Last updated: April 24, 2026
When you create a Fraxo account, we collect your name, email address, and password. When you use the platform, we collect data about your client engagements, deliverables, time logs, and activity events. This data is essential to providing the core functionality of the service.
When you connect third-party integrations (such as QuickBooks, HubSpot, Stripe, etc.), we store OAuth tokens and API keys necessary to access those services on your behalf. We access only the data scopes you explicitly authorize.
We also collect standard usage analytics including page views, feature usage, browser type, and device information to improve the product.
We use your information to provide, maintain, and improve the Fraxo platform. Specifically, we use it to display your dashboard, track your time, generate client reports, and facilitate third-party integrations. We use Claude AI by Anthropic to generate session summaries and client reports from your activity data.
We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your data to train AI models.
All data is stored in Supabase, hosted on AWS infrastructure in the US East region. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. OAuth tokens and API keys are stored in a separate, isolated database table with row-level security policies ensuring each user can only access their own credentials.
We implement row-level security (RLS) on all database tables, meaning your data is completely isolated from other users at the database level.
When you connect a third-party service, we access their API on your behalf using the credentials you provide. We request the minimum permissions necessary. We do not store raw data from third-party services — we fetch it in real-time when you view your dashboard. OAuth tokens are refreshed automatically and can be revoked at any time by disconnecting the integration.
We retain your data for as long as your account is active. You can request deletion of all your data at any time by contacting us at privacy@fraxo.io or using the account deletion feature in Settings. Upon deletion, all your data — including client records, deliverables, sessions, activity logs, and integration tokens — is permanently removed within 30 days.
You have the right to access, correct, or delete your personal data at any time. You have the right to export your data in a machine-readable format. You have the right to revoke any third-party integration access. If you are in the EU, you have additional rights under GDPR including the right to data portability and the right to be forgotten.
We use essential cookies for authentication and session management only. We do not use advertising cookies or sell cookie data to third parties. We use basic analytics to understand how the product is used.
We may update this privacy policy from time to time. We will notify you of any material changes by email or through the platform. Continued use of the service after changes constitutes acceptance of the updated policy.
For privacy-related inquiries, contact us at privacy@fraxo.io.