Last updated: May 19, 2026
This Privacy Policy explains how FreeFTE ("FreeFTE", "we", "us") collects, uses and shares personal data when you use the service at freefte.com. It is designed to comply with the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, and US state privacy laws including the California Consumer Privacy Act as amended by the CPRA ("CCPA").
FreeFTE is operated by the operator of freefte.com, established in [EU country of operator] ("we"). For account data, technical data, and the freefte.com website, we act as the data controller. For data that workspace owners place into their workspace about their teammates, projects and allocations ("Workspace Data"), we act as a processor on behalf of the workspace owner, which is the controller of that data.
Privacy contact: privacy@freefte.com. A separate Data Protection Officer is not required at our current scale, but the address above reaches the person responsible for privacy matters.
We do not knowingly collect special-category data (GDPR Art. 9) such as health, biometric, racial, religious, political or trade-union information. Do not place such data in your workspace without a separate written agreement with us.
We receive data directly from you when you sign up or use the service, automatically from your browser/device when you visit freefte.com, and from third parties such as Google when you sign in with Google OAuth.
We do not use Workspace Data to train AI models and we do not sell personal data.
We share personal data with the following categories of recipients:
We do not sell or "share" personal data for cross-context behavioural advertising as those terms are defined under the CCPA. If we engage a new sub-processor we will update this page; material changes will be communicated by email or in-app at least 30 days in advance where practical.
Where personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (SCCs) and apply supplementary measures (such as encryption in transit and at rest) where required by Schrems II and subsequent guidance from EU supervisory authorities.
We use a small number of strictly necessary cookies required to keep you signed in and to protect the service; these do not require consent under the ePrivacy Directive. Any analytics or non-essential cookies are set only after you give consent via our cookie banner, and you can change or withdraw consent at any time from the banner's settings link.
Under GDPR you have the right to:
To exercise any of these rights, email privacy@freefte.com. We respond within 30 days. If your data sits inside a workspace, we will route the request to the workspace owner, who is the controller of that data.
If you are a US resident, depending on your state of residence you may have rights to know what personal information we collect, to access and obtain a copy, to correct inaccurate information, to delete personal information, to opt out of the "sale" or "sharing" of personal information, and not to be discriminated against for exercising these rights.
Notice of "Do Not Sell or Share My Personal Information": we do not sell personal information and we do not share it for cross-context behavioural advertising. We do not knowingly process the personal information of consumers under 16 without affirmative authorisation.
Most data we process about US business users is collected in a business-to-business context and may be exempt from certain CCPA obligations. To exercise any US privacy right, email privacy@freefte.com with the subject line "US Privacy Request". You may use an authorised agent; we will verify the request before responding.
FreeFTE is a business product and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.
We use industry-standard safeguards including TLS in transit, encryption at rest, Postgres row-level security for workspace isolation, hashed passwords, role-based access for our staff, and audit logging. In the event of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and inform affected users without undue delay, as required by GDPR Art. 33–34.
Business customers who need a Data Processing Addendum (DPA) under GDPR Art. 28 can request one from privacy@freefte.com. Our DPA incorporates the EU Standard Contractual Clauses for any onward transfers.
We may update this Privacy Policy from time to time. For material changes we will provide notice by email or in-app at least 14 days before they take effect, and we will update the "Last updated" date at the top of this page.
Questions, requests, or complaints? Email privacy@freefte.com.
See also our Terms of Service.