Privacy Policy

Last Updated: 10/24/2025

Our Commitment to Privacy

frites.me is committed to protecting your privacy through strict data minimization, transparency, and giving you complete control over your information.

1. Information We Collect

Minimal Data Collection

We practice strict data minimization and only collect information essential for our service:

  • License Validation: Device fingerprint (hashed) to prevent license sharing
  • Usage Analytics: Anonymized feature usage to improve the extension
  • Error Reporting: Anonymous crash reports for debugging (no personal data)
  • Payment Processing: Handled exclusively by Stripe (we never see payment details)

What We DON'T Collect

  • ❌ Your Instagram content or captions
  • ❌ Your social media account credentials
  • ❌ Personal browsing history outside our extension
  • ❌ Location data or device information beyond license validation
  • ❌ Email addresses or personal identifiers (unless voluntarily provided for support)

2. How We Use Your Information

  • License Verification: Ensure valid usage and prevent abuse
  • Service Improvement: Anonymous analytics to enhance features
  • Technical Support: Debug issues if you contact us voluntarily
  • Legal Compliance: Meet applicable legal obligations

3. Data Storage and Security

Local-First Architecture

Your extracted data stays on YOUR device. We don't store or transmit your Instagram content.

Security Measures

  • 🔒 All data transmission encrypted with TLS 1.3
  • 🔒 Device fingerprints hashed with SHA-256
  • 🔒 Minimal server logs with automatic deletion after 30 days
  • 🔒 No permanent storage of personal data
  • 🔒 SOC 2 compliant infrastructure partners

4. Data Sharing and Third Parties

We DON'T Share Data With

  • ❌ Advertisers or marketing companies
  • ❌ Data brokers or analytics services
  • ❌ Social media platforms
  • ❌ Any third party for commercial purposes

Limited Third-Party Services

  • Stripe: Payment processing (they handle all payment data securely)
  • MongoDB Atlas: Encrypted license validation database
  • Cloudflare: DDoS protection and performance (no data logging)

5. Your Rights and Control

GDPR, CCPA, and Global Privacy Rights

  • Right to Know: Request what data we have (spoiler: very little)
  • Right to Delete: We'll delete your license data upon request
  • Right to Portability: Export your data (minimal as it is)
  • Right to Correction: Update any inaccurate information
  • Right to Opt-Out: Disable analytics or error reporting
  • Right to Object: Stop processing for legitimate interests

Data Retention

  • License Data: Retained while license is active + 30 days
  • Analytics: Anonymized, automatically deleted after 90 days
  • Support Requests: Deleted after issue resolution + 1 year
  • Payment Records: Handled by Stripe per their retention policy

6. Cookies and Tracking

No Tracking Policy

  • ❌ No advertising cookies
  • ❌ No cross-site tracking
  • ❌ No social media pixels
  • ❌ No behavioral profiling
  • ✅ Only essential session cookies for functionality

7. International Data Transfers

Data Residency: All data processing occurs in secure, SOC 2 compliant data centers. For users outside the US, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) for EU transfers
  • Adequacy decisions where applicable
  • Additional encryption and access controls

8. Children's Privacy

Our service is not intended for users under 16 years old. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

9. Legal Disclosures

We may disclose minimal information only when required by law:

  • Valid court orders or subpoenas
  • Legal process that cannot be challenged
  • Protection against fraud or security threats
  • Enforcement of our Terms of Service

Transparency Commitment: We will notify users of legal requests unless prohibited by law, and we will challenge overly broad requests.

10. Data Breach Response

In the unlikely event of a data breach:

  • 🚨 Immediate containment and investigation
  • 📧 User notification within 72 hours
  • 🔍 Full transparency about what was affected
  • 🛡️ Free identity monitoring if personal data involved
  • 📋 Detailed incident report published

11. Changes to This Policy

We will notify users of material changes to this privacy policy through:

  • Email notification (if you've provided an email)
  • In-app notification in the Chrome extension
  • Prominent notice on our website
  • 30-day notice period before changes take effect

12. Contact Information

Privacy Requests & Questions

Email: privacy@frites.me

Response Time: We respond to all privacy requests within 48 hours

For Immediate Data Deletion:

Send "DELETE MY DATA" to privacy@frites.me with your license key, and we'll process it within 24 hours with confirmation.

Our Privacy Promise

We built frites.me with privacy as a core principle, not an afterthought. Your data stays yours, your privacy is respected, and your trust is earned through transparency and minimal data practices.

This privacy policy is effective as of 10/24/2025 and applies to all users of frites.me.
Version: 2.0 | Last Review: 10/24/2025