What categories of personal data does The F* Word collect?

The F* Word collects contact and account data, profile and commercial data, usage and device data, content and files you provide, communications data, marketing and preference data, location data, professional or business contact data, and sensitive personal data only when necessary.

How does The F* Word use personal data?

The F* Word uses personal data to provide and operate the Services, improve and develop the Services, communicate with users, personalize experiences, maintain security and prevent misuse, comply with legal obligations, and support sales and business relationships.

Does The F* Word sell personal information?

No, The F* Word does not sell your personal information for money and does not disclose your personal information to third parties for their own independent direct marketing.

How long does The F* Word retain personal data?

The F* Word retains personal data only for as long as reasonably necessary for the purpose for which it was collected. Retention periods vary by category: account data is retained for the life of the account plus up to 6 years after closure, security logs up to 2 years, support requests up to 3 years, and billing records up to 7 years or longer if required by law.

What privacy rights do users have?

Users have various rights depending on their location. California residents have rights to know, access, delete, correct, and receive portable copies of their personal information. EEA/UK residents have rights to access, correct, erase, restrict processing, object to processing, data portability, and withdraw consent. All users can manage account settings, marketing preferences, and cookie controls.

How can I contact The F* Word about privacy concerns?

You can contact The F* Word at support@thefword.ai or by mail at 1461 Acton Crescent, Berkeley CA 94702-1918. For privacy requests, use the subject line 'Privacy Request' and specify the nature of your request.

Does The F* Word transfer data internationally?

Yes, The F* Word is based in the United States and may process personal data in the United States and other countries where they or their service providers operate. Where required by law, they use approved transfer mechanisms such as adequacy decisions or Standard Contractual Clauses.

How does The F* Word handle data from third-party integrated apps?

For certain third-party integrated apps or embedded widgets, The F* Word does not collect names, email addresses, account identifiers, credentials, IP addresses, or other direct personal identifiers. Generated images are stored only as needed to return them in the widget response, operate the requested functionality, maintain service integrity, prevent abuse, and troubleshoot errors.

Privacy Policy

Effective Date: March 14, 2026

The F* Word, Inc. ("The F Word*," "we," "our," or "us") is a California-based company. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you visit our website, create an account, use our products or services, communicate with us, or otherwise interact with us (collectively, the "Services").

For purposes of European data protection law, The F* Word, Inc. is the data controller of the personal data covered by this Privacy Policy. For purposes of California law, The F* Word, Inc. is the business responsible for the collection and handling of personal information covered by this Policy.

Mailing address: 1461 Acton Crescent, Berkeley CA 94702- 1918

If we appoint an EU or UK representative, we will list that contact information here.

Scope

This Privacy Policy applies to personal data we collect directly from you, automatically through your use of the Services, and from third parties you authorize or that support our business operations.

This Privacy Policy also includes a specific rule for certain third-party integrated app and embedded widget experiences, described below under Third-Party Integrated Apps and Embedded Widgets.

Categories of Personal Data We Collect

Depending on how you use the Services, we may collect the following categories of personal data:

Contact and account data

Name, email address, phone number, company name, username, password or authentication credentials, billing contact details, and similar account identifiers.

Profile and commercial data

Subscription plan, transaction history, purchase records, renewal status, trial status, customer support history, and records of your relationship with us.

Usage and device data

IP address, browser type, device type, operating system, device identifiers, referral URLs, pages viewed, clicks, feature usage, session activity, crash data, diagnostics, and similar product telemetry.

Content and files you provide

Prompts, text inputs, uploaded files, images, design briefs, comments, outputs, feedback, and other content you submit through the Services.

For certain third-party integrated app or embedded widget experiences, the content we store may be limited to generated images that are stored only as needed to return them in the widget response, operate the requested functionality, maintain short-term service integrity, prevent abuse, and troubleshoot errors.

Communications data

Messages you send to us, support tickets, demo requests, waitlist forms, survey responses, and other communications.

Marketing and preference data

Email preferences, cookie preferences, campaign engagement data, and similar records showing whether you opened or clicked a communication from us, where permitted by law.

Location data

Approximate location derived from IP address, such as city, state, or country. We do not intentionally collect precise geolocation unless clearly disclosed for a specific feature.

Professional or business contact data

Job title, employer, business email address, business phone number, and business relationship details where you interact with us as an employee, contractor, founder, buyer, or representative of an organization.

Sensitive personal data

We do not intentionally collect sensitive personal data unless it is necessary for a specific disclosed purpose, voluntarily provided by you, or required by law. If we do collect sensitive personal data, we use it only as permitted by applicable law.

Third-Party Integrated Apps and Embedded Widgets

When our Services are used through certain third-party integrated apps or embedded widgets, we do not collect personal data from the third-party app itself.

In those experiences, we do not collect names, email addresses, account identifiers, account credentials, IP addresses, or other direct personal identifiers from the third-party integrated app or from the end user through that app.

In those experiences, we store generated images only as needed to:

generate and return them in the widget response
operate the requested functionality
maintain short-term service integrity
prevent abuse
troubleshoot errors

Unless separately disclosed, we do not use these third-party integrated app or widget flows to identify individuals, contact users, build marketing profiles, or create account-level personal profiles.

This section applies only to the specific third-party integrated app or embedded widget experience described above. It does not change how we process personal data in other parts of the Services where users register, communicate with us, or otherwise provide information directly.

Sources of Personal Data

We collect personal data from the following sources:

directly from you, when you register, subscribe, pay, upload content, request a demo, contact support, or otherwise use the Services
automatically from your device and browser when you interact with the Services
from service providers that support authentication, payments, analytics, hosting, customer support, communications, or security
from third-party platforms or integrations you choose to connect, except as described below under Third-Party Integrated Apps and Embedded Widgets
from publicly available or business sources, where permitted by law

Purposes of Use

We use personal data for the following purposes:

To provide and operate the Services

We use personal data to create and administer accounts, authenticate users, process payments, deliver features, manage subscriptions, provide outputs, and maintain the Services.

For certain third-party integrated app or embedded widget experiences, we store generated images solely to return them in the widget response and operate the requested functionality.

To improve, analyze, and develop the Services

We use personal data to understand feature usage, diagnose errors, improve onboarding, improve product performance, develop new functionality, and maintain reliability and security.

To communicate with you

We use personal data to respond to requests, provide support, send service notices, confirm transactions, and, where permitted, send updates or marketing communications.

To personalize your experience

We may use personal data to tailor workflows, onboarding, support, and product experiences based on your usage and preferences.

To maintain security and prevent misuse

We use personal data to detect, investigate, prevent, and address fraud, abuse, unauthorized access, attacks, and violations of our Terms or other policies.

To comply with legal obligations and protect rights

We use personal data to comply with law, respond to lawful requests, maintain required records, enforce our agreements, and protect our rights, users, systems, and business.

To support sales, contracting, and business relationships

We use business contact data to discuss our Services, respond to commercial inquiries, manage prospective or existing customer relationships, and prepare or perform contracts.

AI and Model Improvement

Where our free-tier offering, product notice, or Terms state that free-tier usage may be used for service improvement or model improvement, we may use free-tier content and related usage data, including prompts, inputs, uploads, outputs, and feedback, for those purposes.

We do not use content from paid subscriptions for model training unless you expressly opt in, request it, or we clearly disclose a separate basis for doing so.

For third-party integrated app and embedded widget experiences described above, we do not use names, email addresses, account identifiers, account credentials, IP addresses, or other direct personal identifiers from the integrated app because we do not collect them in that flow.

If you are in a jurisdiction that requires consent for this type of processing, we will rely on consent where required.

Lawful Bases for Processing, for EEA/UK Users

If the GDPR or similar law applies, we process personal data on one or more of these lawful bases:

performance of a contract, where processing is necessary to provide the Services or take steps you request before entering into a contract
legitimate interests, such as operating, improving, securing, and defending our business and Services, unless overridden by your rights
consent, where required, including certain cookies, certain marketing activities, and certain model-improvement uses
legal obligation, where we must process data to comply with law, tax, accounting, sanctions, or regulatory requirements

Categories of Recipients

We disclose personal data only as reasonably necessary for the purposes above. Categories of recipients include:

Disclosure of Information

hosting, infrastructure, storage, and security providers
identity, authentication, and access-management providers
analytics, logging, and performance-monitoring providers
payment processors, banks, invoicing, and billing providers
CRM, email, communications, and customer support providers
professional advisors, including lawyers, auditors, insurers, and accountants
regulators, courts, law enforcement, and government authorities where required by law or necessary to protect rights or safety
counterparties and advisors involved in an actual or proposed financing, merger, acquisition, sale, reorganization, or similar transaction
integration partners or third parties you direct us to connect with

We may also disclose aggregated or deidentified information that does not identify you.

For the third-party integrated app and embedded widget experiences described above, we do not disclose names, email addresses, account identifiers, account credentials, IP addresses, or other direct personal identifiers from the integrated app because we do not collect them in that flow.

We do not sell your personal information for money. We do not disclose your personal information to third parties for their own independent direct marketing. If we engage in activities that trigger a California right to opt out of sale or sharing, we will provide the notice and controls required by law.

Cookies and Similar Technologies

We use cookies and similar technologies to:

keep the website and Services functioning
remember settings and preferences
measure traffic and product performance
understand how users navigate and use the Services
support communications and marketing, where permitted

Where required by law, we obtain consent before placing non-essential cookies or similar technologies. You can manage cookie preferences through your browser settings and through any cookie tools we make available.

Retention Periods

We retain personal data only for as long as reasonably necessary and proportionate for the purpose for which it was collected, including to provide the Services, comply with law, resolve disputes, enforce agreements, and protect our business.

Our general retention schedule is below:

Category	Typical Retention Period
Account and profile data	For the life of the account, then up to 6 years after closure unless a longer period is required by law or needed for claims defense
Product content, files, prompts, inputs, and outputs	For the period needed to provide the Services and perform the applicable plan, plus backup and dispute-resolution periods, unless deleted earlier where functionality allows
Generated images from third-party integrated apps or embedded widgets	Retained only for the period reasonably necessary to generate and return the widget response and for limited short-term backup, troubleshooting, abuse prevention, and service integrity needs, unless a longer period is required by law
Security logs, anti-fraud logs, device and network logs	Up to 2 years, unless a longer period is needed for security incidents, abuse prevention, or legal obligations
Support requests and business communications	Up to 3 years after closure of the request or relationship
Marketing and commercial outreach records	Up to 3 years from the last meaningful interaction, or earlier if you unsubscribe or object, subject to suppression-list needs
Billing, payment, tax, and accounting records	Up to 7 years, or longer if required by applicable law
Contract records and enterprise customer records	For the life of the contract, then up to 6 years afterward unless longer retention is required for tax, audit, IP, or dispute purposes

Actual retention may vary where a longer or shorter period is required by law, contract, technical necessity, security needs, or a valid deletion request.

Your Controls and Rights

Account controls

If you have an account, you may be able to access, correct, update, or delete certain profile information from within your account settings.

Marketing controls

You can unsubscribe from promotional emails at any time using the unsubscribe link in the message. You will still receive transactional and service-related communications.

Cookie controls

You can manage non-essential cookies through our cookie controls, where available, and through your browser settings.

California rights

If you are a California resident, you may have the right to:

know the categories of personal information we collected about you
know the categories of sources, purposes of use, and categories of recipients
request access to specific pieces of personal information
request deletion of personal information, subject to exceptions
request correction of inaccurate personal information
request a portable copy of certain personal information
opt out of sale or sharing, if applicable
limit certain uses of sensitive personal information, if applicable
not receive discriminatory treatment for exercising your privacy rights

EEA/UK rights

If the GDPR applies to you, you may have the right to:

access your personal data
correct inaccurate or incomplete personal data
erase personal data in certain circumstances
restrict processing in certain circumstances
object to processing based on legitimate interests or direct marketing
receive a portable copy of certain personal data
withdraw consent where processing is based on consent, without affecting prior lawful processing
lodge a complaint with a supervisory authority

How to Exercise Your Rights

To submit a privacy request, contact us atsupport@thefword.aiwith the subject line Privacy Request.

Please tell us the nature of your request, such as access, correction, deletion, portability, objection, or cookie/privacy preference change. We may need to verify your identity before processing certain requests, and we will only request the information reasonably necessary to do that.

If you are using an account, we may ask you to submit the request through that account where permitted by law.

International Data Transfers

We are based in the United States and may process personal data in the United States and other countries where we or our service providers operate.

Where required by applicable law, we use an approved transfer mechanism for international transfers, such as:

an adequacy decision
Standard Contractual Clauses
another lawful transfer mechanism recognized under applicable data protection law

Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, disclosure, misuse, loss, and alteration. No system is perfectly secure, and we cannot guarantee absolute security.

Children's Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal data from children under 13. If we learn that we collected personal data from a child under 13 without appropriate authorization, we will delete it as required by law.

Complaints

If you have a privacy concern, contact us first atsupport@thefword.ai.

If you are in the EEA or UK and believe we have processed your personal data unlawfully, you also have the right to lodge a complaint with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, technology, legal obligations, or business practices. When we do, we will update the Effective Date above. If a change is materially significant, we will provide additional notice where required by law.

Contact

The F* Word, Inc.

California, United States

Email:support@thefword.ai

Mailing address: 1461 Acton Crescent, Berkeley CA 94702- 1918