Freeform's Compliance and Risk Management Practices - 2025
At Freeform, we prioritize compliance and risk management. We maintain comprehensive insurance coverage, meticulous documentation practices, and adhere to industry-leading compliance standards. Our commitment to compliance extends beyond mere adherence to regulations; we proactively seek to identify and mitigate potential risks, ensuring the security and integrity of our operations. By maintaining a robust compliance framework and a proactive approach to risk management, we foster a culture of responsibility and accountability, safeguarding our clients, our reputation, and our business.
Freeforms' unique compliance practices securely connect user data (e.g., first and last name, phone, email, title, and company) across at least two, and often more than seven, GDPR-compliant and well-established platforms, but only after users have given their explicit consent. This connection allows for neutral and fair targeting. Our proprietary process and technology remains consistent throughout each stage, ensuring compliance is always maintained. Financial firms with some of the highest standards in the market have reviewed and approved Freeforms' compliance practices.
TARGET
We begin with a source of truth, generated from our clients and expanded using data partners and our technology. In B2B accounts, this may simply be a company name; in B2C accounts, it could be a customer's name, email, and address. Using proprietary AI, we securely and compliantly connect this data to social and search platforms.
ARCHITECT
With a captive audience, we deliver content that satisfies their needs and desires while generating high-quality conversions. While countless creative options exist, the most effective content is often the simplest. We use a turnkey process of continuous research and analysis to develop content that resonates with users specific audiences while maintaining brand consistency.
DEPLOY
Beyond the major platforms like Facebook and LinkedIn, thousands of unique digital spaces exist where usersr audience lives, works, and plays. We analyze these channels in conjunction with our target audience and deploy content accordingly, often leveraging and combining channels for optimal results.
MEASURE
The greatest challenge lies in tracking and reacting to results in real time. Real-time results provide the most accurate metrics, enabling constant evaluation of campaign success. If an approach isn't working, we can adjust immediately, maximizing time, effort, and profit.
Technical Architecture and Compliance
The Freeform team and our clients visualize the construction of a campaign using a technical architecture map, based on the four processes. Through our partners' open API documentation, Freeform developers create unique connections within their platforms, which allows us to customize each via custom code bases. These platforms provide well-defined interfaces and protocols that allow external applications and services to interact with the software's features and data. Freeform Developers can leverage this documentation to build custom integrations, automate tasks, extend functionalities, and create innovative solutions. By utilizing open APIs, Freeform developers can seamlessly connect different systems, streamline workflows, and harness the full potential of the software. This fosters a collaborative ecosystem where developers can contribute and share their creations, ultimately enhancing the overall functionality and value of the platform.
All data collected across this custom connected Omni Channel and throughout all four stages of Freeform's process and technology utilization undergoes not just one, but multiple layers of compliance checks. This is crucial because user and advertising data is aggregated and interconnected from a network of cutting-edge data providers and hundreds of social and search platforms.
GDPR Compliance
Critically, all these data sources are compliant with the General Data Protection Regulation (GDPR), a comprehensive European data protection law that enhances and strengthens the data rights of individuals. This ensures that all data utilized by Freeform adheres to stringent privacy and security standards, maintaining the integrity and confidentiality of user information throughout all stages of collection and processing.
To comply with the GDPR, Freeform and its partners take various measures to protect user data and ensure transparency in data processing. Key steps include obtaining explicit consent from users before collecting and processing their personal data, providing clear and easily accessible privacy policies, enabling users to access, rectify, or delete their data upon request, and implementing robust security measures to prevent data breaches and unauthorized access. Additionally, Freeform and partners must ensure that their data processing activities align with the principles of data minimization, purpose limitation, and storage limitation. By adhering to these principles and implementing appropriate data protection measures, marketing technology or firms can demonstrate compliance with the GDPR and protect user privacy as outlined below.
Privacy Policy
Freeform Partners utilizes artificial intelligence to assist professionals in building and cultivating relationships and opportunities. This Privacy Policy outlines the privacy practices for information gathered by Freeform Partners on any website where Freeform Partners has posted the policy.. By utilizing our partners website or services, users agree to this Privacy Policy.
Collection of Personal Data
Freeform Partners gathers information through various avenues, including:Linking to other platforms: users professional networking, customer relationship management, or social media platforms.Linking email: Email, email accounts, and contacts. User consent.
When users link email accounts, professional networking, customer relationship management, or social media platforms, we may collect information about users' contacts or related data. We may also collect information about their use of our products or services. Additionally, we collect information from our service providers, partners, or other sources of publicly available information.
Types of Personal Data Collected
The personal data that Freeform Partners may collect encompasses:
  • Biographic information: such as names.
  • Contact information: such as addresses, telephone numbers, email addresses, and professional networking and social media platform contact information.
  • Professional information: such as title, industry, professional and employment background, and profile.
  • Preferences and interests: such as contact preferences and preferred language.
We may also collect other identifying information we may obtain from users, as disclosed in other policies or notices. Users have the option not to provide us with users' personal data. However, if users choose not to provide us with users personal data, we may not be able to provide users with all functional aspects of our products and services.
Use of Personal Data & Providing Products and Services
Freeform Partners may use users' personal data for our legitimate business interests and to provide users or our other customers with our products and services. We may use users' contact information to communicate with users about users' order of our products or services, including to process payments or send receipts. Freeform Partners may also use users' personal data to add new features or capabilities to our products or services or otherwise improve them. We may use users ' personal data to administer users' website accounts with our partners. We may also use users' personal data to produce aggregate or statistical data about our customers, users, products, services, or industry.
Our partners legal bases for processing users' personal data to provide users with our products and services are the performance of contracts and the furtherance of Freeform Partners's legitimate business interests. Our partners legitimate business interests may relate to the provision of our services, fraud detection and prevention, risk assessment, or improvement of our products and services. If users choose not to provide users personal data where it is required as part of a contract for our products or services or to create users' website accounts, we may be unable to provide users with our products and services.
Marketing
We may use users' personal data so that we, or our affiliates, can market, advertise, or otherwise promote products and services that may be of interest to users based on users' profile. We may advertise to users on websites or using email or professional networking or social media platforms. Unless users ask us not to, Freeform Partners may contact users in the future to tell users about new products or services. We may use users personal data for website analytics and customer relationship management purposes.
Our legal basis for processing users personal data for marketing purposes is Freeform Partners's legitimate business interests relating to marketing, advertising, and promoting
Legal and Compliance
Freeform Partners may also use users' personal data in connection with legal or compliance obligations. These obligations may include cooperating or complying with government or law enforcement investigations, litigation, discovery, regulatory requirements, corporate investigations, dispute resolution, collections, national security, public interest, or others.
Legal bases for processing users' personal data for legal and compliance purposes are to meet legal obligations and legitimate business interests relating to compliance with other local laws that we may be subject to.
Sharing of Personal Data
Freeform Partners may share users' personal data for the purposes of providing our products or services to our customers, communications and customer service, marketing, and as a part of our legal and compliance obligations. When Freeform Partners shares users' personal data, we do so consistent with this Privacy Policy or to the extent necessary to carry out the purposes described in this policy, and as required or permitted by applicable law. Our service providers may include information technology providers, communications technology providers, email or marketing services providers, digital advertising contact information verification services providers, consultants, auditors, attorneys, outsourcing services service providers, financial services providers, payment processing and billing service providers, customer service providers, or others.
In providing users with communications and customer service and marketing, we may share users' personal data with our partners, advertising and marketing service providers, social media platforms, and others.
Freeform Partners may also share personal data with its employees, contractors, service providers, and others.
Use of Personal Data for Employment Applications
If users are applying for a job at Freeform Partners, may collect information from users, including application information, resumes, and employment records; information received from references; work eligibility and equal opportunity employment information (as required or permitted by applicable law); or other information. Partners may use users ' personal data to consider users' employment applications. Partners may share users ' personal data relating to users' application with our employees, affiliates, subsidiaries, and service providers, including recruiting service providers, hiring consultants and agencies, information and technology service providers, human resources information system providers, and others.
Use of Cookies and Similar Technologies
Freeform and it's partners may use "cookies", web beacons, or similar technologies on our website. A cookie is a piece of data stored on a website visitor's device to help us improve access, use, and security of our website and identify repeat visitors to our website. For instance, when we use a cookie to identify users, users would not have to enter a password more than once, thereby saving time while on our website. Web beacons are objects embedded into webpages that allow us to monitor site activity. Cookies, web beacons, and similar technologies can also help us track and target users' interests so that we can enhance users experience on our website, conduct analytics, determine the effectiveness of promotional campaigns, and direct advertisements or other marketing activities.
We may also collect other automated information from users, such as users browser type and language, users operating system, users Internet Protocol address, the date and time of users visit, the duration of users visit, the URLs of websites users visited before and after visiting our website, the web search that landed users on our website, and web pages and advertisements users view and links users click on within our website.
Opt-out (Legitimate Interest) and Opt-in (Consent)
Our advertising strategy incorporates a diverse range of channels and platforms, and when combined with our highly connected advertising network, allows us to create a unique, proprietary, and fully compliant process. This process encompasses techniques that cater to both Opt-out (Legitimate Interest) and Opt-in (Consent) preferences, ensuring that we respect user privacy while effectively reaching our target audience.
By leveraging both Legitimate Interest and Consent-based approaches, we can tailor our advertising messages and delivery methods to align with individual user preferences and legal requirements. This ensures that our advertising campaigns are not only effective but also ethical and respectful of user privacy.
Key Compliance Considerations for our Partnerships/Advertising Compliance Guidelines
  • Content Restrictions: Adhere to partner prohibited content guidelines, which include avoiding hate speech, illegal activities, violence, discrimination, misleading claims, and sexually suggestive content.
  • Accurate Representation: Ensure that your ad copy and visuals accurately reflect our clients product or service. Avoid misleading or deceptive statements, unsubstantiated claims, or hidden fees. We are transparent about our clients' offerings and pricing.
  • Responsible Targeting: Use targeting options responsibly and avoid discriminatory practices based on protected characteristics like race, religion, gender, or sexual orientation.
  • User Privacy: Comply with data privacy regulations like GDPR and CCPA when collecting and using user data for ad targeting. Be transparent about your data collection practices and obtain explicit consent from users before personalizing ad experiences.
  • Clear Calls to Action: Use clear and concise calls to action (CTAs) that accurately reflect the intended user action. Avoid misleading or deceptive CTAs.
  • Local Laws and Regulations: Adhere to all applicable local laws and regulations, especially when targeting audiences in different geographical regions.
Key Points for Implementation
We ensure that all our ads comply with regulations and policies:
  • Understand the importance of ad compliance: Adhere to compliance requirements to maintain campaign visibility, build platform trust, and safeguard brand reputation.
  • Familiarize ourselves with prohibited content: Steer clear of prohibited content and take ethical and legal considerations into account when creating ads.
  • Use targeting responsibly: Avoid discriminatory practices when targeting your audience.
  • Respect user privacy: Obtain consent from users and adhere to data protection regulations.
  • Craft clear CTAs and review ad content: Ensure ad content is clear and compliant before launching, and stay up-to-date on policy changes.
  • Proactively maintain ad compliance by staying informed and adapting to policy changes. This will protect our brand's reputation and help achieve marketing goals.
Artificial Intelligence (AI) in Marketing Technology
Artificial intelligence (AI) is revolutionizing marketing technology, offering businesses transformative opportunities to enhance customer experiences, optimize campaigns, and drive revenue growth. AI-powered tools, such as predictive analytics, natural language processing, and machine learning, enable marketers to gain deep insights into customer behavior, personalize content, and deliver highly targeted advertising. However, with the increasing sophistication of AI and the vast amount of personal data involved, regulatory considerations become paramount. Firms must navigate complex data privacy laws, ethical concerns, and algorithmic transparency requirements to ensure compliance and maintain consumer trust. Striking the balance between leveraging AI's potential and adhering to regulatory frameworks is essential for businesses to harness the full benefits of AI in marketing technology.
In the realm of AI marketing technology, compliance with user privacy regulations is of paramount importance to Freeform and it's partners. Consent plays a crucial role in ensuring that businesses operate ethically and respect the rights of individuals. As mentioned above Freeform and its partners require that users must explicitly agree to the collection and use of their personal data for marketing purposes. This consent can be obtained through various methods, such as opt-in forms, clear and concise privacy policies, and transparent communication about data usage. By prioritizing compliance and obtaining user consent, AI marketing technology companies can build trust with their customers and create a sustainable foundation for growth and innovation.
Anti Spam Policies
Given the increasing prevalence of marketing automation and AI tools in email, text, and voice drop marketing, it is crucial that all campaigns adhere to our Terms of Use and other anti-spam regulations. To maintain the efficiency of our clients' delivery ecosystem, we monitor bounce, unsubscribe, and abuse rates and issue warnings to accounts that exceed industry standards. However, we can usually avoid high rates or warnings by carefully evaluating our clients' audience settings, their subscribed contacts, and their content.
Freeform and our partners adhere to The CAN-SPAM Act, a law established in 2003, regulates the sending of commercial emails in the United States. It aims to protect consumers from unsolicited emails, commonly known as spam. The CAN-SPAM Act outlines specific requirements that businesses and organizations must adhere to when sending commercial emails. These requirements include obtaining consent from recipients before sending marketing emails, providing a clear and conspicuous unsubscribe mechanism in every email, and identifying commercial emails as advertisements. Additionally, the Act prohibits the use of false or misleading information in the subject line or header of an email and sets penalties for violations. By complying with the CAN-SPAM Act, businesses can ensure that their email marketing practices are ethical and compliant with the law.
California Users and California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a landmark privacy law that aims to protect the personal data of California residents. As a marketing technology company operating in California, it is essential to comply with the CCPA to safeguard consumer privacy and avoid potential penalties.
To ensure compliance with the CCPA, Freeform and its partners take several key steps. Firstly, we establish a comprehensive privacy program that includes policies, procedures, and training for employees. This program should outline how the company collects, uses, and discloses personal data, as well as the rights of consumers under the CCPA. Additionally, companies must implement robust data security measures to protect personal data from unauthorized access, use, or disclosure.
Compliance with Google Chrome Extension Policies
Freeform and its partners are committed to protecting the privacy of its users. We do not engage in the sale of personal information collected through our Google Chrome extension. This commitment extends to various uses of user data, including:
  • Personalized Advertising: We do not transfer, use, or sell user data to create targeted advertisements.
  • Third-Party Sharing: We do not transfer or sell user data to third parties, such as advertising platforms, data brokers, or other entities that engage in the resale of information.
  • Financial Profiling: We do not transfer, use, or sell user data to assess creditworthiness or inform lending decisions.
API Partner Compliance Standards
Freeform and its partners prioritize API compliance and have obtained independent, third-party auditor certifications with the AICPA's SOC for Service Organizations, including SOC 2 Type II and SOC 3.
To provide effective customer support, troubleshoot problems, detect and respond to security incidents, and implement data security, a subset of personnel has access to products and customer data via controlled interfaces.
Authentication Resources require Two factor authentication (2FA) and SAML integration with external identity providers. Our partners use 256-bit AES encryption at rest in addition to securing network communication with TLS 1.2 for encrypting data in transit.
Change Management and Security Practices
Change Management involves peer code reviews for every pull request, with security reviews performed as appropriate. Regular code and security audits are conducted. Continuous integration and delivery are implemented using GitLab for CI tooling, with every merged PR subjected to a pipeline of rigorous tests and analysis. Robust unit testing and regular penetration testing are also performed.
Cloud Infrastructure and Security
Freeform and its API partners utilize Amazon Web Services (AWS) as its cloud service provider and leverages AWS' security and compliance controls for data center physical security and cloud infrastructure. Further resources for this service provider can be found on the AWS Security Cloud website.
Our partners have globally distributed SRE and Security teams on call 24/7. A status page is maintained to provide users with real-time service availability updates. Partners also maintain a comprehensive log of all user and activities. Activities are extensively logged internally for troubleshooting and support, and presented in summary in History to inform users directly.
Threat Detection and Penetration Testing
Threat detection software is enabled, and continual threat modeling exercises are enforced to identify and plan for any vulnerabilities in our environment. An external penetration test by an independent third party is conducted on an annual cadence, at minimum.
Security Exploit Bug Bounty Program
A Security Exploit Bug Bounty Program acknowledges the work independent security researchers do by flagging vulnerabilities, with a discretionary reward system. There's no maximum amount; each vulnerability is reviewed on a case-by-case basis.