Privacy Policy

1. Overview and Data Controller

FreshSeeing is committed to protecting your privacy through strong cryptographic guarantees. This policy explains how we handle your data, what we can and cannot see, and your rights as a user.

FreshSeeing is operated from Norway and complies with the General Data Protection Regulation (GDPR) as implemented in Norway through the Personal Data Act. Regardless of where you access our service from, your data is protected according to these standards.

Key Principle: We use zero-knowledge encryption for stored data. This means your conversations are encrypted on your device before being stored on our servers. We do not have access to your encryption keys, and therefore cannot decrypt your stored conversations. However, when you send messages, they are sent to Anthropic's API over an encrypted connection (TLS/SSL) to generate AI responses. While encrypted in transit, Anthropic can read your messages to process them. This is necessary for the AI service to function. Anthropic processes your messages according to their Commercial Terms and Data Processing Addendum, and does not use your data to train their models.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (hashed using bcrypt, never stored in plaintext)
• Account creation timestamp

2.2 Encrypted Conversation Data

When you use FreshSeeing, we store the following encrypted data:

• Message content (encrypted with AES-256-GCM)
• Message summaries (encrypted with AES-256-GCM)
• Conversation titles (encrypted with AES-256-GCM)
• Fragments — insights, themes, and edges extracted from conversations (encrypted with AES-256-GCM)

Important: We cannot decrypt this data. Only you, with your password, can decrypt your conversations.

We also store unencrypted metadata about your conversations:

• Message timestamps
• Conversation metadata (mode type, created/updated dates)

This metadata helps us understand how the application is being used but does not reveal the content of your conversations.

2.3 Encryption Keys

We store:

• Salt value (used for key derivation, not sensitive on its own)
• Encrypted master key (encrypted with your password via PBKDF2)
• Backup copy of encrypted master key (encrypted with your recovery key)

We never store your master encryption key, password, or recovery key in plaintext. All stored encryption keys are encrypted and can only be decrypted with your password or recovery key, which we do not have.

2.4 Technical Data

We may collect:

• Browser type and version
• Device type
• IP address (for security and abuse prevention)
• Session duration and activity patterns

3. How We Use Your Information

We use your information to:

• Provide and maintain the FreshSeeing service
• Authenticate your identity and manage your account
• Store your encrypted conversations securely
• Detect and prevent abuse, fraud, and security threats
• Improve our service through anonymized usage analytics
• Communicate important service updates or security alerts

We do not and cannot: Read your conversations, analyze message content, train AI models on your private conversations, or sell your data to third parties.

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

4.1 Contract Performance

We process your account information and encrypted conversation data as necessary to provide the FreshSeeing service you signed up for. This includes:

• Creating and managing your account
• Storing your encrypted conversations
• Providing AI-powered conversation features
• Enabling password reset and account recovery

4.2 Consent

For optional features, we rely on your explicit consent. You can withdraw consent at any time through your account settings:

• Email invitations (opt-in feature)
• Fragment sharing to the Collective Consciousness
• Releasing fragments publicly to the Field

4.3 Legitimate Interests

We process certain data based on our legitimate business interests, balanced against your rights:

• Security: Detecting and preventing fraud, abuse, and unauthorized access
• Service improvement: Analyzing anonymized usage patterns to improve the service
• Communication: Sending important service updates and security alerts

We have conducted a legitimate interest assessment and determined that these processing activities do not override your fundamental rights, particularly given our zero-knowledge encryption architecture.

5. Technical Security Details

5.1 Encryption Specification

5.2 Key Management

A random 256-bit master key is generated on your device. Your password encrypts this master key using PBKDF2 (600,000 iterations). The encrypted master key is stored in our database, enabling password resets. Your recovery key also encrypts a backup copy. The plaintext master key:

• Never leaves your browser in unencrypted form
• Is held in browser memory only during your active session
• Is cleared when you log out or close your browser
• Can only be decrypted with your password or recovery key

5.3 Zero-Knowledge Storage Architecture

Zero-knowledge encryption means that we cannot read your stored conversation data. Our storage architecture ensures:

• Encryption happens client-side in your browser before storage
• Only encrypted ciphertext (conversations and messages) is stored in our database
• Encrypted master keys are stored but can only be decrypted with your password or recovery key
• Decryption happens client-side after retrieval
• We do not have access to your password or recovery key

This is fundamentally different from "encrypted at rest" alone. While we store encrypted copies of your master key (for password reset functionality), we cannot decrypt them without your password or recovery key. Therefore, we cannot access your stored conversation data.

Important distinction: While your stored conversations use zero-knowledge encryption, messages sent to Anthropic's AI are transmitted over TLS/SSL encryption and can be read by Anthropic to generate responses. This is necessary for the AI service to function.

6. Data Sharing and Disclosure

6.1 Third-Party Services

FreshSeeing uses these third-party services:

• Vercel: Hosting and deployment platform. Your messages transit through Vercel's infrastructure when being sent to Anthropic for AI processing. We do not log message content to Vercel's logging systems
• Supabase: Database hosting and authentication. Our Supabase instance is geo-locked to the European Union, meaning your account data and encrypted conversations are stored on servers located within the EU
• Anthropic: AI model provider for conversation responses. Your messages are sent to Anthropic over encrypted connections (TLS/SSL), and Anthropic can read them to generate responses. Anthropic does not receive your encrypted database. See their Commercial Terms and DPA
• Resend: Email delivery service for sending invitation emails and account notifications. Resend only receives your email address and generic invitation prompts — never your conversation content or encrypted data
• Proton Mail: Privacy-focused email service for receiving and responding to user inquiries. Emails you send to us are stored with end-to-end encryption on Proton's servers in Switzerland
• Bunny.net: Video hosting and content delivery network for the Insight Stream community feature. Videos you upload are stored and streamed from Bunny.net's global CDN. Bunny.net processes videos for adaptive streaming, generates thumbnails, and provides transcription services. Video content may be cached on servers worldwide for optimal playback performance. See Section 13.6 for more details

6.2 Data Location and International Transfers

Your data is stored and processed in the following locations:

• Database (Supabase): European Union — our database is geo-locked to EU servers, ensuring your account data and encrypted conversations remain within EU jurisdiction
• Application (Vercel): European Union (Frankfurt) — our serverless functions are configured to run in EU regions
• AI Processing (Anthropic): United States — messages sent for AI processing are transmitted to Anthropic's servers in the US
• Outbound Email (Resend): United States — email delivery infrastructure
• Inbound Email (Proton Mail): Switzerland — privacy-focused email with end-to-end encryption

6.3 International Transfer Safeguards

When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place as required by GDPR:

• Anthropic (US): Transfers are protected by EU Standard Contractual Clauses (SCCs) incorporated into their Data Processing Addendum, governed by Irish law
• Vercel (US): Certified under the EU-US Data Privacy Framework (DPF), providing an adequate level of protection recognized by the European Commission
• Resend (US): Certified under the EU-US Data Privacy Framework (DPF) and UK Extension, with Standard Contractual Clauses in their Data Processing Agreement
• Proton Mail (Switzerland): Switzerland has an adequacy decision from the European Commission, meaning no additional safeguards are required

We maintain Data Processing Agreements (DPAs) with all our processors that include appropriate GDPR-compliant terms.

6.4 Legal Compliance

We may disclose non-encrypted information (email, account metadata) if required by law. However, due to zero-knowledge encryption, we cannot disclose your encrypted conversations even under legal compulsion, as we do not possess the keys to decrypt them.

6.5 What We Will Never Do

• Sell your data to advertisers or data brokers
• Share your conversations with third parties
• Analyze message content for marketing purposes
• Implement backdoors or key escrow systems

7. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

• Right of Access: You can view all your encrypted conversations when logged in with your password. You may also request confirmation of what personal data we hold about you.
• Right to Rectification: You can correct inaccurate personal data. For account information (email), contact us. For conversation content, you have full control through the app.
• Right to Erasure: You can delete individual conversations or your entire account. Upon account deletion, all your data is immediately deleted from our active database and fully purged from backups within 7 days.
• Right to Restriction: You can request that we restrict processing of your data in certain circumstances.
• Right to Data Portability: You can request a copy of your data in a structured, machine-readable format. Note that encrypted conversations will be provided in encrypted form, which you can decrypt with your password.
• Right to Object: You can object to processing based on legitimate interests. Given our zero-knowledge architecture, most of your data cannot be processed by us anyway.
• Right to Withdraw Consent: For features based on consent (email invitations, fragment sharing), you can withdraw consent at any time through your account settings.

7.1 How to Exercise Your Rights

To exercise any of these rights, you can:

• Use the in-app controls for most operations (deletion, export, consent withdrawal)
• Email us at privacy@freshseeing.com

We will respond to your request within 30 days. In complex cases, this may be extended by an additional 60 days, in which case we will notify you.

7.2 Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For users in Norway, this is:

Users in other EU/EEA countries may also contact their local data protection authority.

8. Data Retention

We retain your encrypted conversations indefinitely while your account is active. If you delete your account:

• All data is immediately deleted from our active database
• This includes conversations, messages, fragments, shared fragments, and account information
• Automated backups may contain your data for up to 7 days after deletion
• After 7 days, your data is completely and permanently removed from all systems

8.1 Fragment Retention

Fragments (insights, themes, and edges) are stored separately from conversations:

• Fragments are not automatically deleted when you delete a conversation
• You can delete individual fragments at any time through your Fragments page
• Shared fragments can be retracted at any time, removing them from public view
• When you delete your account, all fragments (including shared ones) are permanently removed

9. Security Considerations

9.1 Your Responsibilities

End-to-end encryption is only as strong as your password and recovery key management. You are responsible for:

• Choosing a strong, unique password
• Storing your recovery key in a secure location
• Not sharing your password or recovery key with others
• Keeping your devices secure from malware

9.2 Our Commitments

We commit to:

• Maintain security best practices for data storage and transmission
• Regularly audit our codebase for security vulnerabilities
• Promptly notify users of any security breaches affecting their data
• Never weaken encryption for any purpose

10. Limitations and Trade-offs

Zero-knowledge encryption provides maximum privacy, but comes with trade-offs:

• No Password Recovery: If you lose both your password and recovery key, we cannot help you recover your data. However, if you lose only your password, you can use your recovery key to reset it.
• No Content Search: Server-side search of message content is impossible (searches happen client-side only)
• No Account Sharing: Sharing access with others requires sharing your password, which is not recommended

We believe these limitations are acceptable trade-offs for the privacy guarantees zero-knowledge encryption provides.

11. Email Invitations

FreshSeeing may send periodic email invitations to continue conversations. These invitations are based on "fragments" — insights, themes, and unresolved edges — extracted from your conversation history.

11.1 How It Works

• Fragment Extraction: We use AI to identify patterns in your conversations and extract meaningful fragments (insights, themes, edges)
• Encrypted Storage: Fragments are encrypted with your personal encryption key before storage — we cannot read them
• Email Content: Invitation emails contain only a simple prompt to return — no conversation content or personal information is included in the email itself

11.2 Your Control

• This feature is opt-in — you must explicitly enable it in settings
• You can choose your preferred frequency: daily, weekly, or surprise
• Every email includes a one-click unsubscribe link
• You can disable it at any time in your settings

Privacy guarantee: Your conversation content remains encrypted. Only you can see your fragments when logged in — we use them only to generate invitation prompts, without accessing the actual content.

12. Collective Consciousness (Fragment Sharing)

FreshSeeing offers an optional feature called "Collective Consciousness" that allows you to share fragments (insights and edges) with the broader community. This section explains how sharing works and what data is visible to whom.

12.1 Sharing Options

When sharing a fragment, you can choose one or both of the following options:

• Add to Collective: Your fragment becomes accessible to logged-in FreshSeeing users through the Collective Consciousness. It enriches the shared field of insights available to the community and may be included as context in AI conversations.
• Release to Field: Your fragment is submitted for potential public display on FreshSeeing.com. Submitted fragments are reviewed and approved before becoming publicly visible. Not all fragments will be published. Approved fragments may be used to showcase the depth and insight this community generates.

You must select at least one option when sharing. You can select both if you wish your fragment to be available in both contexts.

12.2 What Happens When You Share

When you share a fragment:

• Content becomes accessible: The text of your fragment is stored in plaintext (not encrypted) so it can be displayed to others based on your chosen sharing options
• Anonymous to viewers: Other users see only the fragment content — your identity is not displayed alongside shared fragments
• You can edit before sharing: You have the option to modify the fragment text before sharing to remove any personally identifying information
• Retractable: You can retract (delete) your shared fragments at any time

12.3 What Is Visible

Depending on your sharing options, viewers can see:

• The fragment content itself
• Which doorway the fragment came from (e.g., Bridge, See, Initiate)
• When the fragment was shared

Add to Collective: Visible only to logged-in FreshSeeing users within the application.

Release to Field: After approval, publicly visible on FreshSeeing.com to anyone, including visitors who are not logged in.

To enable retraction, FreshSeeing stores a link between your account and your shared fragments. This allows you to retract fragments you've shared at any time. Database administrators can see this link, but it is never displayed publicly.

12.4 How Shared Fragments Are Used

Shared fragments may be used as follows:

• Add to Collective fragments: Displayed in the Collective Consciousness stream for logged-in users, included as anonymous context in AI conversations to enrich responses, and cached for up to 60 minutes to optimize performance
• Release to Field fragments: After review and approval, displayed publicly on FreshSeeing.com and may be used in promotional materials, social media, or other marketing efforts to showcase the depth and insight generated by our community

12.5 Your Control

• Sharing is completely optional — you choose which fragments to share
• You choose the scope — Add to Collective, Release to Field, or both
• You can retract any shared fragment at any time
• Your personal fragments remain encrypted unless you explicitly choose to share them

Privacy note: Once shared, a fragment becomes part of the collective knowledge and may have been seen by other users, included in AI context, or (if released to field) viewed publicly. While you can retract it from future display, we cannot guarantee it hasn't already been viewed or used in promotional contexts.

13. Community and Insight Stream

FreshSeeing includes a video-first community feature called the "Insight Stream" where users can share short video insights with other community members. This section explains what data is collected, stored, and shared when you participate in the community.

13.1 Community Profile

To participate in the community, you create a public profile that includes:

• Display Name: A unique public username visible to all community members
• Bio: An optional description about yourself (up to 500 characters)
• Profile Photo: An optional image you upload to represent yourself

Important: Your community profile is not encrypted. Your display name, bio, and profile photo are visible to all FreshSeeing community members. Choose information you are comfortable sharing publicly.

13.2 Video Content

When you upload or record videos to the Insight Stream, the following data is collected and stored:

• Video file: Stored on Bunny.net CDN servers (see Section 13.6)
• Title: Required, up to 100 characters
• Description: Optional, up to 500 characters
• Thumbnail: Automatically generated from your video
• Duration: Recorded for display purposes
• Captions: Auto-generated transcription (can be edited)
• Upload timestamp: When the video was published

Video content is not encrypted. Videos you share to the community are stored in plaintext on our CDN to enable streaming playback. Only share content you are comfortable making visible to other community members.

13.3 Video Privacy Settings

You can control the visibility of each video:

• Public videos: Visible to all community members in the Insight Stream and on your profile
• Private videos: Visible only to you on your profile; not shown in the Insight Stream or to other users

You can change a video's privacy setting at any time, and you can delete your videos at any time.

13.4 External Sharing

Public videos can be shared outside of FreshSeeing:

• Any community member can share any public video's link externally
• Anyone with the link can view the video, even without a FreshSeeing account
• Shared links include your display name as the video author
• Making a video private will prevent new viewers from accessing shared links

Important: Once your video is public, any community member can share it externally. You cannot control who shares your public videos or where they are shared. Only make videos public if you are comfortable with them being viewed by anyone.

13.5 Engagement Data

We collect engagement metrics to enable community features:

• Hearts: When you heart a video, this is recorded and publicly visible as a count
• Comments: Comments you leave on videos are visible to all community members along with your display name
• Views: View counts are recorded and displayed publicly
• Saves: You can save videos to private collections; your saves are visible only to you
• Reports: If you report a video, your report is stored privately for moderation purposes

13.6 Third-Party Video Services

Video content is stored and delivered through Bunny.net:

• Bunny Stream: Video files are uploaded to and streamed from Bunny.net's global CDN
• Processing: Bunny.net processes videos for adaptive streaming and generates thumbnails
• Transcription: Videos are transcribed for caption generation
• Location: Bunny.net operates a global CDN; video content may be cached on servers worldwide for optimal playback

Profile images are stored in Supabase Storage, which is geo-locked to the European Union.

13.7 Data Retention for Community Content

• Videos remain stored until you delete them or delete your account
• When you delete a video, it is removed from our database and Bunny.net CDN
• Comments you made on deleted videos may be retained (but disassociated from the video)
• When you delete your account, all your videos, comments, and community profile are permanently deleted

13.8 Moderation

To maintain a safe community environment:

• Users can report videos that violate our community guidelines
• Reported content may be reviewed by our moderation team
• We may remove content that violates our terms or community guidelines
• Repeated violations may result in account suspension

13.9 AI Processing of Video Content

We use artificial intelligence to enhance your community experience. When you upload a video, the following AI processing occurs:

• Transcription: Your video's audio is automatically transcribed to generate captions. These captions are stored alongside your video and can be edited by you.
• Categorization: AI analyzes your video's transcription and content to assign topics and categories. This helps organize content and enables discovery features.
• Related Videos: We use AI-generated topics and themes to recommend related videos to viewers, helping them discover content aligned with their interests.
• Rabbit Holes: AI identifies thematic connections between videos to create "rabbit holes" — curated pathways that guide viewers through related content for deeper exploration of topics.

How this data is used: AI-generated topics, categories, and thematic connections are stored in our database and used to power discovery features. This data is derived from your public video content and is not encrypted.

Third-party AI services: Transcription and content analysis may be processed by third-party AI providers. Your video content is transmitted securely (TLS/SSL) to these services for processing. These providers process data according to their respective privacy policies and data processing agreements.

14. Children's Privacy

FreshSeeing is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it immediately.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes:

• We will notify you via email
• We will display a prominent notice in the application
• You will have the opportunity to review changes before they take effect

We will never weaken our encryption or privacy protections without your explicit consent.

16. Contact Information

If you have questions about this Privacy Policy or our data practices: