    Retention: as outlined in Section 6. Purposes & categories of recipients: Sections 2 and 4.