What categories of personal data does The F* Word collect?

The F* Word collects contact and account data, profile and commercial data, usage and device data, content and files you provide, communications data, marketing and preference data, location data, professional or business contact data, and sensitive personal data only when necessary.

How does The F* Word use personal data?

The F* Word uses personal data to provide and operate the Services, improve and develop the Services, communicate with users, personalize experiences, maintain security and prevent misuse, comply with legal obligations, and support sales and business relationships.

Does The F* Word sell personal information?

No, The F* Word does not sell your personal information for money and does not disclose your personal information to third parties for their own independent direct marketing.

How long does The F* Word retain personal data?

The F* Word retains personal data only for as long as reasonably necessary for the purpose for which it was collected. Retention periods vary by category: account data is retained for the life of the account plus up to 6 years after closure, security logs up to 2 years, support requests up to 3 years, and billing records up to 7 years or longer if required by law.

What privacy rights do users have?

Users have various rights depending on their location. California residents have rights to know, access, delete, correct, and receive portable copies of their personal information. EEA/UK residents have rights to access, correct, erase, restrict processing, object to processing, data portability, and withdraw consent. All users can manage account settings, marketing preferences, and cookie controls.

How can I contact The F* Word about privacy concerns?

You can contact The F* Word at support@thefword.ai or by mail at 1461 Acton Crescent, Berkeley CA 94702-1918. For privacy requests, use the subject line 'Privacy Request' and specify the nature of your request.

Does The F* Word transfer data internationally?

Yes, The F* Word is based in the United States and may process personal data in the United States and other countries where they or their service providers operate. Where required by law, they use approved transfer mechanisms such as adequacy decisions or Standard Contractual Clauses.

How does The F* Word handle data from third-party integrated apps?

For certain third-party integrated apps or embedded widgets, The F* Word does not collect names, email addresses, account identifiers, credentials, IP addresses, or other direct personal identifiers. Generated images are stored only as needed to return them in the widget response, operate the requested functionality, maintain service integrity, prevent abuse, and troubleshoot errors.

Privacy Policy: How we handle data across the platform and website

Clear information on what we collect, how we use it, how long we keep it, and how customers stay in control.

Effective Date: March 14, 2026

Privacy Policy

Effective Date: June 2, 2026

The F* Word, Inc. ("The F Word*," "we," "our," or "us") is a California-based company. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you visit our website, create an account, log in to our app, use our products or services, communicate with us, or otherwise interact with us (collectively, the "Services").

For purposes of European data protection law, The F* Word, Inc. is the data controller of the personal data covered by this Privacy Policy. For purposes of California law, The F* Word, Inc. is the business responsible for the collection and handling of personal information covered by this Privacy Policy.

How to Request Deletion of Your Data

You may request deletion of your personal data at any time by emailing [email protected] with the subject line Data Deletion Request.

If you have a The F* Word account, please include the email address associated with your account.

If you used Facebook Login, Meta Login, or another connected login flow, please include the email address associated with your The F* Word account, if any, and note that you used that login method.

If you used a third-party integrated app or embedded widget, please include the name of the integrated app, the approximate date of use, and any details that help us identify the relevant generated content.

We may need to verify your identity before processing your request. We will review and process deletion requests in accordance with applicable law, subject to legal exceptions, fraud prevention, security, backup retention, dispute resolution, and other lawful retention needs.

If we appoint an EU or UK representative, we will list that contact information here.

Scope

This Privacy Policy applies to personal data we collect directly from you, automatically through your use of the Services, and from third parties you authorize or that support our business operations.

This Privacy Policy also includes specific rules for certain third-party integrated app and embedded widget experiences, described below under Third-Party Integrated Apps and Embedded Widgets.

Categories of Personal Data We Collect

Depending on how you use the Services, we may collect the following categories of personal data:

Contact and account data

We may collect your email address, login credentials, and related account identifiers when you sign up for, access, or log in to our app. We may also collect your name, phone number, company name, billing contact details, or similar account information if you choose to provide it.

Profile and commercial data

Subscription plan, transaction history, purchase records, renewal status, trial status, customer support history, and records of your relationship with us.

Usage and device data

IP address, browser type, device type, operating system, device identifiers, referral URLs, pages viewed, clicks, feature usage, session activity, crash data, diagnostics, and similar product telemetry.

Content and files you provide

Prompts, text inputs, uploaded files, images, design briefs, comments, outputs, feedback, and other content you submit through the Services.

For certain third-party integrated app or embedded widget experiences, the content we store may be limited to generated images stored only as needed to return them in the widget response, operate the requested functionality, maintain short-term service integrity, prevent abuse, and troubleshoot errors.

Communications data

Messages you send to us, support tickets, demo requests, waitlist forms, survey responses, and other communications.

Marketing and preference data

Email preferences, cookie preferences, campaign engagement data, and similar records showing whether you opened or clicked a communication from us, where permitted by law.

Location data

Approximate location derived from IP address, such as city, state, or country. We do not intentionally collect precise geolocation unless clearly disclosed for a specific feature.

Professional or business contact data

Job title, employer, business email address, business phone number, and business relationship details where you interact with us as an employee, contractor, founder, buyer, or representative of an organization.

Sensitive personal data

We do not intentionally collect sensitive personal data unless it is necessary for a specific disclosed purpose, voluntarily provided by you, or required by law.

Some customer-uploaded content may include photos or other media containing identifiable individuals. If you upload that type of content, you are responsible for ensuring you have the necessary rights, notices, and consents for your intended use. We do not use uploaded personal imagery from paid plans to train AI models unless you expressly opt in in writing.

Third-Party Integrated Apps and Embedded Widgets

When our Services are used through certain third-party integrated apps or embedded widgets, we do not collect personal data from the third-party app itself, other than storing generated images as described below.

In those specific flows, we do not collect names, phone numbers, account identifiers, account credentials, or other direct personal identifiers from the third-party integrated app itself.

In those specific flows, we store generated images only as needed to:

generate and return them in the widget response
operate the requested functionality
maintain short-term service integrity
prevent abuse
troubleshoot errors

If a user later creates a The F* Word account or logs in to The F* Word directly, we may collect the email address and login information that the user submits directly to us in that separate account flow. That is direct collection by The F* Word, not collection from the third-party integrated app itself.

Unless separately disclosed, we do not use these third-party integrated app or widget flows to identify individuals, contact users, build marketing profiles, or create account-level personal profiles.

This section applies only to the specific third-party integrated app or embedded widget experience described above. It does not change how we process personal data in other parts of the Services where users create accounts, log in directly, communicate with us, or otherwise provide information directly to us.

Sources of Personal Data

We collect personal data from the following sources:

directly from you, when you create an account, log in, subscribe, pay, upload content, request a demo, contact support, or otherwise use the Services
automatically from your device and browser when you interact with the Services
from service providers that support authentication, payments, analytics, hosting, customer support, communications, or security
from third-party platforms or integrations you choose to connect, except as described above under Third-Party Integrated Apps and Embedded Widgets
from publicly available or business sources, where permitted by law

Purposes of Use

We use personal data for the following purposes:

To provide and operate the Services

We use personal data to create and administer accounts, authenticate users, process payments, deliver features, manage subscriptions, provide outputs, and maintain the Services.

For certain third-party integrated app or embedded widget experiences, we store generated images solely to return them in the widget response and operate the requested functionality.

To improve, analyze, and develop the Services

We use personal data to understand feature usage, diagnose errors, improve onboarding, improve product performance, develop new functionality, and maintain reliability and security.

To communicate with you

We use personal data to respond to requests, provide support, send service notices, confirm transactions, and, where permitted, send updates or marketing communications.

To personalize your experience

We may use personal data to tailor workflows, onboarding, support, and product experiences based on your usage and preferences.

To maintain security and prevent misuse

We use personal data to detect, investigate, prevent, and address fraud, abuse, unauthorized access, attacks, and violations of our Terms or other policies.

To comply with legal obligations and protect rights

We use personal data to comply with law, respond to lawful requests, maintain required records, enforce our agreements, and protect our rights, users, systems, and business.

To support sales, contracting, and business relationships

We use business contact data to discuss our Services, respond to commercial inquiries, manage prospective or existing customer relationships, and prepare or perform contracts.

AI and Model Improvement

Where our free-tier offering, product notice, or Terms state that free-tier usage may be used for service improvement or model improvement, we may use free-tier content and related usage data, including prompts, inputs, uploads, outputs, and feedback, for those purposes.

We do not use content from paid subscriptions for model training unless you expressly opt in, request it, or we clearly disclose a separate basis for doing so.

For third-party integrated app and embedded widget experiences described above, we do not use names, phone numbers, account identifiers, account credentials, or other direct personal identifiers from the integrated app because we do not collect them in that flow.

If you are in a jurisdiction that requires consent for this type of processing, we will rely on consent where required.

Lawful Bases for Processing, for EEA/UK Users

If the GDPR or similar law applies, we process personal data on one or more of these lawful bases:

performance of a contract, where processing is necessary to provide the Services or take steps you request before entering into a contract
legitimate interests, such as operating, improving, securing, and defending our business and Services, unless overridden by your rights
consent, where required, including certain cookies, certain marketing activities, and certain model-improvement uses
legal obligation, where we must process data to comply with law, tax, accounting, sanctions, or regulatory requirements

Categories of Recipients

We disclose personal data only as reasonably necessary for the purposes above. Categories of recipients include:

hosting, infrastructure, storage, and security providers
identity, authentication, and access-management providers
analytics, logging, and performance-monitoring providers
payment processors, banks, invoicing, and billing providers
CRM, email, communications, and customer support providers
professional advisors, including lawyers, auditors, insurers, and accountants
regulators, courts, law enforcement, and government authorities where required by law or necessary to protect rights or safety
counterparties and advisors involved in an actual or proposed financing, merger, acquisition, sale, reorganization, or similar transaction
integration partners or third parties you direct us to connect with

We may also disclose aggregated or deidentified information that does not identify you.

For the third-party integrated app and embedded widget experiences described above, we do not disclose names, phone numbers, account identifiers, account credentials, or other direct personal identifiers from the integrated app because we do not collect them in that flow.

We do not sell your personal information for money. We do not disclose your personal information to third parties for their own independent direct marketing. If we engage in activities that trigger a California right to opt out of sale or sharing, we will provide the notice and controls required by law.

Enterprise Contracting and Subprocessors

Where we process personal data on behalf of an enterprise customer, additional processing terms may apply under a Data Processing Addendum.

We use service providers to support hosting, storage, authentication, analytics, billing, support, communications, and security. Current subprocessor information is available on request or through our enterprise procurement process.

Cookies and Similar Technologies

We use cookies and similar technologies to:

keep the website and Services functioning
remember settings and preferences
measure traffic and product performance
understand how users navigate and use the Services
support communications and marketing, where permitted

Where required by law, we obtain consent before placing non-essential cookies or similar technologies. You can manage cookie preferences through your browser settings and through any cookie tools we make available.

Retention Periods

We retain personal data only for as long as reasonably necessary and proportionate for the purpose for which it was collected, including to provide the Services, comply with law, resolve disputes, enforce agreements, and protect our business.

Our general retention schedule is below:

Account and profile data: for the life of the account, then up to 6 years after closure unless a longer period is required by law or needed for claims defense
Product content, files, prompts, inputs, and outputs: for the period needed to provide the Services and perform the applicable plan, plus backup and dispute-resolution periods, unless deleted earlier where functionality allows
Generated images from third-party integrated apps or embedded widgets: retained only for the period reasonably necessary to generate and return the widget response and for limited short-term backup, troubleshooting, abuse prevention, and service integrity needs, unless a longer period is required by law
Security logs, anti-fraud logs, device and network logs: up to 2 years, unless a longer period is needed for security incidents, abuse prevention, or legal obligations
Support requests and business communications: up to 3 years after closure of the request or relationship
Marketing and commercial outreach records: up to 3 years from the last meaningful interaction, or earlier if you unsubscribe or object, subject to suppression-list needs
Billing, payment, tax, and accounting records: up to 7 years, or longer if required by applicable law
Contract records and enterprise customer records: for the life of the contract, then up to 6 years afterward unless longer retention is required for tax, audit, IP, or dispute purposes

Actual retention may vary where a longer or shorter period is required by law, contract, technical necessity, security needs, or a valid deletion request.

Your Controls and Rights

Account controls

If you have an account, you may be able to access, correct, update, or delete certain profile information from within your account settings.

Marketing controls

You can unsubscribe from promotional emails at any time using the unsubscribe link in the message. You will still receive transactional and service-related communications.

Cookie controls

You can manage non-essential cookies through our cookie controls, where available, and through your browser settings.

California rights

If you are a California resident, you may have the right to:

know the categories of personal information we collected about you
know the categories of sources, purposes of use, and categories of recipients
request access to specific pieces of personal information
request deletion of personal information, subject to exceptions
request correction of inaccurate personal information
request a portable copy of certain personal information
opt out of sale or sharing, if applicable
limit certain uses of sensitive personal information, if applicable
not receive discriminatory treatment for exercising your privacy rights

You may also designate an authorized agent to make a request on your behalf, subject to verification requirements.

EEA/UK rights

If the GDPR applies to you, you may have the right to:

access your personal data
correct inaccurate or incomplete personal data
erase personal data in certain circumstances
restrict processing in certain circumstances
object to processing based on legitimate interests or direct marketing
receive a portable copy of certain personal data
withdraw consent where processing is based on consent, without affecting prior lawful processing
lodge a complaint with a supervisory authority

Data Deletion Requests

You may request deletion of your personal data at any time.

If you have a The F* Word account

You may request deletion of your account and associated personal data by:

using any account deletion functionality we make available in the product, if applicable, or
emailing [email protected] with the subject line Data Deletion Request

Please include enough information for us to identify your account, such as the email address associated with your account and a brief description of your request.

If you signed in using Facebook Login or another Meta-powered login flow

You may request deletion of personal data associated with that login by emailing [email protected] with the subject line Data Deletion Request and including:

the email address associated with your The F* Word account, if any
the fact that you used Facebook Login or Meta login
any other information that helps us identify your record, such as the approximate date you connected your account

Disconnecting The F* Word from your Facebook or Meta settings stops future access from that connection, but if you want The F* Word to delete data it holds, you should still submit a Data Deletion Request directly to us using the method above.

If you used our Services through a third-party integrated app or embedded widget

For certain third-party integrated app or embedded widget experiences, we do not collect names, phone numbers, account identifiers, account credentials, or other direct personal identifiers from the third-party app or from the end user through that app.

In those flows, the only stored content may be generated images retained only as needed to return the widget response, operate the requested functionality, maintain short-term service integrity, prevent abuse, and troubleshoot errors.

If you want us to delete data related to that flow, email [email protected] with the subject line Data Deletion Request and include the name of the integrated app, the date of use, and any other details that help us locate the relevant generated content.

If you separately created or logged into a The F* Word account directly, include the email address used for that account so we can process the request for your direct account data as well.

If we do not have enough information to identify the relevant data, or if we do not collect personal identifiers in that flow, we may not be able to link the request to a specific individual record.

What happens after you submit a deletion request

Once we receive your request, we may need to verify your identity or confirm that you are authorized to make the request. We will review the request and delete personal data we are required to delete under applicable law, subject to legal exceptions, security needs, fraud prevention, backup retention, dispute resolution, and other lawful reasons to retain certain information.

We may also retain deidentified, aggregated, or legally required records where permitted by law.

How to Exercise Your Rights

To submit a privacy request, including a request for access, correction, portability, objection, or deletion, contact us at [email protected] with the subject line Privacy Request or Data Deletion Request, as applicable.

Please describe the nature of your request and provide the information reasonably necessary for us to verify and process it. If you are using an account, we may ask you to submit the request through that account where permitted by law.

International Data Transfers

We are based in the United States and may process personal data in the United States and other countries where we or our service providers operate.

Where required by applicable law, we use an approved transfer mechanism for international transfers, such as:

an adequacy decision
Standard Contractual Clauses
another lawful transfer mechanism recognized under applicable data protection law

Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, disclosure, misuse, loss, and alteration. No system is perfectly secure, and we cannot guarantee absolute security.

Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal data from children under 13. If we learn that we collected personal data from a child under 13 without appropriate authorization, we will delete it as required by law.

Complaints

If you have a privacy concern, contact us first at [email protected].

If you are in the EEA or UK and believe we have processed your personal data unlawfully, you also have the right to lodge a complaint with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, technology, legal obligations, or business practices. When we do, we will update the Effective Date above. If a change is materially significant, we will provide additional notice where required by law.

Contact

The F* Word, Inc.
1461 Acton Crescent
Berkeley, CA 94702-1918, USA