Frax.
Legal

Privacy Policy

Last updated: April 25, 2026

The short version
  • — You own your data. Always.
  • — We do not sell your data. Ever.
  • — We use the minimum data required to make the product work.
  • — You can export or delete everything at any time.
01

What we collect

Account info: email, display name, optional profile picture, and authentication credentials.

Workspace data: the clients, hours, retainers, renewals, and referrals you put into Frax. This is your data.

Operational data: standard logs (timestamps, IP, user agent) and product analytics (which pages you visit, which features you use) to keep the product reliable and to make it better.

02

How we use it

To provide the service, authenticate you, send transactional emails, respond to support requests, and improve Frax. We do not use your workspace data to train AI models or sell advertising.

03

Subprocessors

We use a small set of vetted infrastructure providers to operate Frax, including hosting, database, authentication, file storage, email delivery, and analytics. Each is bound by a data processing agreement. A current list is available on request.

04

Where your data lives

Frax data is stored in secure cloud infrastructure with encryption at rest and in transit (TLS 1.2+). Backups are encrypted and access-controlled.

05

Your rights

You can access, correct, export, or delete your data from inside Frax, or by emailing us. Depending on where you live (e.g. EU, UK, California), you may have additional rights under GDPR, UK GDPR, or CCPA. We honor them.

06

Cookies

We use a small number of strictly necessary cookies for authentication and session state, plus optional analytics cookies that you can disable. We don't use third-party advertising cookies.

07

Data retention

We retain your data for as long as your account is active. If you delete your account, we delete your data within 30 days, except where retention is required by law (e.g. tax records).

08

Security

We use modern best practices: row-level security in our database, encrypted secrets, principle-of-least-privilege access, regular dependency audits, and isolated workspace tenancy. No system is perfectly secure; if we ever experience a breach affecting your data, we will notify you within 72 hours of confirmation.

09

Children

Frax is not intended for anyone under 18 and we don't knowingly collect data from children.

10

Changes

We'll email you about material changes at least 14 days before they take effect. The "Last updated" date at the top of this page tracks the most recent revision.

11

Contact

Questions, requests, or concerns? Email privacy@frax.app.