Privacy Policy
Last Updated: 20.02.2026
Table of Contents
- Data Controller
- Overview
- Personal Data We Collect
- Purposes and Legal Bases for Processing
- Cookies and Tracking
- Third-Party Service Providers
- Data Transfers
- Data Retention
- Data Security
- Your Rights
- Children and Age Restriction
- California Privacy Rights (CCPA)
- International Users
- Changes to This Policy
- Contact
1. Data Controller
Michael Birk Augustenstrasse 43a Burglengenfeld, 93133, Germany Email: support@frontpageai.site
(hereinafter "we", "us", or "Frontpage AI")
2. Overview
Frontpage AI is an AI-powered tool and assistant. This privacy policy explains how we collect, use, store, and protect your personal data when you use our web and mobile applications. It applies to all users worldwide and is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
3. Personal Data We Collect
We collect only the minimum data necessary to provide our service:
| Data Category | Examples | Collection Method |
|---|---|---|
| Account data | Email address, hashed password | Provided by you at registration |
| Session data | Authentication tokens for session management | Automatically collected |
| Usage data | Anonymous page views, feature usage | Automatically collected (anonymized) |
| Payment data | Handled entirely by Stripe; we do not store credit card numbers | Provided by you at checkout |
We do not collect: location data, contacts, biometric data, or sensitive personal data (racial/ethnic origin, political opinions, religious beliefs, health data, sexual orientation).
4. Purposes and Legal Bases for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Account creation and authentication | Performance of contract (Art. 6(1)(b)) |
| Providing the AI assistant service | Performance of contract (Art. 6(1)(b)) |
| Session management and security | Legitimate interest (Art. 6(1)(f)) — securing our service |
| Anonymous usage analytics | Legitimate interest (Art. 6(1)(f)) — improving our service |
| Payment processing via Stripe | Performance of contract (Art. 6(1)(b)) |
| Responding to support requests | Performance of contract (Art. 6(1)(b)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use your data for profiling, automated decision-making, or marketing purposes.
5. Cookies and Tracking
Essential Cookies
We use strictly necessary cookies for authentication and session management. These cannot be disabled as they are required for the service to function.
Analytics
We use Umami Analytics, a privacy-friendly, cookie-less analytics tool. Umami does not use cookies, does not collect personal data, and does not track users across websites. All data is aggregated and anonymous. No consent is required for Umami under GDPR or the ePrivacy Directive.
We do not use Google Analytics, Facebook Pixel, or any other tracking tools.
6. Third-Party Service Providers
We share data with the following processors, who act on our behalf under data processing agreements:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Convex | Backend infrastructure and database | Account data, session data | European Union |
| Stripe | Payment processing | Payment details (handled by Stripe directly) | EU/US (PCI DSS compliant, SCCs in place) |
| Umami | Anonymous web analytics | None (cookie-less, no personal data) | European Union |
We do not sell, rent, or trade your personal data to any third party.
7. Data Transfers
Our backend infrastructure is hosted in the European Union. Your data is primarily stored and processed within the EU.
Stripe may process payment data in the United States. Stripe complies with GDPR through Standard Contractual Clauses (SCCs) and is PCI DSS Level 1 certified. For details, see Stripe's Privacy Policy.
No other international data transfers occur.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account, plus 30 days for backup recovery |
| Session data | 90 days |
| Anonymous analytics | Aggregated indefinitely (no personal data) |
| Payment records | As required by tax/accounting law (typically 7–10 years) |
When you delete your account, we erase all associated personal data within 30 days, except where retention is required by law.
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Passwords are cryptographically hashed (never stored in plain text)
- All data transmitted via HTTPS/TLS encryption
- Backend hosted on secured EU infrastructure
- Access to production systems restricted to authorized personnel
- Regular security reviews
No system is 100% secure. If we discover a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33–34.
10. Your Rights
Under GDPR (EU/EEA Users)
You have the following rights under GDPR Articles 15–22:
- Right of access (Art. 15) — Request a copy of your personal data
- Right to rectification (Art. 16) — Correct inaccurate data
- Right to erasure (Art. 17) — Request deletion of your data ("right to be forgotten")
- Right to restriction (Art. 18) — Restrict processing in certain circumstances
- Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format
- Right to object (Art. 21) — Object to processing based on legitimate interest
- Right to withdraw consent (Art. 7) — Where processing is based on consent, withdraw at any time without affecting prior processing
To exercise any of these rights, contact us at privacy@frontpageai.site. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection supervisory authority. A list of EU authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Under UK GDPR (UK Users)
UK users have equivalent rights under the UK GDPR. You may lodge complaints with the Information Commissioner's Office (ICO): https://ico.org.uk
11. Children and Age Restriction
Frontpage AI is intended for users aged 18 and older. We do not knowingly collect data from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us immediately.
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know — What personal information we collect and why
- Right to delete — Request deletion of your personal information
- Right to opt out of sale — We do not sell your personal information
- Right to non-discrimination — We will not discriminate against you for exercising your rights
To exercise these rights, contact us at privacy@frontpageai.site.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
13. International Users
If you access Frontpage AI from outside the EU, your data will still be processed and stored in the EU. By using our service, you acknowledge that your data is transferred to and processed in the European Union, which provides a high level of data protection under GDPR.
For users in Brazil (LGPD), Canada (PIPEDA), Australia (Privacy Act 1988), Japan (APPI), and other jurisdictions: you may have additional rights under your local data protection laws. Contact us to exercise them.
14. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website with a new "Last Updated" date
- Sending an email notification for significant changes
Continued use of the service after changes constitutes acceptance of the updated policy.
15. Contact
For any questions, requests, or complaints regarding this privacy policy or your personal data:
Email: privacy@frontpageai.site
We aim to respond to all requests within 30 days.
This privacy policy was last reviewed on 20.02.2026. It is provided as a legal document template and should be reviewed by a qualified legal professional before publication.