...

frejun.com

Menu

FreJun — Global Privacy Policy

Effective date: June 2020   |   Last modified: June 2026
This policy applies to Frejun Inc. (USA), FreJun India Pvt. Ltd. (India), and Al-FreJun (UAE) collectively referred to as “the FreJun Group”.
Applicable legal frameworks: GDPR (EU) • DPDP Act 2023 / DPDP Rules 2025 (India) UAE Federal Decree-Law No. 45 of 2021 and Applicable US State Laws

How to read this policy
This is a single, consolidated privacy policy that applies across all three FreJun Group entities. Where the law of a particular jurisdiction imposes specific obligations or grants specific rights beyond the general text, those are called out in colour-coded notes. If no jurisdiction-specific note appears in a section, the general text applies to all users equally.

  • India (DPDP Act 2023 & DPDP Rules 2025) — applies to users served by FreJun India Pvt. Ltd.
  • UAE (Federal Decree-Law No. 45 of 2021 on PDPL) — applies to users served by Al-FreJun
  • United States — applies to users served by FreJun Inc.

The entity responsible for your data depends on where you access and use the Services. All three entities adhere to the standards set out in this policy as a baseline minimum, and each additionally complies with the applicable laws of its jurisdiction.

  1. The FreJun Group — who is responsible for your data
    FreJun operates through three legal entities, each serving users in its respective region. Depending on where you are located and which entity provides your Services, one of the following is the Controller or Data Fiduciary responsible for your personal information:
    FreJun Inc. — incorporated in the United States. Serves users in North America and globally where no regional entity applies. Governing law: State of Delaware, USA.
    FreJun India Pvt. Ltd. — incorporated in India under the Companies Act, 2013. Serves users in India. Governing data law: Digital Personal Data Protection Act, 2023 and DPDP Rules, 2025.
    Al-FreJun — operating in the United Arab Emirates. Serves users in the UAE and the wider MENA region. Governing data law: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).
    For EU residents, whichever entity you contract with acts as the GDPR Controller for your data. All three entities are bound by the same data protection standards set out in this policy and maintain appropriate intra-group data sharing arrangements.
    Collectively, the three entities are referred to in this policy as “we”, “us”, “our”, or “the FreJun Group”.
  1. Key terms
    The following definitions apply throughout this policy:
    • “Personal information” / “personal data”: Any information that identifies or can reasonably identify you as a specific individual.
    • “Services”: The FreJun platform, website, mobile applications, APIs, and all associated features and tools.
    • “Participants”: Third parties who join calls hosted or initiated through your account.
    • “Controller” (GDPR) / “Data Fiduciary” (DPDP Act) / “Controller” (UAE PDPL): The entity that determines the purposes and means of processing personal data. The relevant FreJun Group entity serves in this role for your data.
    • “Data Subject” (GDPR, UAE PDPL) / “Data Principal” (DPDP Act): The individual whose personal data is being processed — you, as the user.
    • “Data Processor”: A third party that processes personal data on behalf of a FreJun Group entity, under documented instructions.
  1. What personal information we collect
    Information you provide directly
    When you create an account, contact us for support, or register for communications, you share personal information with us. This typically includes your name, email address, phone number, company name, and designation. Account setup also involves payment card details. Where you choose to connect them, calendar data (such as Google Calendar or Outlook) and contact lists are collected.

Information generated through use of the platform
FreJun is a calling and communication platform. Using it means we collect voice recordings of calls — yours and those of Participants. This is core to the product; features such as AI call notes, summaries, and playback depend on it. We also collect Participant email addresses and, where enabled by you, credentials for third-party integrations.

Information collected automatically
Our website uses Google Analytics (Google Inc.) with IP anonymisation enabled. We also collect data through social media channels — Facebook, Twitter, Instagram, and LinkedIn — when you interact with our content or use social login.

Cookies and tracking technologies
We use cookies, beacons, tags, and scripts to understand platform usage, improve user experience, and serve relevant content. Types deployed include session, first- and third-party, secure, HTTP-only, and persistent cookies. Information collected includes IP addresses, location indicators, browser and device data, and session details. Disabling cookies does not restrict access to the Services.

India (DPDP Act 2023):  Under the DPDP Act, this policy constitutes the required notice to Data Principals in India, describing the categories of personal data collected, the purposes of processing, and the mechanism for exercising rights. Where consent is the basis for processing, it is obtained separately through our registration and onboarding flow and must be free, specific, informed, unconditional, and unambiguous.

UAE (PDPL 2021):  Under the UAE PDPL (Federal Decree-Law No. 45 of 2021), processing of personal data requires the informed consent of the Data Subject unless a statutory exemption applies. By creating an account and using the Services, UAE users confirm their consent to the processing described in this policy. Consent may be withdrawn at any time by writing to hello@frejun.com.

  1. Accuracy of information
    Please ensure the personal information you provide is accurate and current. This is particularly important for contact and payment details. If you are providing information on behalf of another individual, you confirm that you have the authority to do so and that the information is accurate.
  1. How we use your personal information

We process personal information only where we have a clear and lawful basis to do so. The purposes for which we use your information are:

    • Delivering and maintaining the Services, including calling, recording, AI-generated insights, and integrations
    • Managing your account, processing payments, and handling billing administration
    • Communicating with you — support, service updates, and responses to queries
    • Processing job applications submitted through the platform
    • Internal analytics and product development to improve the Services
    • Marketing and promotional communications, where you have not opted out
    • Measuring advertising effectiveness and delivering relevant content
    • Fraud prevention and platform security
    • Maintaining records and complying with legal and regulatory obligations

Participant information is retained to the extent necessary to fulfil contractual obligations to account holders.

Legal basis for processing
We will not process your personal information without a lawful basis. The applicable basis depends on your location and the nature of the processing:

United States:  FreJun Inc. relies on contractual necessity, legitimate business interests, and your consent where applicable. Users in California have additional rights under the CCPA/CPRA, including the right to know, delete, and opt out of the sale of personal information. FreJun does not sell personal information. California residents may submit requests to privacy@frejun.com.

EU (GDPR):  We rely on: (a) your consent — Article 6(1)(a); (b) performance of a contract — Article 6(1)(b); and (c) our legitimate interests in operating and improving the Services — Article 6(1)(f), where not overridden by your rights.

India (DPDP Act 2023):  Under the DPDP Act, consent is the primary basis for processing. A second basis — “legitimate use” — applies in specific circumstances including compliance with legal obligations and employment-related processing. Where we rely on legitimate use, we document the applicable ground. You may withdraw consent at any time by contacting privacy@frejun.com; withdrawal does not affect prior processing.

UAE (PDPL 2021):  Under the UAE PDPL, processing is permitted where the Data Subject has given consent, or where processing is necessary for the performance of a contract, compliance with a legal obligation, protection of vital interests, or the legitimate interests of the Controller provided these do not override the rights of the Data Subject.

  1. To whom we disclose your information

We do not sell, rent, lease, or otherwise transfer personal information to third parties for commercial gain. Disclosure is limited to the following:

Service providers / Data Processors
We engage third-party providers for hosting, payment processing, analytics, and related services. They receive only what is necessary to perform their function and are bound by data processing agreements requiring compliance with applicable data protection standards.

India (DPDP Act 2023):  Under the DPDP Act, third parties processing data on behalf of FreJun India Pvt. Ltd. are classified as Data Processors. Written agreements are maintained with all processors, restricting processing to documented instructions and requiring appropriate security safeguards.

UAE (PDPL 2021):  Under the UAE PDPL, data processors engaged by Al-FreJun are bound by written contracts specifying data protection obligations. Al-FreJun remains responsible for ensuring processor compliance.

Intra-group transfers
The three FreJun Group entities may share personal information with each other to the extent necessary to operate the platform globally and provide the Services. Such transfers are governed by intra-group data sharing agreements that ensure equivalent data protection standards apply regardless of which entity holds the data.

Business transfers
In the event of a merger, acquisition, or sale of all or part of any FreJun Group entity, personal information may transfer to the acquiring entity, which would be bound by the commitments in this policy or equivalent protections.

Legal and regulatory requirements
We may disclose personal information where required to do so by law, court order, or regulatory authority. We disclose only what is required and, where lawful, will endeavour to notify affected individuals.

Call participants
Call recordings, notes, and AI summaries are accessible to Participants of that call. Where applicable law requires prior notification of recording, that obligation rests with the account holder.

  1. International transfer of personal information

Given the global structure of the FreJun Group, personal information may be processed and stored in jurisdictions other than the one in which you are located — including India, the United States, and the UAE. We take steps to ensure that any such transfer is made in accordance with applicable law.

EU (GDPR):  Transfers of EU personal data to third countries are conducted in accordance with GDPR Chapter V, including through standard contractual clauses where required. If you have questions about the safeguards in place, contact privacy@frejun.com.

India (DPDP Act 2023):  Under the DPDP Act, personal data of Indian Data Principals may be transferred to countries other than those restricted by notification of the Central Government of India. At the time of publication, no such restricted countries have been formally notified. FreJun India Pvt. Ltd. currently processes data in India and the United States. This section will be updated if any restriction is notified.

UAE (PDPL 2021):  Under Articles 22 and 23 of the UAE PDPL, cross-border transfers of personal data are permitted to countries that provide an adequate level of protection, or where contractual safeguards are in place. Al-FreJun ensures that any transfer of UAE user data outside the UAE is subject to appropriate contractual protections and is not made to countries identified by the UAE Data Office as lacking adequate protections.

  1. How long we retain your information

Personal information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable law. Account data is held for the duration of the subscription. Call recordings are retained in accordance with the applicable plan and legal requirements.

On receiving a written deletion request, we will take reasonable steps to remove your information from active systems. Residual copies may persist in backup infrastructure for a limited period owing to standard data management practices; these are not accessible in normal operations.

India (DPDP Act 2023):  Under Section 8(7) of the DPDP Act, FreJun India Pvt. Ltd. is required to erase personal data when the purpose of processing has been fulfilled and retention is no longer necessary for legal compliance. Data retention schedules are maintained and reviewed periodically. Data Principals may request erasure under Section 12 of the DPDP Act (see Section 10).

UAE (PDPL 2021):  The UAE PDPL requires Controllers to retain personal data only for the period necessary for the stated purpose and to delete it thereafter unless a legal basis for continued retention exists. Al-FreJun maintains data retention schedules in compliance with this requirement.

  1. Security measures and breach notification

The FreJun Group maintains technical and organisational safeguards — including firewalls, access controls, encrypted transmission, and access logging — reflecting reasonable industry practice for a platform of this nature.

No system connected to the internet is impenetrable. We do not warrant absolute security and do not accept liability for breaches caused by circumstances outside our reasonable control.

We will never request your password or payment credentials by email. Please report any suspicious communication to hello@frejun.com before acting on it.

India (DPDP Act 2023):  Under the DPDP Act and Rule 7 of the DPDP Rules 2025, in the event of a personal data breach: (i) the Data Protection Board of India must be notified without delay, with a detailed report submitted within 72 hours; and (ii) each affected Data Principal must be notified without delay, with details of the breach and the remedial steps being taken. All breaches must be reported — the Act contains no de minimis threshold. Access and processing logs are retained for a minimum of one year.

UAE (PDPL 2021):  The UAE PDPL requires Controllers to implement appropriate technical and organisational measures to protect personal data from unauthorised access, loss, or misuse. In the event of a breach, Al-FreJun will notify the UAE Data Office and affected Data Subjects in accordance with the timelines and procedures prescribed by the PDPL and any applicable executive regulations.

EU (GDPR):  Personal data breaches affecting EU users will be notified to the relevant supervisory authority within 72 hours of awareness where there is a risk to individual rights and freedoms, and to affected individuals without undue delay where there is a high risk.

  1. Your rights as a Data Subject / Data Principal

Your rights over your personal information depend on your location. The following sets out the rights available in each jurisdiction.

EU residents — GDPR

    • Right of access to the personal information we hold
    • Right to rectification of inaccurate or incomplete data
    • Right to erasure (“right to be forgotten”), subject to legal constraints
    • Right to restriction of processing
    • Right to object to processing on legitimate interest grounds
    • Right to data portability in a machine-readable format
    • Right to lodge a complaint with the competent supervisory authority

Indian users — DPDP Act 2023

    • Right to access (Section 11): Request a summary of personal data held and a description of processing activities.
    • Right to correction and erasure (Section 12): Request correction of inaccurate data, or erasure where the purpose of processing has been fulfilled or consent withdrawn.
    • Right to grievance redressal (Section 13): Raise a complaint regarding our handling of your personal data. All grievances will be addressed within 90 days of receipt.
    • Right to nominate (Section 14): Nominate another individual to exercise your data rights in the event of death or incapacity.
    • Right to withdraw consent: Withdraw consent at any time. Withdrawal does not affect processing completed before that point.

India (DPDP Act 2023):  Requests should be submitted to privacy@frejun.com and clearly marked as a data rights request. FreJun India Pvt. Ltd. has designated this address as the point of contact for all Data Principal requests and grievances, in accordance with the DPDP Rules 2025. If you are not satisfied with our response, you may escalate to the Data Protection Board of India.

UAE users — PDPL

    • Right to access: Be informed about the collection of your personal data and obtain a copy of it.
    • Right to rectification: Request correction of inaccurate or outdated personal data.
    • Right to erasure: Request deletion of personal data where it is no longer necessary for the purpose for which it was collected.
    • Right to restriction of processing: Request that processing be limited in certain circumstances.
    • Right to data portability: Receive personal data in a structured, commonly used format.
    • Right to object to automated decision-making: Object to decisions made solely on automated processing that have legal or similarly significant effects.

UAE (PDPL 2021):  To exercise any of these rights, UAE users should write to privacy@frejun.com. Al-FreJun will respond within a reasonable timeframe and in any event within the period prescribed by the UAE Data Office. Unresolved complaints may be directed to the UAE Data Office, the national regulatory body established under Federal Decree-Law No. 44 of 2021.

  1. Children’s data

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe that a child’s information has been provided to us, please contact privacy@frejun.com and we will take prompt action to remove it.

India (DPDP Act 2023):  Section 9 of the DPDP Act requires verifiable parental or guardian consent before processing the personal data of any person under 18 in India. FreJun India Pvt. Ltd. implements age-based safeguards at registration. Penalties for breach of children’s data obligations under the DPDP Act may reach ₹200 crore.

UAE (PDPL 2021):  The UAE PDPL requires specific protective measures for the processing of personal data belonging to minors. Al-FreJun does not knowingly register or serve users under 18. Where parental or guardian consent is required by applicable UAE law, it will be obtained before any processing takes place.

  1. Links to third-party websites

Our Services may contain links to websites or applications not owned or operated by any FreJun Group entity. We have no control over their content or data practices. Visiting them is at your own discretion and risk. We encourage you to review the privacy policies of any third party before sharing personal information with them.

  1. Limitation of liability

To the fullest extent permitted by applicable law, no FreJun Group entity shall be liable for any direct, indirect, incidental, consequential, or exemplary damages arising out of or in connection with this Privacy Policy, including damages for loss of data, business interruption, or loss of goodwill, even if advised of the possibility of such damages.

Nothing in this section limits any entity’s obligations under the DPDP Act, the GDPR, the UAE PDPL, or any other applicable data protection legislation. Statutory rights are not affected.

  1. Changes to this policy

We review and update this policy periodically to reflect changes in our practices, Services, or applicable legal requirements. When we make material changes, the effective date at the top of this document will be updated.

Continued use of the Services following any update constitutes acceptance of the revised policy. If you disagree with a material change, you may discontinue use and request deletion of your data in accordance with Section 8.

India (DPDP Act 2023):  Where a change affects the scope or basis of processing of personal data of Data Principals in India, Frejun India Pvt. Ltd. will issue a fresh notice as required under the DPDP Act before the revised processing commences.

UAE (PDPL 2021):  Al-FreJun will notify UAE users of material changes to this policy through the platform or by email, and will obtain fresh consent where the change affects the basis on which personal data is processed.

  1. Contact us

For questions, concerns, or formal data rights requests, please contact the relevant entity:

All users — General privacy enquiries: hello@frejun.com

Please mark your message clearly with the applicable region and the nature of your request so it reaches the right team without delay.

© 2026 FreJun Inc. / FreJun India Pvt. Ltd. / Al-FreJun . All rights reserved.