Trust & Security

All customer data — accounts, session transcripts, AI feedback, audio metadata — is stored in the European Union. Our database is hosted in Frankfurt and compute runs on EU edge locations. AI inference is routed to EU endpoints where the provider supports them.

• TLS 1.2+ in transit, AES-256 at rest.
• Row-level security enforced in the database — users see only their own data.
• Secrets stored in encrypted vault; least-privilege access for staff.
• Password breach detection via Have I Been Pwned on every signup and password change.
• SAML 2.0 single sign-on available for enterprise customers.

• Session transcripts, feedback content, and AI call logs are deleted after 365 days.
• Aggregate progression (NELO rating, achievements, daily challenge runs) is preserved.
• Account profile and entitlements are retained until the user requests deletion.
• Deleted accounts are purged from authentication after a 30-day grace period.

Every Freya user has self-serve access to:

• Export — download a JSON archive of your data once per 24 hours.
• Delete — request account deletion; 30-day cancel window before permanent purge.
• Rectify — edit profile fields directly in /profile.

Available at /settings/account once signed in. Controller-level requests: privacy@negotia.app.

Enterprise customers accept our DPA click-through in /settings/dpa. The current version is bundled with the in-app sign flow. For redlines or counter-signed copies email dpa@negotia.app.

We use the following sub-processors to operate Freya. Material changes are notified to customers at least 30 days in advance.

We notify affected customers within 72 hours of confirming a personal-data breach, with the information required by Article 33 GDPR.