How Frankie handles your data.
This page is the procurement-grade version of our privacy posture. Plain language. Forward it to your security team. It is structured to answer the questions a procurement reviewer will actually ask.
For privacy questions about the marketing website itself, see the website privacy policy.
1. Posture
Frankie reads conversations to score the skill that was actually exercised. We do not use that data to train models. We do not resell it. We do not target ads with it. Your transcripts stay yours.
The shorter version of this statement lives on the product page. This page is the longer version, the one you forward to legal.
2. What Frankie collects
From the providers your organization configures (Claude, ChatGPT), Frankie ingests:
- Chat content (the messages on both sides of the turn).
- Chat metadata (provider, model, timestamps, length, role of the chatter inside your org).
- Account identifiers from your auth provider, used only to map a chat to an employee.
Frankie does not collect screen content, audio, video, browser history, or anything outside the configured providers.
3. What Frankie never does
- We do not train models on your conversations. Not foundation models. Not fine-tunes.
- We do not sell, license, or share conversation data with third parties beyond the documented sub-processors below.
- We do not run advertising. There is no ad targeting and no ad data path.
- We do not store credentials or tokens for the source providers in plaintext.
4. Sub-processors
Frankie runs on a small, intentionally short list of sub-processors. The list is reviewed quarterly. Adding a new sub-processor requires written notice to enterprise customers.
| Vendor | Purpose | Region |
|---|---|---|
| Railway | Application hosting | US |
| Postgres (managed) | Operational data store | US |
| OpenAI / Anthropic | Embeddings + scoring (no training) | US |
The categories above are stable. Specific vendors are confirmed in the Data Processing Agreement signed with each customer. We provide written notice to enterprise customers before adding any new sub-processor.
5. Retention
Frankie keeps three classes of data, each with its own clock.
- Raw chats. Held only as long as needed to compute scores and surface evidence. Default ceiling is 180 days; configurable downward.
- Embeddings and scores. Held while the employee remains active in the system, then archived per your data retention policy.
- Aggregate metrics. Retained indefinitely; no per-message content is recoverable from these.
Deletion requests reach all three classes inside 30 days.
6. Compliance roadmap
Where we are today, in honest form:
- SOC 2 Type 1. In progress, evidence collection underway.
- SOC 2 Type 2. Targeted within twelve months of GA.
- GDPR. Data subject access and deletion paths supported. Standard Contractual Clauses available on request.
- DPA. A Data Processing Agreement is available for enterprise customers and signed before any production data flows.
- Breach notification. If we discover an incident affecting customer data, we notify the customer per applicable law and per the DPA, without undue delay.
- Data residency. US-only at launch. EU residency on the roadmap.
7. FAQ
Will Frankie's vendors train on our chats?
No. We pass conversation data to model providers under no-training agreements where available, and we do not enable training on default provider terms.
Can employees opt out?
Yes. Opt-outs are honored at the source by excluding their account from ingestion. Existing data is removed on the standard deletion clock.
Where is the data physically stored?
United States, in regions documented per sub-processor.
Who at Frankie can see chat content?
Engineers on the core data team, in audited environments, only when investigating a specific bug or scoring anomaly. Routine analytics never expose raw content.
Can we self-host?
Not at launch. On the roadmap for enterprise customers.
Who do we contact for security review?
Get in touch. A Frankie founder will respond personally.