This Privacy Policy describes how Prelaunch Group, Inc., doing business as Frank, and its affiliates ("Frank," "we," "us," or "our") collect, use, disclose, and otherwise process personal information in connection with hifrank.ai, our websites, applications, research platform, communications, and related services (collectively, the "Services").

This Privacy Policy applies to:

• website visitors;
• prospects, customers, and business contacts;
• account owners, administrators, workspace members, and other authorized users of the Services; and
• other individuals who interact with us in a business or non-participant capacity.

Important: If you participate in an interview, survey, study, screener, or other research activity conducted through Frank, the Supplemental Participant Privacy Notice below also applies. In many cases, the organization that invited you to participate is the controller or business responsible for that study, and Frank acts as its processor or service provider.

1. Contact Information

Controller / Business Contact
Prelaunch Group, Inc. 

2055 Limestone RD STE 200-C

Wilmington, DE 19808

Email: privacy@hifrank.ai
Support: support@hifrank.ai

Data Protection Officer: Davit Simonyan

Email: davit.s.@hifrank.ai

2. Scope and Relationship to Other Terms

This Privacy Policy applies when you:

• visit our websites or pages that link to this Privacy Policy;
• request a demo, sign up for updates, download content, or contact us;
• create, administer, or use a Frank account or workspace;
• communicate with our sales, support, customer success, or other teams;
• attend an event, webinar, or other promotional activity;
• use integrations, APIs, or connected tools made available through the Services.

This Privacy Policy does not replace:

• any customer agreement, terms of service, order form, or data processing addendum between Frank and a customer;
• any just-in-time notice, consent form, or study-specific notice shown at or before collection; or
• any separate cookie notice or preferences center we provide.

If there is a conflict between this Privacy Policy and a customer agreement governing Customer Content or Participant Data, the customer agreement controls to the extent permitted by law.

3. Roles: When Frank Is a Controller and When Frank Is a Processor

Frank’s privacy role depends on the context.

A. Frank as controller / business

Frank acts as a controller or business with respect to personal information relating to:

• website visitors;
• leads, prospects, and business contacts;
• customer representatives and workspace users;
• billing, contracting, procurement, and support contacts;
• event attendees, newsletter subscribers, and marketing recipients;
• individuals whose information we collect for our own security, fraud prevention, legal compliance, or corporate administration purposes.

B. Frank as processor / service provider

Frank acts as a processor or service provider when a customer uses the Services to collect, store, analyze, or otherwise process personal information on the customer’s behalf, including:

• participant contact details uploaded by or for the customer;
• screener responses;
• interview, chat, voice, video, transcription, translation, and survey content;
• study recordings, screen shares, transcripts, analytics, summaries, themes, and related outputs;
• personal information contained in Customer Content.

In those cases, the customer determines the purposes and means of processing, and Frank processes the data in accordance with the customer’s instructions, applicable law, and the governing contract.

C. Frank as controller for limited participant-facing activities

Frank may act as a controller for certain participant-related processing where Frank, rather than the customer, determines the purpose of the processing, such as:

• managing our own website forms or inbound applications to join research panels, if any;
• complying with legal obligations;
• maintaining suppression or do-not-contact lists;
• fraud, abuse, or security monitoring;
• handling a direct privacy request sent to Frank;
• limited administrative records related to incentives or compliance, where applicable.

Where required, we provide additional notice at or before the point of collection.

4. Categories of Personal Information We Collect

The categories of personal information we collect depend on how you interact with us.

A. Identifiers and contact information

Examples:

• name;
• email address;
• phone number;
• company name;
• postal address;
• username or account identifier;
• IP address and device identifiers.

B. Professional and commercial information

Examples:

• job title;
• department;
• company size or industry;
• account and subscription details;
• contract details;
• billing contact details;
• transaction history.

C. Account, authentication, and workspace information

Examples:

• login credentials or SSO-related information;
• team member roles and permissions;
• workspace settings;
• audit logs;
• API or integration configuration details.

D. Customer Content and research project information

Examples:

• interview guides;
• prompts;
• screeners;
• survey questions;
• uploaded contact lists;
• files, notes, tags, comments, and instructions;
• research objectives and study configuration.

E. Communications and support information

Examples:

• messages sent to us;
• support tickets;
• call notes;
• meeting notes;
• chat logs;
• feedback and survey responses.

F. Usage, device, and technical information

Examples:

• browser type;
• operating system;
• device characteristics;
• referring URLs;
• page views;
• clicks;
• session information;
• crash reports;
• performance logs;
• diagnostics.

G. Audio, video, and transcription-related information

Where enabled by the customer or the applicable workflow, this may include:

• audio recordings;
• video recordings;
• screen shares;
• chat content;
• transcripts;
• translations;
• clips;
• timestamps;
• interaction metadata.

H. Inferences and analytics

Examples:

• study summaries;
• themes;
• sentiment labels;
• tags;
• classifications;
• recommendations;
• insights generated from submitted content.

I. Sensitive personal information

Depending on the customer’s use of the Services, research participants or users may choose to disclose information that may be considered sensitive under applicable law. Frank does not require the submission of sensitive personal information unless necessary for a specific lawful use case and authorized by the customer or otherwise permitted by law.

J. Biometric information

Frank does not intentionally collect or use voiceprints or scans of face geometry for identification or authentication purposes through the standard operation of the Services. Frank does not treat ordinary audio, video, photographs, or transcripts as biometric identifiers unless and until they are processed in a way that creates biometric identifiers under applicable law. If Frank ever offers a feature that creates or uses biometric identifiers or biometric information for identification, authentication, fraud prevention, or similar purposes, Frank will provide any required separate notice, retention terms, and consent flow before doing so.

5. Sources of Personal Information

We collect personal information from the following sources:

• directly from you;
• from your employer or organization, if they create or administer your account or workspace;
• from our customers, when they use the Services;
• automatically from your browser, device, and use of the Services;
• from service providers and subprocessors acting on our behalf;
• from marketing, event, analytics, security, or fraud-prevention partners;
• from integrations or third-party services you connect to Frank;
• from publicly available sources, such as company websites, professional profiles, or directories, where permitted by law.

6. How We Use Personal Information

We use personal information for the following purposes:

A. To provide the Services

Including to:

• create and manage accounts and workspaces;
• authenticate users;
• deliver platform features;
• host, store, retrieve, and organize content;
• facilitate studies, interviews, scheduling, reminders, and incentives where applicable;
• generate transcripts, summaries, analytics, and other requested outputs;
• provide customer support and account management.

B. To operate, maintain, and improve the Services

Including to:

• monitor usage, performance, and reliability;
• debug, troubleshoot, and fix errors;
• improve workflows, UX, and platform administration;
• evaluate feature adoption and effectiveness;
• develop and test new products and services;
• create aggregate or deidentified analytics and benchmarking.

C. To communicate with you

Including to:

• send transactional, administrative, legal, and support communications;
• respond to questions and requests;
• provide onboarding, customer success, and service updates;
• send marketing or promotional communications where permitted by law.

D. For billing, contracting, and commercial operations

Including to:

• process orders and payments;
• send invoices and receipts;
• administer subscriptions;
• manage procurement, legal, finance, and internal records.

E. For security, abuse prevention, and compliance

Including to:

• detect, investigate, and address fraud, spam, abuse, or misuse;
• monitor for suspicious, malicious, or unauthorized activity;
• enforce our terms, agreements, and policies;
• protect the rights, safety, property, and security of Frank, our users, participants, customers, and others;
• comply with legal obligations and respond to lawful requests.

F. For corporate transactions

Including to:

• support an actual or proposed merger, acquisition, financing, sale of assets, restructuring, bankruptcy, or similar corporate event.

7. Legal Bases for Processing

If you are located in the EEA, UK, or Switzerland, we process personal information under one or more of the following legal bases, depending on the context:

• performance of a contract;
• compliance with a legal obligation;
• our legitimate interests, such as securing, operating, and improving the Services;
• consent, where required by law;
• another lawful basis available under applicable data protection law.

Where we rely on consent, you may withdraw it at any time, but withdrawal does not affect the lawfulness of processing before withdrawal.

8. AI, Human Review, and Automated Processing

Frank uses machine learning and artificial intelligence features to support research and analysis workflows. Depending on the configuration and the customer’s use of the Services, these features may:

• generate or suggest follow-up questions;
• conduct or support interviews;
• transcribe, translate, summarize, classify, tag, and analyze content;
• generate themes, insights, charts, clips, and other outputs;
• support search, retrieval, or recommendation features within the Services.

Where necessary to provide, secure, maintain, or improve the Services, authorized Frank personnel and service providers may access certain content for:

• support;
• debugging;
• abuse prevention;
• quality assurance;
• legal compliance;
• feature testing;
• system reliability and security.

Frank does not use Customer Content or Participant Data to train models made available to other customers except as expressly described in the applicable customer agreement, service-specific terms, or an explicit opt-in or other documented authorization.

Frank does not make decisions based solely on automated processing that produce legal effects or similarly significant effects on individuals through the standard operation of the Services. Customers remain responsible for reviewing outputs and for any downstream decisions they make using the Services. If Frank introduces a workflow that involves solely automated decision-making with legal or similarly significant effects, Frank will provide any additional notice and rights required by applicable law.

AI-generated outputs may be incomplete, inaccurate, or inappropriate in some contexts. Customers should review outputs before using them for important business, legal, employment, insurance, credit, housing, healthcare, or other sensitive decisions.

9. Cookies and Similar Technologies

We and our service providers use cookies, pixels, SDKs, local storage, and similar technologies to:

• operate and secure the Services;
• remember preferences and settings;
• enable authentication and session management;
• measure traffic, usage, and performance;
• understand campaign effectiveness;
• personalize content and communications;
• support analytics and, where permitted, marketing activities.

We may use the following categories:

• Strictly Necessary technologies, which are required for core functionality, security, or service delivery;
• Analytics / Performance technologies;
• Functional / Preference technologies;
• Advertising / Marketing technologies, where used.

For users in jurisdictions that require consent for non-essential technologies, Frank will request consent before placing such technologies, and our consent mechanism will provide a choice that is as easy to refuse as to accept. Non-essential technologies will not be set before valid consent is obtained, unless an exception applies under applicable law. Cookie information will also be available through a separate cookie notice or preference center, not solely through this Privacy Policy.

You can manage cookie settings through:

• our cookie preference tool, where available;
• your browser settings;
• certain industry opt-out tools, where applicable.

If Frank engages in “sale” or “sharing” as those terms are defined by California law, Frank will provide required opt-out mechanisms, including honoring browser-based opt-out preference signals such as Global Privacy Control where required.

10. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

A. Service providers and subprocessors

Including providers of:

• cloud hosting and infrastructure;
• data storage;
• authentication;
• customer support;
• analytics;
• payment processing;
• email, messaging, or communications;
• transcription, translation, or media processing;
• security monitoring and fraud prevention;
• professional services.

B. Affiliates and corporate group entities

For internal business administration, security, support, or operational purposes consistent with this Privacy Policy.

C. Customers and workspace users

If you are a participant in a customer-run study, your responses, recordings, transcripts, and related outputs may be disclosed to the customer that sponsored or administered the study and to its authorized users.

D. Professional advisors and auditors

Such as lawyers, accountants, insurers, consultants, and auditors.

E. Governmental, regulatory, law enforcement, and similar parties

Where required by law, subpoena, court order, legal process, or where reasonably necessary to establish, exercise, or defend legal claims or protect rights, safety, and security.

F. Transaction counterparties

In connection with an actual or proposed financing, merger, acquisition, reorganization, sale of assets, bankruptcy, or similar transaction.

G. Others at your direction or with your consent

For example, if you choose to connect an integration or direct us to share information with a third party.

Frank publishes or will publish a current subprocessor list and enters into appropriate agreements with subprocessors where required by law or contract.

11. Sale, Sharing, and Targeted Advertising

Frank does not sell personal information for monetary consideration.

Frank does not disclose personal information to third parties for their own independent direct marketing purposes.

If Frank uses third-party advertising or analytics technologies in a way that constitutes “sharing” or targeted advertising under applicable law, Frank will provide the required notices and opt-out rights.

12. International Transfers

Frank may process personal information in the United States and other countries where Frank, its affiliates, or its service providers operate.

Where required by applicable law, Frank uses appropriate safeguards for restricted transfers, such as:

• the European Commission’s Standard Contractual Clauses;
• the UK International Data Transfer Agreement or UK Addendum;
• other valid transfer mechanisms recognized under applicable law.

Where required, Frank will also conduct transfer risk assessments or similar evaluations. Customers may request additional transfer information through the applicable customer privacy contact or contractual process.

13. Data Retention

We retain personal information for no longer than necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law, contract, or documented customer instructions.

Retention periods vary by category:

• Website analytics and cookie data: retained according to our cookie settings, analytics configuration, and legal requirements.
• Marketing leads and prospect records: retained for the duration of the relationship and for a reasonable follow-up period unless you opt out or deletion is required.
• Customer account, billing, and contract records: retained during the term of the relationship and for the period needed for tax, audit, accounting, dispute-resolution, and legal compliance purposes.
• Support and communications records: retained as needed to address the issue, improve support, preserve security records, and meet legal obligations.
• Authentication, audit, and security logs: retained for limited periods based on security, integrity, and compliance needs.
• Customer Content and Participant Data: retained according to customer settings, customer instructions, contractual commitments, backup cycles, and legal obligations.
• Deidentified or aggregated information: may be retained for longer periods if it no longer reasonably identifies an individual.

Backups and residual copies may persist for a limited period consistent with disaster recovery, business continuity, and legal compliance requirements. When retention periods expire, we delete, anonymize, or securely isolate the data as required.

14. Security

Frank uses reasonable and appropriate technical, organizational, and administrative measures designed to protect personal information against unauthorized access, destruction, loss, alteration, misuse, or disclosure. These measures may include:

• encryption in transit and, where appropriate, at rest;
• access controls and role-based permissions;
• authentication safeguards;
• logging and monitoring;
• vulnerability management;
• vendor diligence;
• incident response and backup procedures.

No system is completely secure, and Frank cannot guarantee absolute security.

Any statements regarding specific certifications, audits, compliance frameworks, or security controls apply only to the extent they are accurate as of the time made and as specifically described in our customer documentation, security materials, or contractual commitments.

15. Your Privacy Rights

Depending on your location and applicable law, you may have the right to:

• know whether we process your personal information;
• request access to personal information;
• request correction of inaccurate personal information;
• request deletion of personal information;
• request a copy of certain information in portable form;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent;
• opt out of sale, sharing, targeted advertising, or certain profiling where applicable;
• limit certain uses of sensitive personal information where applicable;
• appeal a denied rights request where required by law.

To exercise rights, contact privacy@hifrank.ai or use any method we make available in the Services.

We may need to verify your identity and authority before acting on a request. We may also deny a request where permitted by law.

Where Frank acts as a processor or service provider on behalf of a customer, we may direct your request to the relevant customer or ask you to contact them directly, because they control the relevant processing.

16. Marketing Communications

You may opt out of marketing emails by using the unsubscribe link in the message or by contacting us. Opting out of marketing does not affect service-related or transactional communications.

17. Children and Minors

Frank’s public-facing Services are not directed to children under 13, and Frank does not knowingly collect personal information directly from children under 13 through the public-facing Services without legally sufficient authorization. If we learn that we have collected personal information directly from a child under 13 in a manner not permitted by law, we will take appropriate steps to delete it.

Certain customer-run research studies may involve minors only where permitted by law and supported by appropriate customer-controlled notice and consent processes, including parental or guardian consent where required. Customers are responsible for ensuring that any study involving minors is conducted lawfully and with appropriate consent and disclosures.

18. Third-Party Sites, Services, and Integrations

The Services may link to or interoperate with third-party websites, products, APIs, and services. Their privacy practices are governed by their own notices and terms, not this Privacy Policy. Frank is not responsible for third-party privacy practices except as required by law.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will revise the “Last Updated” date and provide any additional notice required by law, such as posting a notice in the Services or sending a notification.

20. Supplemental Participant Privacy Notice

This Supplemental Participant Privacy Notice applies when you participate in a screener, interview, survey, study, or research activity conducted through Frank.

A. Who is responsible for your data

In most cases, the organization that invited you to participate in the research study is the controller or business responsible for the study. Frank generally acts as that organization’s processor or service provider and processes your information on its behalf.

This means the sponsoring organization typically determines:

• why the study is conducted;
• what questions are asked;
• who is invited;
• whether incentives are offered;
• how long study data should be retained;
• who can access results.

Frank may separately process limited participant-related data as a controller for security, legal compliance, suppression lists, fraud prevention, or similar limited operational purposes.

B. Categories of participant data

Depending on the study, we may process:

• your name or participant identifier;
• email address, phone number, scheduling details, and time zone;
• screener responses;
• demographic information you choose to provide;
• interview or survey responses;
• text chat, audio, video, transcripts, screen shares, or uploaded files;
• metadata such as timestamps, device type, browser type, IP address, and completion status;
• incentive-related records, where applicable;
• research outputs such as summaries, themes, clips, tags, and analytics.

C. Consent and study controls

If a study involves recording, video, screen sharing, or collection of other study content, we or the sponsoring organization may present you with a study-specific notice or consent flow at or before the session.

Where applicable and technically available:

• participants may choose whether to join a study;
• participants may stop a session;
• participants may stop sharing screen, video, or audio features that are optional to the study;
• participants may decline to answer particular questions, subject to study design.

If a feature is required to complete the study, that will be disclosed by the sponsoring organization or in the study flow.

D. How participant data is used

Participant data is used to:

• determine eligibility for research;
• schedule and administer studies;
• conduct interviews or surveys;
• create recordings, transcripts, summaries, and analytics;
• generate customer-facing research outputs;
• prevent fraud, abuse, duplicate participation, or security incidents;
• comply with legal obligations.

E. Disclosure of participant data

Participant data may be disclosed to:

• the sponsoring organization and its authorized users;
• Frank and its service providers acting on behalf of Frank or the sponsoring organization;
• legal, compliance, or governmental parties where required by law.

F. Rights requests

If you are a participant and want to exercise privacy rights relating to a particular study, you should usually contact the organization that invited you, because it is typically the controller or business responsible for the study. Frank may assist that organization in responding where required.

G. Sensitive data and biometrics

Please do not provide sensitive personal information unless it is specifically requested for a lawful study purpose. Frank does not intentionally create or use voiceprints or scans of face geometry for identification or authentication through standard participant workflows.

21. Supplemental California Privacy Notice

This Supplemental California Privacy Notice applies to California residents to the extent the California Consumer Privacy Act, as amended, applies to Frank.

A. California rights

California residents may have the right to:

• know the categories and specific pieces of personal information collected about them;
• know the categories of sources of personal information;
• know the purposes for collecting, using, disclosing, selling, or sharing personal information;
• know the categories of third parties to whom personal information is disclosed;
• request deletion of personal information, subject to exceptions;
• request correction of inaccurate personal information;
• opt out of sale or sharing of personal information;
• limit the use and disclosure of sensitive personal information in certain circumstances;
• receive equal service and not be discriminated against for exercising rights.

Where required, Frank also honors valid browser-based opt-out preference signals such as GPC for sale or sharing opt-outs.

B. Categories collected

In the preceding 12 months, Frank may have collected the following categories, depending on the nature of the interaction:

• identifiers;
• personal information described in California Civil Code section 1798.80(e);
• commercial information;
• internet or other electronic network activity information;
• geolocation data derived from IP address or device information;
• audio, electronic, visual, or similar information;
• professional or employment-related information;
• inferences drawn from personal information;
• sensitive personal information, in limited cases and where permitted by law.

C. Purposes

We collect and use these categories for the business and commercial purposes described in this Privacy Policy, including service delivery, analytics, security, legal compliance, communications, research and development, and account administration.

D. Categories of recipients

We may disclose these categories to:

• service providers and contractors;
• affiliates;
• customers, where you participate in a customer-sponsored study;
• advisors and auditors;
• governmental or legal authorities where required;
• transaction counterparties.

E. Sensitive personal information

Frank uses sensitive personal information only for purposes permitted by law and as reasonably necessary to provide the Services, maintain security, perform services requested by the customer, comply with legal obligations, or other purposes disclosed at collection.

F. Notice at collection

Frank provides this Privacy Policy and any applicable just-in-time notices as part of its notice at collection obligations. Where required, Frank will provide additional notices at or before the point of collection for specific workflows.

G. Submitting requests

California residents may submit requests by contacting privacy@hifrank.ai or through any request mechanism made available by Frank. Authorized agents may submit requests where permitted by law, subject to verification.

22. Contact Us

For privacy-related questions or requests, contact:

privacy@hifrank.ai
support@hifrank.ai

Prelaunch Group, Inc. 

‍

2055 Limestone RD STE 200-C

Wilmington, DE 19808

‍