Privacy Policy
Last updated: February 28, 2026
Friday ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (friday.so), web application (mail.friday.so), and Chrome extension (collectively, the "Service"). Please read this policy carefully. By using the Service, you agree to the practices described here.
Definitions
- Company refers to Friday, Inc., 1395 22nd Street, San Francisco, CA 94107.
- Service refers to the Friday Chrome extension, the web application at mail.friday.so, and the marketing website at friday.so.
- Personal Data means any information that identifies or can identify a natural person.
- Usage Data means data collected automatically when you use the Service (e.g., pages visited, time spent, interactions).
- You means the individual accessing the Service, or the company or legal entity on whose behalf that individual is acting.
Data We Collect
Personal Data
When you create an account or use the Service, we may collect:
- Email address, first name, and last name
- Google account information (via OAuth), including your Gmail address and profile
- Payment information (processed by Stripe; we do not store card details)
- Communications you send us
Usage Data
We collect Usage Data automatically when you interact with the Service. This includes IP address, browser type and version, pages visited, time and date of visits, time spent on pages, unique device identifiers, operating system, and other diagnostic data.
Gmail and Calendar Data
When you connect your Google account, we access Gmail messages and Calendar events in real-time to provide the Service's core functionality (email drafting, summarization, and automation). Email content is processed in real-time and is not stored on our servers. We do not use Google Workspace API data to train generalized AI or machine learning models. See the Google Workspace API Data Usage section for full details.
Email Tracking Data
The Service includes an opt-in email tracking feature that allows you to detect when recipients open emails you send and click links within those emails. When this feature is active, we collect the following data about email recipients on your behalf:
- IP address
- User agent (browser/email client and device information)
- Approximate geolocation (country, region, city) derived from IP address via ip-api.com
- Timestamps of email opens and link clicks
This data is collected only when you have enabled email tracking for a specific email and is associated with your account for your use.
Tracking Technologies and Cookies
We and our third-party service providers use cookies, pixel tags, and similar tracking technologies on our website and web application.
Cookies We Use
Essential cookies are required for the Service to function and cannot be disabled:
- Supabase authentication cookies — store your session token so you remain logged in. These are set when you sign in and expire at session end or after a defined period.
Analytics cookies are used to understand how visitors interact with our website. By using the Service, you consent to the use of analytics cookies as described in this policy.
- PostHog (
ph_*prefix) — we use PostHog to collect product analytics including page views, heatmaps, session recordings, and custom interaction events. PostHog is proxied through our own domain (friday.so/ingest) so data flows first-party through our servers before reaching PostHog. Retention: 1 year. See PostHog's Privacy Policy. - Vercel Analytics — anonymous, aggregated page view analytics provided by our hosting provider. No personally identifiable information is collected. See Vercel's Privacy Policy.
Third-party embed cookies may be set when you interact with embedded content:
- YouTube — our website embeds YouTube videos. If you play a video, YouTube may set cookies governed by Google's Privacy Policy.
- Twitter/X — our blog embeds tweets via react-tweet. Twitter/X may set cookies governed by X's Privacy Policy.
For a full table of cookies, their purposes, and expiration periods, see our Cookie Policy.
Third-Party Service Providers
We share data with the following third-party service providers who process data on our behalf:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| PostHog | Product analytics, session recording, heatmaps | posthog.com/privacy |
| Vercel | Website hosting and anonymous analytics | vercel.com/legal/privacy-policy |
| Supabase | Authentication and database | supabase.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| OAuth authentication, Gmail and Calendar API access | policies.google.com/privacy | |
| Anthropic | AI model provider for email drafting and summarization | anthropic.com/privacy |
| OpenAI | AI model provider for email drafting and summarization | openai.com/privacy |
| Resend | Transactional email delivery | resend.com/legal/privacy-policy |
We do not sell your Personal Data to third parties.
How We Use Your Data
We use your data to:
- Provide, operate, and maintain the Service
- Process your Gmail and Calendar data to generate drafts, summaries, and automations
- Manage your account and subscription
- Process payments via Stripe
- Send transactional emails (account confirmations, billing receipts)
- Analyze usage patterns to improve the Service (via PostHog and Vercel Analytics)
- Comply with legal obligations and enforce our agreements
Data Retention
- Account data: retained for as long as your account is active. Upon deletion, account data is removed within 30 days.
- Gmail and Calendar data: processed in real-time; not stored beyond what is necessary to fulfill your request.
- Usage analytics (PostHog): retained for 12 months.
- Email tracking data: retained according to your account settings; you may delete tracking records at any time from within the Service.
- Payment records: retained as required by applicable tax and accounting law.
Google Workspace API Data Usage
When you connect your Google Workspace account to our Service:
- We do not use Google Workspace API data to develop, improve, or train generalized or non-personalized AI or machine learning models.
- Any AI features that interact with your Google Workspace data are strictly personalized to your account, and your data remains private to you.
- When we transfer Google Workspace data to third-party AI providers (Anthropic, OpenAI, Google) it is solely for providing the Service's functionality to you, not for training generalized models.
- We maintain strict data isolation practices to ensure your Google Workspace data is only used for the specific purposes you have authorized.
We are committed to compliance with Google's API Services User Data Policy.
California Privacy Rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request disclosure of the categories and specific pieces of Personal Data we have collected about you, the sources of that data, our purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: You may request deletion of your Personal Data, subject to certain exceptions (e.g., data needed to complete a transaction or comply with a legal obligation).
- Right to Opt-Out: You may opt out of the sale of your Personal Data. We do not sell Personal Data.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, contact us at founders@friday.so.
Children's Privacy
The Service is not directed at anyone under the age of 13. We do not knowingly collect Personal Data from children under 13. If you believe a child has provided us with Personal Data, please contact us and we will delete it promptly.
Links to Other Websites
The Service may contain links to third-party websites not operated by us. We have no control over and assume no responsibility for the content or privacy practices of those sites. We encourage you to review the privacy policy of every site you visit.
Security of Your Personal Data
We implement industry-standard security measures to protect your Personal Data. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide notice via email or a prominent notice within the Service at least 30 days before the change takes effect.
Contact Us
If you have any questions about this Privacy Policy or wish to exercise your privacy rights, contact us at founders@friday.so.