PRIVACY POLICY

MarcoFLY Framework Privacy Policy

Updated on April 11, 2026

This notice explains how the MarcoFLY Framework project processes data collected through the public web app, prompt generation and validation flows, framework usage census, and the related admin console.

Controller and scope

Processing is carried out in relation to the independent MarcoFLY Framework project. This notice applies to the public home page, the framework generation and validation endpoints, census statistics, and the related administrative console.

For privacy requests or to exercise your rights, you can use the contact channels shown in the project footer.

Data processed

  • technical request data, including IP address and timestamps
  • approximate geolocation derived from infrastructure headers: country, region, and city
  • internet provider or network information, where available
  • UI language and framework variant generated
  • activation code, activation status, and confirmation data
  • receipt or confirmation text pasted by the user to validate the framework

Purposes of processing

  • provide the service requested by the user: prompt generation, ID assignment, and framework validation
  • run the framework usage census and produce aggregated statistics on visits, activations, and confirmations
  • manage reliability, misuse prevention, technical abuse detection, and platform security
  • improve the project’s operational monitoring and telemetry quality

Legal bases

  • Article 6(1)(b) GDPR: performance of the user-requested service for generation, registration, and framework validation
  • Article 6(1)(f) GDPR: legitimate interest in technical telemetry, security, operational statistics, and framework usage census
  • Article 6(1)(c) GDPR: any applicable legal obligation, where required

Providers and recipients

Data is not sold or disclosed to third parties for commercial, advertising, or profiling purposes. Data may only be processed by service providers strictly necessary for technical service delivery and for the framework validation/census workflow.

  • Vercel: hosting, app delivery, and infrastructure headers useful for approximate geolocation
  • Supabase: database and persistence of activations, confirmations, and statistics
  • IP/provider lookup services, where required to determine network provider: ip-api.com and ipwho.is
  • Google favicon service / gstatic: retrieval of public logos for compatible AI platforms shown on the home page
  • flagcdn.com solely for rendering country flags shown in the interface

Transfers and minimisation

The project follows a data minimisation approach: collected data is used only for census, framework validation, security, and operational statistics. It is not used for marketing or behavioural profiling.

If some providers process data outside the European Economic Area, processing takes place within the limits and safeguards provided by applicable law and by the contractual framework of the providers in use.

Retention

Telemetry, visit, activation, and confirmation data is retained for as long as strictly necessary to operate the census and framework validation workflow. At present, the project uses an operational retention criterion with administrative deletion or reset when needed.

Because no automatic expiry is currently configured, data may remain in the database until manual reset, administrative cleanup, or the end of the project purposes.

Your rights

  • access to personal data
  • rectification or update of inaccurate data
  • erasure, where applicable
  • restriction of processing
  • objection, where the legal conditions apply
  • complaint to the competent supervisory authority

This notice should be read together with the Cookie Policy, which explains the use of cookies, session storage, and other browser-side technical tools.

Privacy Policy·Cookie Policy·Licensing