How we handle data.

Scope

This policy covers framebright.ai and its subdomains (clerk.framebright.ai, accounts.framebright.ai, api.framebright.ai). It does not cover the consumer brand at framebright.com (separate policy), the community classification directory at parentproof.com or parentproof.org (separate policy), or partner-operated AEGIS deployments where the partner is the data controller.

Marketing-site visitors

When you visit framebright.ai, we receive standard server-side request metadata: the page you requested, your user agent, your IP address (for routing and abuse mitigation), and the time of the request. We do not run third-party advertising trackers or behavioral retargeting pixels. Webfont assets are served from Google Fonts with the standard Google Fonts privacy posture.

If we add analytics in the future (Plausible or PostHog are the candidates), we will document the IDs here and allow opt-out. We do not currently run analytics.

Partner and contact inquiries

If you submit the contact form at /contact/ or email [email protected] or [email protected], we receive the contents of that message: name, email, organization (if provided), intent, and the body of the inquiry. We use this only to respond to the inquiry and to follow up on the licensing or partnership conversation it begins.

We do not resell, share, or otherwise disclose inquiry contents to third parties. We retain inquiry records for as long as the relationship remains active, plus a reasonable retention window after closure for accounting and audit purposes.

Authentication (Clerk)

Sign-in and account management on framebright.ai are powered by Clerk (clerk.framebright.ai). Clerk handles password storage, multi-factor authentication, session issuance, and account recovery. Clerk's own privacy policy applies to that subset of the data flow; we configure Clerk to receive only the data we need (email, name on registration, MFA factor metadata) and not to receive payment or content data.

AEGIS-classified content

Partner-operated AEGIS deployments classify content inside the partner's perimeter. FrameBright does not receive that content. Where AEGIS runs as a managed API for the partner, content is processed in-memory only and is not retained beyond the request lifetime unless the partner has explicitly enabled verdict-replay storage for their own audit purposes.

If you are an end user whose content has been classified by AEGIS as part of a partner deployment, the partner (the ISP, device manufacturer, network operator, or platform you are using) is the data controller for that classification, and your privacy rights run against them under their published privacy policy. FrameBright is the data processor, acting under instruction of the partner.

Your rights

You may request access to, correction of, or deletion of any personal data we hold about you in connection with marketing-site activity or partner inquiries. Contact [email protected]. We respond to verified requests within thirty days. For partner-deployment classification activity, contact the partner who operates the deployment.

Updates

If we change this policy materially, we will note the change at the top of this page and timestamp the previous version. The current version is dated 2026-04-26.