SecFrame Explorer
3/3

Privacy Notice

Last updated: May 2, 2026

This Privacy Notice describes how Arnav Sharma ("we", "us"), the data controller for SecFrame Explorer, collects and uses personal data.

1. Data we collect

  • Account data: email address, authentication identifiers.
  • Usage data: AI lookup history, bookmarks, control status, page views.
  • Technical data: IP address, device and browser information, log data.
  • Support data: messages you send us.

Payment data (card numbers, billing addresses) is collected and processed by Paddle, not by us.

2. Why we use your data

  • To provide and operate the Service (contract performance).
  • To enforce free-tier quotas and gate paid features (contract performance).
  • To prevent fraud and abuse (legitimate interests).
  • To improve the product (legitimate interests).
  • To respond to support requests (contract performance).
  • To comply with legal obligations.

3. Who we share data with

  • Paddle.com — our Merchant of Record, for sale of products, subscription management, payments, tax compliance, and invoicing.
  • Hosting and infrastructure providers (Lovable Cloud / Supabase) — for database, authentication, and hosting.
  • AI providers (Google, OpenAI via Lovable AI Gateway) — to generate control explanations from your queries.
  • Authorities — when required by law.

4. International transfers

Data may be processed in the United States and other countries where our service providers operate. We rely on Standard Contractual Clauses or equivalent safeguards where required.

5. Retention

We retain account and usage data for as long as your account is active and for a reasonable period afterwards for legal, accounting, or fraud-prevention purposes, then delete or anonymise it.

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your data, to object to processing, and to withdraw consent. UK/EEA users have rights under the UK GDPR / EU GDPR including the right to complain to a supervisory authority. We respond to requests within one month.

7. Security

We use appropriate technical and organisational measures (encryption in transit, access controls, RLS-protected databases) to protect personal data.

8. Cookies

We use essential cookies for authentication and session management. We do not currently use marketing cookies.

9. Contact

To exercise your rights or ask questions, contact us at the email listed on our site.