Falcon First
Effective Date: December 9, 2025
FalconFirst AI, Inc. ("FalconFirst," "we," "us," or "our") operates the AI-native validation platform. This Privacy Policy explains how we collect, use, disclose, and protect your information.
1. Information We Collect
Account Information: When you create an account, we collect: email address, name, company name, job title, and authentication credentials. For enterprise accounts, we collect billing information and authorized user lists.
Usage Data: We collect how you use the platform: features accessed, prototypes created, studies launched, decision cards reviewed, and time spent in each section. This includes IP addresses, browser types, device information, and session duration.
Prototype & Study Data When you create prototypes or launch validation studies, we collect: prototype designs, user journey configurations, audience targeting parameters, and AI tagging selections. We collect end-user interactions with your prototypes: clicks, navigation paths, session recordings (when enabled), and feedback responses.
Communication Data Support requests, feedback submissions, and communications with our team are collected and stored.
Cookies & Tracking: We use essential cookies for authentication and session management. Analytics cookies track feature usage and performance metrics. You can disable non-essential cookies in your account settings.
2. How We Use Your Information
Platform Operations: We process your data to deliver core functionality: generate AI recommendations, analyze user behavior patterns, produce confidence scores, and create explainable insights.
Product Improvement: Aggregated, anonymized usage patterns inform feature development and platform optimization. We never train public AI models on your proprietary data.
Communication: We send transactional emails (study results, account updates, security alerts) and, with your consent, product updates and educational content.
Security & Compliance We monitor for suspicious activity, prevent fraud, and maintain SOC2 Type II compliance.
Legal Obligations We may process data to comply with legal requirements, enforce our Terms of Service, or protect rights and safety.
3. How We Share Your Information
We Do Not Sell Your Data Your product insights and validation data are never sold to third parties.
Service Providers: We share data with vendors who help us operate: cloud infrastructure (AWS), analytics (internal tools only), payment processing, and customer support platforms. All vendors sign data processing agreements.
Team Access Your designated team members access data based on role permissions. You control who sees what.
Legal Requirements: We disclose information when required by law, court order, or government request. We'll notify you unless prohibited.
Business Transfers If FalconFirst is acquired or merges, your data transfers to the new entity under this Privacy Policy's terms.
4. Data Security
Enterprise-Grade Protection
SOC2 Type II certified
Data encrypted at rest (AES-256) and in transit (TLS 1.3)
Role-based access controls with MFA available
Regular security audits and penetration testing
24/7 monitoring and incident response
Your Responsibilities: Protect your credentials. Enable MFA. Report suspicious activity immediately.
5. Data Retention
Active Accounts: We retain your data while your account is active and for 90 days after termination (for recovery purposes).
Backups Backup: systems retain data for 30 days after deletion. After that, it's permanently destroyed.
Legal Holds: We retain data longer if required for legal, compliance, or dispute resolution purposes.
6. Your Rights
Access & Export: Download your complete data set anytime from account settings. We'll provide it in machine-readable format within 48 hours.
Correction Update: inaccurate information directly in your account or contact support@falconfirst.ai.
Deletion Request: account deletion anytime. We'll confirm within 48 hours and complete within 30 days (excluding legal hold requirements).
Objection & Restriction: Object to certain processing activities or request restrictions. We'll evaluate case-by-case.
Portability: Export your data to transfer to another service.
7. International Transfers
FalconFirst operates from the United States. If you access the platform from outside the US, your data transfers here. We use Standard Contractual Clauses (SCCs) for EU data transfers and comply with applicable frameworks.
8. California Privacy Rights (CCPA)
California residents have additional rights:
Know what personal information we collect
Delete personal information (with exceptions)
Opt out of "sales" (we don't sell data)
Non-discrimination for exercising rights
Submit requests to privacy@falconfirst.ai.
9. GDPR Rights (EU/UK)
EU and UK residents have rights under GDPR including access, rectification, erasure, data portability, and objection to processing. Contact our Data Protection Officer at dpo@falconfirst.ai.
10. Children's Privacy
FalconFirst is not for children under 16. We don't knowingly collect data from children. If we discover we have, we'll delete it immediately.
11. Changes to This Policy
We'll email you 30 days before material changes take effect. Continued use after changes means acceptance. Review updates at falconfirst.ai/privacy.
12. Contact Us
General Privacy Questions: privacy@falconfirst.ai
Data Protection Officer: dpo@falconfirst.ai
Security Concerns: security@falconfirst.ai