Privacy Policy

Introduction and Scope

FRAN AI, committed to protecting the privacy and security of our users' personal data, operates in compliance with Law No. 29733, the Personal Data Protection Law of Peru, and related regulations. This document outlines how we collect, use, process, and protect our users' personal information.

Information We Collect

At FRAN AI, we value the confidentiality and privacy of our users. Our service, designed to offer support in mental health, requires the collection of certain personal and sensitive data to provide a personalized and effective experience.

Personal Information Provided by You

We collect personal information that you provide directly to us when using our services. This includes, but is not limited to:
- Name and contact details.
- Demographic information such as age and gender.
- Details about your mental health status provided during therapy sessions.
- Responses to mental health questionnaires and assessments.

Information Collected Automatically

When interacting with FRAN AI, we automatically collect certain data that helps us to improve our services, including:
- Usage and preference data, collected through cookies and similar technologies.
- Technical information such as IP address, device type, operating system, and browser used to access our services.

Sensitive Data

Given the nature of our services, we may collect sensitive data related to your mental health. This collection is done exclusively with your explicit consent, ensuring maximum confidentiality and respect for your privacy.

Use of Information

The collected information is used for the following purposes:
- To provide, personalize, and improve our mental health support services.
- To communicate with you, sending important updates about our services or responding to your inquiries.
- To analyze and understand how our users interact with FRAN AI to continuously improve the user experience.
- To comply with applicable legal obligations and protect the rights and interests of FRAN AI and its users.

Data Sharing and Transfer

Sharing with Third Parties

FRAN AI commits not to share your personal information with third parties without your explicit consent, except in the following circumstances:
- When necessary for the provision of our services (e.g., data analysis or technical support).
- To comply with legal obligations or respond to legitimate requests from competent authorities.

International Data Transfer

As we operate globally, your data may be transferred and processed in countries outside of Peru. In such cases, we ensure that the transfer complies with applicable data protection laws and that adequate safeguards are provided to protect your information.

Data Security

FRAN AI implements state-of-the-art security measures to ensure the protection of personal data against unauthorized access, alteration, disclosure, or destruction. Our commitment to data security is reflected in the adoption of practices such as data encryption, the use of firewalls and intrusion detection systems, and strict access control protocols. We regularly review and update our security practices in response to technological advancements and emerging threats, complying with the standards set in Law No. 29733, the Personal Data Protection Law of Peru, thus ensuring a safe environment for our users' information.

User Rights

In accordance with Law No. 29733, FRAN AI users have the ARCO rights: Access, Rectification, Cancellation, and Opposition regarding their personal data. We promote transparency and empowerment of our users, providing accessible mechanisms for the exercise of these rights. This includes the possibility to access their personal data stored on our platform, request the correction of inaccurate data, oppose certain uses of their data, and request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected.

Consent

The use of FRAN AI's services by users implies informed and explicit consent for the collection and processing of their personal data. This consent is obtained through clear and accessible methods, ensuring that users fully understand the purpose and scope of the use of their data. We respect the right of users to withdraw their consent at any time, offering simple options to modify their privacy preferences. FRAN AI's consent policy is designed to comply with the principles established in Law No. 29733 and its regulations, ensuring that the rights and autonomy of users are always respected and protected.

Contact for Inquiries and Complaints

FRAN AI establishes an open and accessible channel for users to communicate with us regarding any concerns or questions about privacy and data protection. This commitment translates into the implementation of a dedicated customer service system, available through multiple platforms (email, phone, live chat) to ensure that users can easily access information, make inquiries, or express concerns. Continuous training of customer service staff ensures an informed and empathetic response, reflecting our commitment to respecting user privacy and autonomy.

Commitment to Digital Ethics

Fundamental Ethical Principles

FRAN AI is committed to operating under the highest ethical standards, respecting the privacy and autonomy of our users, ensuring transparency in data handling, and ensuring equitable and non-discriminatory treatment of all information. This ethical commitment is reflected in all FRAN AI operations, from data collection to processing and storage.

Concrete Actions

FRAN AI commits not to share your personal information with third parties without your explicit consent, except in the following circumstances:
- Regular Audits: We conduct periodic audits of our privacy and data security practices to identify and correct any vulnerabilities, ensuring that our operations remain aligned with data protection laws and ethical principles.
- Employee Training: All employees of FRAN AI receive regular training on the importance of data privacy and security, fostering a culture of respect and protection of personal information.
- Security Breach Management: We establish a clear and effective protocol for managing security breaches, including immediate notification to affected users and relevant authorities, minimizing the impact and restoring user trust.

Continuous Evaluation and Improvement

Committed to continuous improvement, FRAN AI periodically reviews and updates its privacy policy to reflect changes in legislation, technologies, and user expectations. Integrating user feedback into our privacy practices allows us to adapt and respond effectively to their needs and concerns, while constant monitoring of data protection trends helps us to proactively address emerging challenges in privacy and security.

Anonymization and Data Minimization

FRAN AI adopts a rigorous approach to data anonymization and minimization, ensuring that only the personal data strictly necessary for the provision of our services is collected, processed, and stored. This commitment translates into specific practices designed to minimize the possibility of personal identification and limit access to personal data to what is strictly necessary for the purposes for which it was collected.

Anonymization Strategies

- Implementation of Advanced Techniques: We use data anonymization techniques such as pseudonymization and aggregation to ensure that personal information cannot be associated with any individual without the use of additional information kept separately and securely.
- Regular Evaluation: We conduct periodic evaluations of our anonymization techniques to ensure their effectiveness against emerging reidentification techniques, adapting to technological advances and maintaining the protection of our users' privacy.

Data Minimization Principles

- Data Collection Limitation: We ensure to collect only the data that is strictly necessary for the services provided, avoiding the storage of superfluous information that does not contribute to improving the user experience.
- Regular Data Necessity Review: We conduct regular reviews of stored data to identify and eliminate any data that is no longer necessary for the intended purposes, thus ensuring that personal data is not retained unnecessarily.

Data Retention and Deletion

FRAN AI's data retention and deletion policy is designed to ensure that personal data is stored only as long as necessary to fulfill the purposes set out in this privacy policy and in accordance with applicable legal obligations. This commitment is manifested through clear and systematic procedures for the secure deletion of personal data once it is no longer necessary.

Data Retention Management

- Defined Retention Periods: We establish specific retention periods for different categories of personal data, based on our legal and operational requirements, ensuring that data is not stored beyond its usefulness.
- Periodic Data Necessity Review: We implement periodic review processes to assess whether data is still necessary for the purposes for which it was collected, proceeding to its secure deletion if it is no longer the case.

Multimedia Content Management

- Ephemeral Handling of Multimedia: We adopt an ephemeral approach to the handling of images, audios, and videos provided by our users. These files are automatically deleted from our systems immediately after being processed for the intended purpose. Additionally, for data shared through third-party platforms such as Facebook, we take active measures requesting the deletion of any file linked to a Multimedia ID, thus ensuring the effective removal of data from all sources.
- Deletion Techniques: We employ secure deletion methods to ensure that personal data, including ephemeral multimedia, is irrecoverable once its deletion is decided. This protects against unauthorized access or accidental recovery of data.
- Deletion Audits: We conduct regular audits of our deletion processes, including the ephemeral handling of multimedia, to ensure that they are carried out effectively and securely. This reinforces user trust in how FRAN AI handles and protects their personal information.

Use of Localized Technology

In line with our commitment to protecting privacy, we use technologies like 'franela2Pocket', based on our FRANm 2.0 model, which runs locally. This ensures that sensitive data is processed securely and minimizes the risk of unauthorized access.

Laws and Related Regulations in Peru

In addition to Law No. 29733, we adhere to laws related to mental health such as Law No. 30947 on Mental Health and the Regulation of the Mental Health Law (Law No. 29889). These laws help us align our services with best practices and standards of care in mental health.

Continuous Evaluation and Improvement

We conduct periodic evaluations of our privacy policies and practices to identify areas for improvement. We are committed to adapting and continuously improving our security and privacy measures in response to new challenges and changes in the regulatory environment.

User Education and Awareness

We promote education and awareness about privacy and data protection among our users. We provide clear and accessible information on how we manage their data and how they can exercise their rights. Our goal is to empower users to have full control over their personal information and understand the importance of privacy in the digital context.

Integration of User Feedback

We value and take seriously the feedback from our users regarding privacy policies. Their comments are a crucial tool for continuous improvement and ensuring that our policies meet their expectations and needs.

User-Centric Approach

In all our policies and practices, we place the user at the center. Their well-being, security, and privacy are our highest priority. We continuously work to ensure that FRAN AI not only complies with laws and regulations but also respects and protects the rights and well-being of every individual who uses our platform.