FREQUENCY_AI / BLOG / ABOUT / FAQ
SYS.LEGAL / PRIVACY / v2.0

Privacy Policy

Last updated: 5 March 2026

Frequency AI Ltd ("Frequency AI", "we", "us", "our") is committed to protecting your privacy. This privacy policy explains how we collect, use, store, and protect your personal data when you visit our website at www.frequency.sh (the "Website") and use our waitlist service.

We are the data controller for the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Controller: Frequency AI Ltd, a company registered in England and Wales.
ICO registration: Frequency AI Ltd is registered with the Information Commissioner's Office (ICO) as a data controller, as required under the Data Protection Act 2018.
Data protection contact: [email protected]

2. Data we collect

We collect the following categories of personal data:

2.1 Information you provide directly

  • Email address: required when you join our waitlist.
  • Role: optional, e.g. "Developer / Engineer" or "Founder / Entrepreneur".
  • Interest: optional, e.g. what aspect of Frequency AI interests you most.
  • Referral source: optional, how you heard about us.

2.2 Data collected automatically

  • Hashed IP address: your IP address is cryptographically hashed (one-way, using SHA-256 with a salt) before storage. We store only the hash for rate-limiting and abuse prevention purposes. We cannot reverse the hash to recover your original IP address.
  • Timestamp: the date and time you joined the waitlist.

2.3 Data processed by our infrastructure provider

Cloudflare, our hosting and security provider, may process your IP address, browser user-agent, and request metadata as part of their standard security, performance, and content delivery services. This processing is governed by Cloudflare's Privacy Policy.

2.4 Data we do not collect

We do not use analytics or tracking tools. We do not set first-party cookies. We do not collect browsing behaviour, device fingerprints, or location data beyond what is described above.

3. How we use your data

We use the data we collect for the following purposes:

Purpose Lawful basis
Managing your waitlist registration and communicating about early access Consent (Article 6(1)(a) UK GDPR)
Sending product updates and launch information Consent (Article 6(1)(a) UK GDPR)
Understanding our audience (role, interest, referral source) to improve our product Legitimate interest (Article 6(1)(f) UK GDPR)
Rate limiting and abuse prevention (hashed IP) Legitimate interest (Article 6(1)(f) UK GDPR)
Website security and delivery (via Cloudflare) Legitimate interest (Article 6(1)(f) UK GDPR)

We will never sell, rent, or share your personal data with third parties for their marketing purposes.

4. Data storage and security

Your waitlist data is stored in a Cloudflare D1 database, a serverless SQL database operated by Cloudflare, Inc. We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections).
  • One-way hashing of IP addresses before storage.
  • Server-side rate limiting to prevent abuse.
  • Input validation and sanitisation on all user-submitted data.
  • Access to the database is restricted to authorised personnel only.

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

5. International transfers

Cloudflare operates a global network, and your data may be processed in countries outside the United Kingdom, including the United States and the European Economic Area. Cloudflare participates in the EU-US Data Privacy Framework and implements Standard Contractual Clauses where required.

We ensure that any international transfer of personal data is subject to appropriate safeguards in accordance with UK GDPR, including adequacy decisions, Standard Contractual Clauses, or other approved transfer mechanisms.

6. Data retention

We retain your waitlist data for no longer than 24 months from the date of submission, unless:

  • You request deletion sooner (see "Your rights" below).
  • You become a customer of Frequency AI, in which case separate retention periods will apply as set out in the relevant customer agreement.
  • We are required by law to retain the data for a longer period.

After the retention period, your data will be securely deleted.

7. Third-party processors

We use the following third-party processors:

Processor Purpose Location
Cloudflare, Inc. Website hosting, CDN, security, database (D1) Global (US-headquartered)
Google Fonts Font delivery Global (US-headquartered)

We have data processing agreements in place with our processors as required by UK GDPR.

8. Cookies

We do not set any first-party cookies. Cloudflare may set strictly necessary cookies for security purposes (such as bot detection and DDoS protection). These are essential for the functioning and security of the Website and do not require consent under applicable law.

9. Children's privacy

The Website is not intended for children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data promptly. If you believe we may have collected data from a child, please contact us at [email protected].

10. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restriction of processing: request that we restrict processing of your data in certain circumstances.
  • Right to data portability: request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to withdraw consent: withdraw your consent to processing at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Right to object: object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by law. We may ask you to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated:

11. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will update the "last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact

If you have any questions about this privacy policy, our data practices, or wish to exercise your rights, please contact us:

← RETURN TO TERMINAL
© 2026 Frequency AI Ltd.
[email protected]