Effective date: June 6, 2026

This Privacy Policy explains how Fronty, Inc., 6412 Matilija Ave #206, Van Nuys, CA 91401, United States ("Fronty", "we", "us", or "our") collects, uses, discloses, and protects personal information in connection with fronty.com, app.fronty.com, Fronty-hosted sites, APIs, editors, AI features, hosting, custom-domain features, content/database features, and related services (the "Service").

Contact: [email protected].

1. Scope and roles

This policy applies when Fronty processes personal information for its own Service, account, security, billing, support, analytics, and product-improvement purposes.

Customers may use Fronty to create and publish websites, forms, databases, and other content. For personal information that a Customer collects from visitors to the Customer's own site, the Customer is responsible for giving privacy notices and obtaining any required consent. Fronty processes that data to provide the Service to the Customer.

2. Personal information we collect

We collect the following categories of personal information, depending on how you use the Service:

• Account and profile information: email address, username, first and last name, password hash, profile picture, bio, role, country, city, region, timezone, verification status, OAuth provider identifiers, and account settings.
• Workspace and team information: workspace names, descriptions, icons, plans, team members, invitations, permission settings, roles, and activity related to websites, pages, databases, and projects.
• Customer Content: websites, pages, text, uploaded designs, screenshots, images, files, prompts, generated code, generated markup, page settings, content collections, database records, custom-domain records, and related metadata.
• AI Inputs and Outputs: prompts, uploaded designs/screenshots, page markup, instructions, generated AI responses, token/usage metadata, and quality or error information related to AI processing.
• Billing and transaction information: plan, subscription, credit-pack, add-on, amount, currency, transaction status, refund status, Paddle identifiers, invoice/receipt metadata, and related records. Paddle processes payment method data; we do not store full card numbers.
• Usage, device, and log information: IP address, approximate location, browser, device, operating system, app configuration, pages viewed, feature usage, request metadata, diagnostics, error logs, timestamps, and security events.
• Hosted-site visitor information: when a visitor accesses a Fronty-hosted site, we and our infrastructure providers may process request logs, IP address, browser/device information, language preferences, cookies, form submissions, database interactions, and security metadata needed to serve and protect the site.
• Communications: support messages, abuse reports, legal notices, survey/contact form content, email preferences, and communications with us.
• Cookies and similar technologies: authentication/session cookies, security cookies, language and preference cookies, anti-abuse/captcha signals, and analytics or product-improvement cookies where enabled.

3. Sources

We collect personal information directly from you, from your use of the Service, from Customer Content you submit or publish, from your site visitors, from team members who invite or administer you, and from third parties such as Paddle, Google OAuth, Cloudflare, AI providers, email providers, and hosting or infrastructure providers.

4. How we use personal information

We use personal information to:

• provide, operate, maintain, and improve the Service;
• create and authenticate accounts, verify email addresses, reset passwords, and manage sessions;
• generate, edit, polish, host, publish, export, and secure websites and Customer Content;
• process AI requests and return AI Output;
• manage workspaces, team permissions, invitations, custom domains, databases, pages, and hosted sites;
• process plans, subscriptions, credits, add-ons, refunds, chargebacks, receipts, taxes, and payment-related support through Paddle;
• send transactional emails, product notices, security notices, and support responses;
• detect, prevent, investigate, and respond to fraud, spam, malware, phishing, abuse, security incidents, policy violations, and illegal activity;
• debug, monitor, analyze, and improve performance, reliability, security, and user experience;
• enforce our Terms and other legal terms;
• comply with legal obligations and respond to lawful requests; and
• send marketing communications where permitted, with opt-out rights.

Where GDPR or similar laws apply, our legal bases may include performance of a contract, legitimate interests, consent, legal obligation, and protection of vital interests where relevant.

5. AI processing

Fronty uses AI providers to process relevant Inputs and generate AI Output. Based on the current production architecture, Fronty uses Anthropic for AI generation and polishing features. We may use other AI infrastructure or model providers if configured for the Service.

We do not sell Customer Content, and we do not use Customer Content to train third-party foundation models. Anthropic's API data retention and training practices are governed by Anthropic's commercial API terms and documentation. Unless Fronty has separately enabled zero-data-retention under a provider agreement, you should assume AI providers may retain API inputs and outputs for limited periods for safety, abuse monitoring, legal, or service-operation purposes as described in their terms.

Do not submit sensitive personal information, confidential information, regulated data, or third-party secrets to AI features unless you have the rights and legal basis to do so and the feature is appropriate for that data.

6. How we disclose personal information

We disclose personal information as needed to operate the Service:

• Paddle: Merchant of Record, checkout, payment processing, receipts, taxes, refunds, disputes, and buyer support.
• Anthropic: AI generation and AI polishing.
• Amazon Web Services (S3): object storage, generated content, files, and backups where configured.
• Nextcloud: uploaded assets, images, files, and shared media storage where configured.
• Cloudflare: CDN, DNS, Workers, custom-hostname/TLS features, Turnstile, security, and edge delivery.
• MailerSend: transactional email, verification email, password reset email, and invitations.
• Google: Google OAuth sign-in where you choose to use it.
• Database, queue, and infrastructure providers: MongoDB-compatible database hosting, Redis/queue hosting, server hosting, logging, and operations providers where used.
• Professional and legal service providers: lawyers, accountants, auditors, insurers, and other advisors.
• Authorities, rights holders, and safety organizations: where required by law or where we reasonably believe disclosure is necessary to protect rights, safety, users, visitors, Fronty, or the public.
• Business transfers: as part of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate protections.

We do not sell personal information or share it for cross-context behavioral advertising as those terms are commonly used under California privacy law. If that changes, we will update this policy and provide required choices.

7. International transfers

Fronty is based in the United States, and our providers may process personal information in the United States, the European Economic Area, the United Kingdom, Armenia, and other countries. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses, data-processing agreements, or other lawful transfer mechanisms.

8. Retention

We retain personal information for as long as needed to provide the Service, maintain accounts, host Customer Content, process transactions, comply with legal obligations, resolve disputes, enforce agreements, secure the Service, and maintain backups and audit records.

Typical retention depends on the data type:

• account and workspace records are kept while the account or workspace is active;
• Customer Content is kept until deleted by the Customer or until the account is closed, subject to backups and legal needs;
• billing, tax, refund, and dispute records are kept as required for legal, accounting, and payment compliance;
• security, abuse, and diagnostic logs are kept for a limited period unless needed for investigation or legal reasons;
• verification and password-reset tokens are short-lived or invalidated after use; and
• AI-provider retention follows the applicable provider terms and any enterprise retention settings enabled for Fronty.

9. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal information; withdraw consent; opt out of marketing; or complain to a data-protection authority.

California residents may have rights to know, access, correct, delete, and receive information about certain disclosures of personal information, and the right not to be discriminated against for exercising privacy rights. We do not sell or share personal information for cross-context behavioral advertising.

You can update certain account information in the Service. To make a privacy request, email [email protected]. We may need to verify your request before acting on it.

10. Cookies

We use cookies and similar technologies for authentication, security, anti-abuse protection, language and preference storage, Service functionality, and analytics or product improvement where enabled. Some cookies are necessary for the Service to work. You can control cookies through your browser and any cookie banner or settings we provide. Blocking cookies may affect Service functionality.

Fronty-hosted customer sites may use cookies or collect data depending on how the Customer configures the site. Customers are responsible for providing any required cookie or privacy notice to their own visitors.

11. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, security logging, abuse monitoring, rate limits, anti-bot checks, content security controls, and security scanning of hosted content. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, contact [email protected] and we will take appropriate action.

13. Changes

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and provide additional notice where required by law.

14. Contact

Questions, privacy requests, and complaints may be sent to:

Fronty, Inc.
6412 Matilija Ave #206
Van Nuys, CA 91401
United States
Email: info [at] fronty [dot] com