Frugger Logo
Privacy Policy

Effective Date: 28.07.2025

This Privacy Policy explains how SANC AG ("Company", "we", "us", or "our"), located at Binzstrasse 16, 8712 Switzerland, collects, uses, and protects your data when you use Frugger ("Service"). We respect your privacy and are committed to safeguarding your information in accordance with this Policy and applicable laws.

1. Scope of This Policy

This Privacy Policy applies to personal data collected through:

  • Our website at frugger.com
  • Our API and related services
  • Customer support and communications
  • Any other interaction with our Service

By using our Service, you consent to the collection and use of your information as described in this Policy.

2. Data We Collect

Personal Information

We collect and process:

  • Account Data: Name, email address, password
  • Usage Data: API usage logs, model performance metrics
  • Billing Data: Payment details, invoices, and transaction history
  • Support Data: Messages, tickets, and user inquiries

Service Data

We also collect:

  • Request Content: Input/output data from API requests (only when Privacy Mode is disabled)
  • Technical Data: IP address, device/browser type, operating system
  • Performance Metrics: Latency, throughput, error rates
  • Analytics: Aggregated usage patterns for product improvement
  • Google Analytics: Website usage data, page views, traffic sources, and user behavior (only with your consent)

Legal Basis for Processing

We process your data based on:

  • Contract performance
  • Legal obligations
  • Legitimate business interests
  • Consent, where required

3. Privacy Mode

What It Does

Frugger offers a Privacy Mode, giving you control over data retention:

  • Enabled: We do not store prompts, responses, or request content
  • Disabled: Content is retained for routing optimization and service improvement
  • User Control: Toggle Privacy Mode anytime in your account settings

Important Notes

Even with Privacy Mode enabled:

  • Usage metrics and metadata are still collected to ensure service quality
  • Billing and transaction data are retained to meet legal and tax obligations
  • System logs may include non-content metadata for operational purposes

4. How We Use Your Data

Purposes

We use your data to:

  • Provide and maintain the Service
  • Optimize model selection and routing
  • Analyze performance and improve quality
  • Communicate updates, alerts, and marketing (with your consent)
  • Ensure security and prevent abuse or fraud

Legal Uses

We may also process data:

  • For research and product development
  • To comply with legal and regulatory obligations
  • To support you through customer service

Important Commitments

  • We do not sell your personal data
  • We only share data as described in this policy
  • You remain in control through Privacy Mode

5. Third-Party Services

We use vetted third-party service providers to operate the Service efficiently and securely:

Providers We Use

  • AWS Cognito – Authentication and identity management
  • AWS SES – Email delivery (verification, notifications)
  • Stripe – Payment processing
  • Cloudflare Turnstile – Bot and spam protection
  • Google Analytics – Website analytics and usage tracking (only with your consent)

Data Shared

  • Only the minimum necessary data is shared (e.g., email, transaction ID, IP metadata)

Data Safeguards

  • All providers are bound by Data Processing Agreements (DPAs)
  • Providers are obligated to maintain industry-standard security
  • Processing complies with GDPR and other relevant data protection laws

6. Email Communications

Types of Emails

  • Service Notifications: Required messages for account, billing, and security
  • Marketing: Updates, new features, and promotional offers (opt-in only)
  • Newsletters: Insights, best practices, and industry news (optional)
  • Support Responses: Replies to your inquiries or support tickets

Preferences

  • Service-related emails are mandatory
  • Marketing and newsletters are optional and managed via your account settings
  • All marketing emails contain an unsubscribe link

7. Data Retention

Retention Periods

Data TypeRetention Period
Account DataUntil deletion or 2 years of inactivity
Usage DataIndefinitely (unless Privacy Mode is on)
Billing Records10 years (legal/tax compliance)
Analytics DataAnonymized and stored indefinitely
Support Communications2 years after last interaction

Deletion Requests

  • You can request account and data deletion at any time
  • Certain data may be retained to meet legal requirements
  • Backups may take up to 30 days to fully purge

Important Notes

  • Download important data before closing your account
  • Account deletion is permanent and non-reversible
  • Outstanding invoices must be settled first

8. Your GDPR Rights (If Applicable)

If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation (GDPR):

  • Access: Request a copy of your personal data
  • Correction: Fix inaccurate or incomplete information
  • Erasure: Request deletion of your personal data
  • Portability: Export your data in a machine-readable format
  • Objection: Object to how your data is being processed
  • Restriction: Limit how we use your data

How to Exercise Your Rights

  • Contact us using the info in Section 13
  • We will respond within 30 days
  • We may request proof of identity to process your request

Limitations

  • Some rights may be limited by legal obligations
  • Requests that conflict with others' rights may be restricted

9. Data Security

Technical Security

  • Encryption: TLS for data in transit, AES-256 for data at rest
  • Access Control: Role-based access and MFA for internal systems
  • Monitoring: Real-time security and anomaly detection
  • API Security: Rate limiting, key management, and input validation

Organizational Security

  • Security training for all staff
  • Background checks for personnel with access to sensitive systems
  • Regular internal and third-party security audits
  • Incident response policies in place and tested regularly

Incident Response

  • Immediate investigation of any security incidents
  • Notification of affected users as required by law
  • Transparent updates and mitigation measures

10. International Data Transfers

We serve users globally. Your data may be processed outside your country of residence, including in:

  • Switzerland
  • European Union (EU)
  • United States, via trusted service providers

Safeguards for Transfers

  • Standard Contractual Clauses (SCCs)
  • GDPR-compliant data processing agreements
  • Periodic reviews of partner compliance

Important Considerations

  • Local data protection laws may vary
  • Your data is protected regardless of where it is processed

11. Cookie Policy

Types of Cookies

  • Essential Cookies: Required for login, authentication, and security
  • Analytics Cookies: Measure usage, page views, and errors (includes Google Analytics cookies: _ga, _gid, _gat)
  • Marketing Cookies: Optional, used for personalization and ads

Cookie Management

  • Cookie banner appears on first visit
  • You can accept, reject, or customize cookie preferences
  • Preferences are stored and respected on future visits
  • You can also manage cookies via your browser

Third-Party Cookies

  • Some cookies are placed by trusted third parties (e.g., Stripe)
  • These are governed by their own privacy policies

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will:

  • Notify you of material changes via email or the Service
  • Post the updated version on our website

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your data, contact us at:

SANC AG
Binzstrasse 16
8712 Switzerland
support @ frugger.com

Last updated: 28.07.2025