How we handle your information.

This policy explains what data Firia (“we,” “us,” “Firia”) collects from visitors and prospective clients of firia.ai, why we collect it, who else sees it, and the rights you have over it. We process data globally and apply the standards of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to everyone, regardless of where you live.

Questions, requests, or anything that reads as a complaint should go to [email protected]. A real person reads it.

What we collect

We try to keep this short. The categories of personal information we collect are:

• Identifiers. Your name and email address.
• Professional information. Your company name, your role, and your company’s revenue range.
• Business operational information. Whatever you choose to share with us during discovery calls, strategy consults, or working sessions about how your business runs — processes, tooling, numbers, plans.
• Technical information. Standard web analytics: pages visited, referrer, approximate location at city level, device and browser type.

We do not collect government IDs, financial account numbers, health information, or biometric data. We do not knowingly collect data from children — see Children below.

How we collect it

• Contact and apply forms on this site.
• Meta Lead Ads when you submit a form inside Facebook or Instagram in response to one of our ads.
• Calendly when you book a discovery call or working session.
• Email when you correspond with us at [email protected] or with a team member directly.
• Website analytics through cookies and similar technologies, described below.

How we use it

We use your information to:

• Reach out to discuss whether Firia is a fit, and to schedule and run our three free discovery sessions.
• Deliver the AI Savings Strategy Consult and any associated materials, including the spreadsheet model built on your numbers.
• Send you service-related emails — meeting confirmations, document delivery, follow-ups tied to our work together.
• Send you optional marketing emails about our thesis, new writing, and engagement openings. You can opt out at any time using the link in any marketing email, or by replying with the word unsubscribe.
• Improve the site and our outreach — understand which pages are useful, which campaigns reach the right people, and which don’t.

We do not sell your personal information. We do not share it with anyone outside the third-party processors listed below. We do not use it to train machine learning models.

Legal bases (GDPR)

For visitors in the EEA and UK, we rely on the following legal bases under GDPR:

• Consent for marketing emails and non-essential cookies. You can withdraw consent at any time.
• Legitimate interests for replying to inquiries, running discovery sessions, basic analytics, and protecting the site against abuse. Where we rely on legitimate interests, we’ve weighed them against your rights and you can object at any time.
• Contract for delivering services you’ve engaged us to perform.

Third-party processors

We use a small number of vendors to run the business. Each of them processes your information only on our instructions and only for the purpose listed:

• Meta Platforms. Advertising and Lead Ads. When you click or submit one of our ads on Facebook or Instagram, your form responses come to us through Meta. Meta privacy policy.
• Brevo. CRM and email sending. We store contact details and conversation history here, and use it to send transactional and marketing emails. Brevo privacy policy.
• Calendly. Meeting scheduling. Names, emails, and meeting times pass through Calendly. Calendly privacy policy.
• Cloudflare. Hosting, DNS, and CDN for this website. Server logs, standard request metadata, and security telemetry (used to block bots and abuse) are processed here. Cloudflare privacy policy.

Some of these processors are based in the United States. When we transfer personal data out of the EEA or UK, we rely on the European Commission’s Standard Contractual Clauses or another approved transfer mechanism.

Cookies and tracking

We use a small set of cookies and similar technologies:

• Meta Pixel. Helps us measure ad performance and reach the right audiences. Set by Meta when you visit pages we’ve tagged.
• Analytics cookies. Aggregate, non-identifying data about how the site is used — pages, referrer, time on page.
• Strictly necessary cookies. Whatever the platform requires to load the site and remember your basic preferences. These don’t track you.

To opt out of advertising and analytics cookies: change your browser settings to block third-party cookies, use a tool like the DAA opt-out or Your Online Choices (EU), or use Meta’s ad preferences page directly. Most browsers also support a Global Privacy Control (GPC) signal, which we honour as an opt-out of any sale or sharing of personal information under CCPA.

Data retention

We retain prospect data — your name, email, company information, and the records of our conversations — for twenty-four months from the date of our last contact, after which it is deleted. If you become a client, we retain engagement records for as long as our relationship is active and for a reasonable period afterward to meet legal and accounting obligations.

You can ask us to delete your data sooner. See your rights below.

Your rights

Wherever you are, we’ll honour the following rights:

• Access. Ask us what personal information we hold about you and get a copy.
• Correction. Ask us to fix anything that’s inaccurate or out of date.
• Deletion. Ask us to delete your personal information. We’ll do it unless we’re required to retain something for legal or accounting reasons, in which case we’ll tell you.
• Portability. Get a copy of the information you provided to us in a portable, machine-readable format.
• Opt out of marketing. Use the unsubscribe link in any marketing email, or write to us. Service-related emails will continue while we’re working together.
• Object or restrict. Tell us to stop a particular use of your data, or to limit it. (GDPR.)
• Non-discrimination. We won’t treat you differently for exercising any of these rights. (CCPA.)

To exercise any of the above, email [email protected]. We’ll respond within thirty days, faster where the law requires it. If you’re in the EEA or UK and we don’t resolve your concern, you have the right to complain to your local data protection authority.

Security

We use commercially reasonable safeguards: encryption in transit, access controls on our internal tools, and a small team with the access it needs and no more. No transmission over the internet is ever fully secure, and we won’t pretend otherwise. If a breach affects your data, we will notify you and the relevant authority within the timelines required by GDPR and any applicable state law.

Children

Firia’s services are designed for company operators and executives. They are not directed at children. We do not knowingly collect personal information from anyone under 16 in the EEA and UK, or under 13 in the United States and other jurisdictions. If we learn we have collected information from a child, we will delete it. If you believe we have data on a child, please write to [email protected].

Changes to this policy

We may update this policy as the business or the law changes. The last updated date at the top of the page is the source of truth. For material changes that affect how we use existing data, we will email people on our list directly.

Contact

Firia
[email protected]