Frenemy is operated by Solvitur Studio LLC (“we,” “us”). This policy explains what personal information we handle when you visit our websites (including frenemy.dev and lab.frenemy.dev) or use the Frenemy service, and your rights over it.

1. Two contexts — controller vs. processor

We handle personal data in two distinct roles, and this policy applies to only the first:

2. Information we collect as a controller

3. How we use it, and our legal bases

We use the information above to provide, operate, secure, and improve the service; to process billing; to respond to support requests; and to meet legal obligations. Under the GDPR our legal bases are: performance of our contract with you (providing the service, billing); legitimate interests (securing and improving the service, understanding website usage); consent (any marketing you opt into); and legal obligation where applicable.

4. Cookies

We use cookies strictly necessary for authentication and core functionality — signing in sets a session cookie; that’s it. We set no advertising, analytics, or other non-essential cookies, which is why you don’t see a cookie banner.

5. How we share information

Service providers / subprocessors — vendors that help us run the service. The current list (kept in step with the subprocessor list referenced in our DPA):

6. Visitor data we process on behalf of customers

This section describes processing this policy does not govern, included for transparency. When Frenemy operates on a customer’s website, it processes visitors’ IP addresses and user-agent strings in order to classify automated traffic, apply the verdicts the customer has configured, and produce the customer’s ledger. For that processing:

7. Data retention

We keep account information for as long as your account is active and for a limited period afterward for legal, accounting, and dispute-resolution purposes. Visitor data processed as a processor is retained per Section 6 and the DPA. We may retain aggregated or de-identified data, which does not identify you, for longer.

8. Security

We use commercially reasonable technical and organizational measures to protect personal information. No method of transmission or storage is completely secure, and during the service’s early-access period we do not warrant any specific security standard or certification.

9. International data transfers

We are based in the United States. Where we handle personal data of individuals in the EU, UK, or other regions with transfer restrictions, we rely on appropriate safeguards such as the Standard Contractual Clauses.

10. Your rights

Under the GDPR (EU/UK), you may request access, correction, erasure, restriction, or portability of your personal data; object to certain processing; and withdraw consent at any time. You may also lodge a complaint with your local supervisory authority.

Under the CCPA/CPRA (California), you may request to know, delete, or correct your personal information, and to opt out of its sale or sharing — though, as noted in Section 5, we do not sell or share it. We will not discriminate against you for exercising these rights.

To exercise any of these, contact us using Section 12. For data we process as a processor on a customer’s behalf (Section 6), please direct your request to the relevant website operator.

11. Children

The service and our websites are not directed to children, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact us and we will delete it.

12. Changes & contact

We may update this policy from time to time; for material changes we will provide notice, and the effective date above always reflects the current version. Privacy inquiries: Solvitur Studio LLCsupport@frenemy.dev.