Help & FAQ
The short version of how Frenemy works — install, what you get, billing, privacy, and how to turn it off. Can’t find it? Email support@frenemy.dev — a human replies within one business day.
Getting started
What does Frenemy actually do?
More than half of all web traffic is now automated. Frenemy verifies who each automated visitor really is — a search crawler, an AI assistant, a training scraper, or an impostor wearing a familiar name — classifies what it's doing to your business as friend, frenemy, or foe, and, when you're ready, lets you act on it. Your human analytics stay cleanly separated from the bots.
Which platforms can I install it on?
Today: Cloudflare (in front of any stack), Next.js apps on Vercel, and WordPress — the Frenemy plugin is live on WordPress.org (search “Frenemy” under Plugins → Add New).
On something else? Sign up and we'll add you to the list for your platform — Frenemy has to sit where it can see your traffic, and we're steadily expanding where that's possible.
How do I install Frenemy?
Frenemy runs at the edge of your own site, in about five minutes. On Cloudflare, Vercel, or Next.js you connect your account (or paste a small snippet) and deploy — the wizard walks every step with copy buttons, and names the exact buttons to click.
It runs in your infrastructure, not ours: your site never depends on us to serve a request. If Frenemy ever fails, it fails open — your visitors are unaffected.
How long until I see data?
Most sites see their first classified bot within a day or two; quieter sites can take longer — crawlers come on their own schedule. Once your install is verified and listening, an empty dashboard means nothing has visited yet, not that something is broken.
What you get
Do you see every visitor, or just a sample?
Every visitor is classified and every visitor is subject to your policy — no sampling on the decision. We sample only anonymous human traffic for the analytics baseline (humans aren't what you're paying us to act on, and we keep your privacy tight). Bots — the ones that matter — are tracked in full up to your plan's limit.
What does the SEE + ACT plan actually buy me?
ACT is the safe action layer: per-crawler block/throttle decisions on 100% of traffic, a dry-run preview that shows exactly what a rule would do before it does anything, the never-block-search safety interlock, consent flags, licensing receipts, and a one-switch kill.
When can I actually block?
Enforcement is built, and it ships deliberately: per-site, opt-in, only after your own observe data has proven the classifications on your traffic. Blocking a real search crawler by accident is the one mistake we refuse to ship. ACT's dry-run shows you exactly what every rule would have done — so when the crawler landscape shifts this September, you'll already know your answer.
Is the dollar figure real?
It's an estimate, always labeled as one: measured bytes × a rate you set. The bytes are measured; the dollar is your assumption made visible — never a fake invoice.
How does Frenemy know who a visitor really is?
Most bots simply announce who they are in their user-agent string — and impostors lie. Frenemy checks that claim against the operator's own published records: the IP ranges companies like Google and OpenAI publish for their crawlers, plus signed Web Bot Auth and reverse DNS where available. A visitor that passes is marked verified; one that only claims an identity is marked claimed; one that fails the operator's own check is flagged an impostor.
When we can't be certain, we say so rather than guess — and we deliberately err on the safe side, so the worst case is an impostor slipping through, never a real search crawler treated as fake.
What's the difference between the plans?
SEE is knowing: every bot named, verified, and scored for what it costs or earns you, with a clean human-only analytics baseline and 30-day history. SEE + ACT adds the safe action layer — per-class rules, a dry-run preview, the never-block-search interlock, exportable cost/earn receipts, and 12-month history. SEE + ACT + AUTOMATE lets Frenemy handle new scrapers and impostors by your standing policy, and is arriving in a later release.
Every plan is per site and cancel-anytime, and each tier is everything before it plus one more level of power. Current prices are on our Pricing page.
What is a dry run, and what's the never-block-search interlock?
A dry run is a rehearsal: you stage a rule and Frenemy shows you exactly what it would have done — how many requests it would have blocked or throttled, and which — with nothing actually taking effect. You watch the real numbers before you commit to anything.
The never-block-search interlock is a structural guarantee that verified search engines and assistants can't be blocked, even by accident. It's built into the engine, not a checkbox you might forget — because blocking a real search crawler is the one mistake we refuse to ship.
Billing & limits
If I go over my plan's limit, do you stop protecting me?
No. Enforcement never stops or samples — it runs on every request regardless. The limit only affects how many individual bot events we store for drill-down; your totals and the dollar ledger stay exact.
How do I manage or cancel my plan?
Billing is fully self-serve. From Plans & billing in your dashboard you can update your card, view invoices, or cancel — cancellation takes effect at the end of your paid period, and there's no charge to reach us to do it.
Do you offer refunds?
Every plan starts with a free 14-day trial (no card required), so you can decide before you pay — that's our money-back guarantee. After that, you can cancel anytime and you won't be charged again; we don't refund a period that's already started.
Charged by mistake — a duplicate charge, or a renewal you meant to cancel? Email support@frenemy.dev and we'll make it right.
What if crawlers barely showed during my trial?
That's not a fair test, and we won't hold it against you. Email us and we'll extend your trial, no questions asked — quieter sites just need a longer window for crawlers to arrive.
Is there a free trial? Do I need a credit card?
Yes — every plan starts with a 14-day free trial with full SEE + ACT access, and no credit card up front. You keep your data either way, and you decide before you ever pay.
Can I protect more than one site with one account?
Yes. One account can hold as many sites as you like, each with its own subscription and its own dashboard. The free trial applies once per account. We don't offer a reseller or white-label program today.
Privacy & safety
What visitor data do you store?
We never store raw visitor IP addresses. Each IP is irreversibly hashed at ingest with a keyed, per-site salt that rotates daily, and prior keys are destroyed at rotation — so no personally identifying visitor record exists at rest. We also strip advertising click identifiers at ingest.
Full detail is in our Privacy Policy.
Is it safe? Can Frenemy break my site?
Frenemy fails open — if we ever go down, you don't. Verified search engines are never blocked by default, enforcement is opt-in and off until you turn it on, and everything Frenemy can do turns off with one switch. Safe isn't a mode; it's the default.
Who else can see my data?
Only the vendors that run the service, each getting the minimum it needs: Cloudflare (hosting and edge), Stripe (billing — we never store full card numbers), and Resend (the sign-in and service emails we send you). We also use Anthropic's models to help analyze automated-traffic patterns; that analysis receives network information (ASN), the user-agent strings of suspected bots, and aggregate counts — never IP addresses, and never your account details or email. The full list is in our Privacy Policy.
Do you sell my data?
No. We don't sell your personal information, and we don't share it for cross-context advertising. We do use aggregated, de-identified data to operate and improve the service — including the shared bot registry and the public Frenemy Report — but those aggregates are never sold and never attributable to any individual site.
Can I delete my account and its data?
Yes. Email support@frenemy.dev from your account's email address and we'll remove your account and the data tied to it. Two honest caveats: we can't claim instant deletion everywhere — routine backups age out on their own schedule, and our payment processor keeps the billing records tax law requires. If you're a visitor to a site that uses Frenemy rather than a customer, your request goes to that website's operator, who controls their visitors' data; we only process it for them.
Do you have SOC 2, a DPA, or an uptime guarantee?
We'd rather be honest about where we are. Frenemy is in early access, so we don't yet hold a SOC 2 or ISO 27001 certification, and we don't promise a formal uptime SLA. What we do stand behind is the architecture: Frenemy fails open, so if it ever goes down your site keeps serving normally. A Data Processing Agreement is available on request.
Troubleshooting & turning it off
How do I turn Frenemy off right now?
Frenemy runs in your own account, so you don't need us — or our dashboard — to disable it.
Front-Worker install: in your Cloudflare dashboard, open the frenemy-observer-… Worker → Settings → Variables → set FRENEMY_ENABLED to 0 (or delete the Worker's route). Takes effect in seconds.
Embed install: remove the withFrenemy(...) wrapper from your Worker's fetch handler and redeploy — your handler runs exactly as before. Either way your site keeps serving normally.
I installed Frenemy but see no data.
First, give it time: crawlers arrive on their own schedule, and a verified, listening install with an empty dashboard usually just means nothing has visited yet. If it's been more than a couple of days on a site you know gets bot traffic, check that the install is still deployed (the wizard's Install & health page confirms this) and then reach out — we'll look with you.
You classified a crawler wrong — can you fix it?
Tell us what you're seeing and we'll investigate it with you. Classification isn't perfect — false positives and negatives happen — so we can't promise a specific verdict or a turnaround, but we take every report seriously and use it to make the shared registry better for everyone. Email support@frenemy.dev with the crawler and what you'd expect.
My sign-in link didn't arrive.
Frenemy has no passwords — you sign in with a one-time link. Check your spam or junk folder and any corporate mail filter; the link comes from login@frenemy.dev, and it expires quickly for security, so if yours has, just request a fresh one. There are more fixes on our Troubleshooting page.
How do I get help?
Email support@frenemy.dev — a human (the founder) replies within one business day. There's no phone or live chat by design; async support is the only channel we can promise honestly, and keep.