Privacy Policy

Friday is built for employee engagement, so check-in data can be sensitive. Organisations choose how feedback is shown inside the product, such as private, anonymous, or open feedback modes. Employees can see the active privacy level before submitting feedback.

Even when feedback is shown anonymously to managers or teams, Friday may keep account-level records where needed to operate the service, enforce access controls, troubleshoot issues, support auditability, and comply with agreements or law. Access to those records is limited to authorised systems and personnel.

Where the General Data Protection Regulation applies, we process personal data on the legal bases that fit the activity. This may include performing a contract, supporting our legitimate interests in operating and improving Friday, complying with legal obligations, or processing data according to instructions from your organisation.

For most employee check-in data, Friday acts as a data processor for the organisation that provides access to the service. The organisation is normally the data controller for that workplace data.

We may use cookies, local storage, and similar technologies to keep the service working, remember preferences, secure sessions, understand website performance, and diagnose technical issues.

You can configure your browser to reject cookies or notify you when cookies are set. Some parts of Friday may not work correctly if required cookies or storage are disabled.

We use trusted service providers to host, deliver, secure, analyse, and support Friday. These providers may process personal data only for the purposes we authorise and under appropriate contractual obligations.

Service providers may include hosting providers, database providers, email delivery services, analytics and diagnostics providers, AI infrastructure providers, security tools, and customer support tools.

Friday uses AI to help interpret written feedback, map comments to engagement drivers, identify topics, and generate recommendations for employees, managers, and People & Culture teams.

AI output should support human judgement. Organisations and users remain responsible for decisions they make based on Friday insights or recommendations.

We do not sell personal data. We may share personal data only when needed to provide Friday, follow customer instructions, work with service providers, complete business administration, or comply with law.

Friday is operated from Denmark and may use service providers located in other countries. When personal data is transferred outside the European Economic Area, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, and additional security measures where required.

We keep personal data for as long as needed to provide Friday, meet contractual commitments, support security and audit needs, resolve disputes, and comply with legal obligations.

Customer organisations can request deletion or export according to their agreement with Friday. Individual employees should normally direct workplace data requests to their organisation, and we will assist the organisation where required.

Users and organisations can request deletion of stored data by contacting us at sofie@hifriday.app. If the data belongs to an organisation using Friday, we may need to coordinate the request with that organisation because it is normally the data controller for employee check-in data.

Depending on where you live and how Friday is used by your organisation, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data.

If Friday processes your data on behalf of your employer or organisation, we may refer your request to that organisation or assist them in responding. You may also have the right to complain to your local data protection authority.

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures include access controls, authentication, encryption where appropriate, monitoring, and operational safeguards.

No internet service or electronic storage system can be guaranteed to be completely secure. If we become aware of a security incident affecting personal data, we will take appropriate steps in line with applicable law and customer agreements.

Friday websites or product communications may link to external websites or services that we do not operate. We are not responsible for the privacy practices, content, or security of those third-party sites.

Friday is intended for workplace use and is not directed at children. We do not knowingly collect personal data from children through the public website. If you believe a child has provided personal data to Friday, contact us so we can review and delete it where appropriate.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date and may notify customers or users through the service, by email, or by another appropriate method.