← Back

FRIDAY · Whitepaper

Privacy Policy

How FRIDAY handles your data — written in plain English, with the technical detail a security review needs.

Last updated: 20 April 2026 · Version 1.0.0

Who we are

FRIDAY is operated by Friday Research Ltd, a company registered in England & Wales. You can reach us at hello@friday.xyz. For the purposes of UK GDPR and EU GDPR, Friday Research Ltd is the data controller for the personal data described below.

The short version

FRIDAY is a privacy-first personal shopping assistant. We designed it so the smallest possible amount of your data leaves your device, and what does is encrypted on our servers with a key unique to you. We do not sell your data, we do not use it for advertising, and we do not share it for any purpose other than running the service you signed up for.

We want to be precise rather than aspirational, so the rest of this page tells you exactly what we collect, where it lives, who else touches it, and what you can do about it.

What we collect and why

Account data

  • A hash of your email address stored in our account database — we do not keep your raw email in long-term storage. Your raw email is processed transiently while we send you a one-time sign-in code (via Resend) and verify it, and may appear in short-lived operational logs (rotated within 30 days). It is not used for marketing.
  • Your country so we can show you products available where you live.
  • Your display name and shopping preference (menswear / womenswear / both), if you provide them during onboarding.
  • A short-lived authentication token stored as an httpOnly cookie (friday_refresh), valid for 30 days, which keeps you signed in.
  • Your IP address and user agent at the moment we issue an authentication token, so we can spot suspicious sign-ins. We retain this only for the lifetime of the token.

Shopping data (your "Personal Intelligence")

The FRIDAY browser extension reads your order history and browsing on supported retailers (Amazon, Shop.app and others) on your device, and sends a per-user product cache to our servers so the assistant can answer questions about what you have bought and recommend things you might like.

This cache is encrypted at rest on our servers with AES-256-GCM using a key unique to you, derived from a server-side master secret combined with your anonymous fingerprint. The on-disk file contains only opaque ciphertext per user. It cannot be read from a backup, a database dump, a stolen disk, or our source repository.

We can decrypt your cache momentarily, in memory, to serve your requests. For example, when you ask the assistant "what did I buy last month?", the server briefly decrypts your cache to assemble the answer. The plaintext is held only in memory for the duration of that request and is never written to disk in plaintext or to our logs.

We are working on a future version of FRIDAY in which the encryption key is derived entirely on your device from your PI Recovery Key and the server can never read your cache. That work is tracked publicly and will be announced when shipped. Until then, the description above is the truthful state of the product.

Your PI Recovery Key

When you sign up, the FRIDAY extension generates a PI Recovery Key on your device. This key is the basis for restoring your data on a new device. It is generated locally and is not transmitted to our servers. If you lose it, we cannot recover it for you. Please store it somewhere safe.

Diagnostics and logs

Our servers keep operational logs (request paths, response status codes, latency, errors) for up to 30 days for debugging and abuse prevention. We do not log the content of your chat messages, your assembled prompt context, or your decrypted cache.

Lawful basis

Under UK GDPR and EU GDPR Article 6 we rely on the following lawful bases:

  • Performance of a contract (Art. 6(1)(b)) — for processing strictly necessary to deliver FRIDAY: account creation and authentication, building your product cache, generating recommendations, and serving the chat assistant.
  • Legitimate interests (Art. 6(1)(f)) — for short-lived operational logs, abuse and fraud prevention, and binding authentication tokens to the device fingerprint that issued them. Our interest is keeping the service secure and available; this is balanced against your interests by minimising what we log and rotating logs within 30 days.
  • Consent (Art. 6(1)(a)) — for connecting an optional Google account to read order confirmation emails. You can withdraw consent at any time by disconnecting the integration.
  • Legal obligation (Art. 6(1)(c)) — for responding to lawful requests from competent authorities and for retaining limited records where the law requires it.

FRIDAY does not make decisions that produce legal or similarly significant effects about you using solely automated processing.

What we do not do

  • We do not sell your data, ever.
  • We do not use your data for advertising, retargeting, or audience building.
  • We do not share your data with brands, retailers, or marketing partners.
  • We do not use third-party analytics SDKs, fingerprinting libraries, or tracking pixels in the extension or webapp.
  • We do not store your raw email, only a hash.
  • We do not log the content of your chat messages or your decrypted cache.

Sub-processors

FRIDAY uses the following third-party services to operate. Each receives only the data strictly necessary for its task, and only for the duration of that task.

ServicePurposeWhat it sees
OpenAIChat assistant LLMThe assembled prompt for your current message (your message text plus a snippet of relevant browsed/purchased products). Sent under OpenAI's API terms with no training on customer data.
ElevenLabsVoice replies (optional)Only the text being spoken aloud. No identity, no history.
Firecrawl, Exa, Serper, SerpAPILive product research when the catalogue does not have an answerYour search query terms only. No identity, no history.
BrandfetchBrand and store logosA brand or domain name only.
ResendTransactional email (account, security)Your email address and the email body.
ReplitApplication hostingAll server-side data, encrypted at rest as described above. Bound by Replit's data processing agreement.
Neon (Postgres)Application databaseAccount hash, country, encrypted cache blobs. Bound by Neon's data processing agreement.
Google (Gmail integration)Optional connection to read order confirmation emailsOnly what you authorise via Google's OAuth consent screen, only when you connect it. You can disconnect at any time.

We will update this list when sub-processors change, with the change date reflected in the "Last updated" stamp at the top of this page.

Where your data lives and how long we keep it

  • Authentication cookie (friday_refresh) — 30 days, then expires.
  • Encrypted product cache — held until 90 days of inactivity, then automatically evicted from disk. Deleted immediately on account deletion.
  • Account record — held for the lifetime of your account, deleted within 30 days of you closing it.
  • Operational logs — up to 30 days, then rotated.
  • Region — at the time of writing, our application servers and database are hosted by our infrastructure providers in their default regions. We are working towards UK/EU data residency for UK and EU users; until that is in place and disclosed here, you should assume your data may be processed in the United States by our sub-processors. We rely on Standard Contractual Clauses and the UK International Data Transfer Addendum for those transfers (see "International transfers" below).

Your rights

Under UK GDPR, EU GDPR, and applicable US state laws (including the CCPA), you have the right to:

  • Access the personal data we hold about you.
  • Export your data in a portable format.
  • Correct inaccurate data.
  • Delete your account and all associated data.
  • Withdraw consent for any optional processing at any time.
  • Object to processing or restrict it.
  • Lodge a complaint with your local supervisory authority (in the UK that is the ICO, ico.org.uk).

You can exercise the first five rights from inside the FRIDAY extension under Account → Privacy, or by emailing hello@friday.xyz. We will respond within 30 days.

Cookies

The FRIDAY webapp sets a single first-party, httpOnly, Secure cookie called friday_refresh to keep you signed in for 30 days. It is strictly necessary for the service to work, contains an opaque token (no personal data), and is exempt from the consent requirement under the UK Privacy and Electronic Communications Regulations and the EU ePrivacy Directive. We do not set any other cookies, and we do not use third-party tracking cookies.

Children

FRIDAY is intended for users aged 16 and over. We do not knowingly collect data from children under 16. If you believe a child has signed up, please email us at hello@friday.xyz and we will delete the account.

International transfers

Data of UK and EU users is processed within the UK and EU where possible. Where data is transferred outside the UK or EEA (for example to OpenAI, Resend, or other sub-processors based in the United States), we rely on Standard Contractual Clauses and the UK International Data Transfer Addendum, alongside additional safeguards described in each sub-processor's documentation.

Security

We use AES-256-GCM for encrypting your product cache at rest, HKDF for per-user key derivation, and HTTPS for all network traffic. Authentication tokens are bound to the device fingerprint that issued them and are short-lived. We follow standard practice for secret management, dependency scanning, and least-privilege access. No system is perfectly secure, and we will notify affected users without undue delay if we ever discover a breach affecting your data.

Changes to this policy

We will update this page when our practices change. The "Last updated" date and version stamp at the top reflect the most recent change. For material changes we will also notify you by email or in-app before they take effect.

Contact

Questions about privacy, data subject requests, or anything you have read above — email hello@friday.xyz.