GDPR, AI Act & data security

AI in your inbox — without compromising on GDPR or transparency

Frida reads your customer emails to build your sales overview. That is why data protection, human control and AI transparency are not features for us — they are the foundation.

Outlook conversationDeal found
Overview of how Frida processes email data under GDPR and the AI Act
AI CRM for OutlookAutomatic dealboard

Processing primarily in the EU — hosting in Germany/Finland

AI Act transparency — users know when AI is making suggestions

Disclosed sub-processors and transfer basis — no hidden links

Your emails are never used to train AI models

Where your data lives

Frida is built EU-first. Hosting and storage run on EU servers, and email AI processing happens primarily on EU-based infrastructure.

  • Hosting and storage of all processed data in the EU (Germany/Finland).
  • Email AI processing primarily on EU-based servers.
  • Your mailbox stays where it is — Frida connects to Outlook / Microsoft 365, your own service.

Disclosed sub-processors — no surprises

Every sub-processor we use is listed openly in our privacy policy. Under peak load, AI processing can overflow to a US-based sub-processor — always under the EU-US Data Privacy Framework and standard contractual clauses, and your data is never used to train models.

  • Sub-processors, region and transfer basis are described openly.
  • US transfers are covered by the EU-US Data Privacy Framework and SCCs.
  • The complete, current list of sub-processors is in the privacy policy — no hidden links.

Human control and AI Act transparency

The AI Act is partly about transparency, responsible use and human control. Frida is built around one principle: users should know when AI is making suggestions, and nothing leaves the inbox without approval.

  • AI-generated drafts and suggestions are shown as Frida suggestions before you use them.
  • Frida never sends anything on its own — you approve every reply before it goes out.
  • The product avoids prohibited AI purposes such as social scoring, hidden manipulation and biometric categorisation.
  • Internal workflows document AI purposes, providers, human control and known risks.

You control your data

GDPR is not only about where data lives. It is about control. Frida makes it clear what is processed, why it is processed and how you can have it deleted.

  • Full right of access: see what Frida knows, and delete it.
  • Cancel anytime — your data is deleted in line with our retention policy.

Built in Denmark, for European small businesses

Frida is developed by a Danish company under EU law. We built the product for businesses that take their customers’ trust seriously — because our own product depends on exactly that trust.

  • Danish company — Meyer Technologies, CVR 46555929.
  • Support that understands European data protection expectations.
  • GDPR questions answered directly: contact@fridaapp.io.

Comparison

Frida vs a typical free AI tool

Many AI tools are excellent — but customer emails are personal data, and the difference lies in the paperwork and the defaults. Always check the terms yourself.

CriteriaFridaTypical free AI tool
Sub-processor disclosure

Yes — listed in the privacy policy.

Often unclear on free tiers.

Where data is processed

Primarily in the EU, with disclosed overflow under EU-US DPF.

Often undisclosed, typically US.

Training on your data

Never.

Often the default unless you opt out.

AI Act transparency

AI suggestions are shown as AI suggestions, and the user stays in control.

Varies — especially in generic tools.

Who decides what gets sent

You — every message requires your approval.

Varies.

Deletion

Full deletion on request.

Varies — check the terms.

FAQ

Questions people ask about GDPR and AI Act email assistant

Is it legal to use AI on customer emails under GDPR?

Yes — when processing is necessary to provide the service, data processing is limited, sub-processors are disclosed, transfers are safeguarded and the user stays in control. Frida is built around those principles.

Are my emails used to train AI models?

No. Your data is used to deliver the service to you — drafting replies and building your overview. It is never used to train models.

Is my data processed in the EU?

Primarily, yes: hosting and email AI run on EU-based infrastructure. Under peak load, processing can overflow to a US-based sub-processor under the EU-US Data Privacy Framework — all sub-processors are disclosed in the privacy policy.

Where can I see Frida’s sub-processors?

The list is in the privacy policy with region and transfer basis. A separate data processing agreement is not part of the standard terms yet.

What about the EU AI Act?

Frida is built with AI Act transparency and human control: users know when Frida is making AI suggestions, and drafts or replies are not sent without approval. We continuously document AI purposes, providers and risks so the product can follow the relevant requirements as they come into force.

Can I have my data deleted?

Yes. You can request full deletion at any time, and deletion follows our published retention policy.

What is Frida?

Frida is an AI-powered CRM for Outlook that automatically creates and updates deals from email conversations. It also drafts replies, tracks follow-ups, and keeps customer context connected to the inbox.

Does Frida work with Microsoft 365?

Yes. Frida is built around Outlook and Microsoft 365, so teams can keep working from the inbox they already use.

Does Frida send emails automatically?

No. Frida prepares drafts and suggestions, but the user stays in control and approves messages before they are sent.

The category Frida wants to own

The CRM that updates itself from Outlook conversations

Frida is an AI-powered CRM for Outlook that automatically creates and updates deals from email conversations.

Start with Outlook