Privacy Policy

This policy explains how The Framework collects, uses, and shares personal data when you use our website, app, audio course, subscriptions, and related services.

Last updated: May 7, 2026.

Who is responsible

The Framework is operated by Marcel Salathe. For privacy questions or requests, contact us at support@theframeworkapp.com.

Data we collect

  • Account and login data, such as your email address, email-based login codes, magic link tokens, essential session cookies, and mobile WebView session handoff tokens.
  • Subscription data, such as your selected plan, checkout confirmations, marketing email preference, subscription status, billing period, Stripe customer ID, and Stripe subscription ID.
  • Usage data inside the product, such as lesson progress, exploration progress, completed content, sequential lesson unlock state, free-listen usage, and audio voice preference.
  • Waitlist data, such as your email address, confirmation status, and confirmation token.
  • Technical data, such as IP address, user agent, request logs, device/browser information, and diagnostics needed to operate and secure the service.
  • Error and availability data, such as exception reports, uptime checks, and related operational metadata.
  • Aggregate analytics data about visits to the marketing site.

How we use data

  • To create and maintain your account, authenticate you, and keep you signed in.
  • To provide the audio course, remember your playback progress, and sync your settings.
  • To process subscriptions, manage access, and handle billing status through Stripe.
  • To record subscription confirmations, legal acceptances, withdrawal acknowledgements where required, and optional marketing preferences.
  • To send login codes, magic links, subscription emails, and service messages.
  • To send product updates only if you separately opt in. You can unsubscribe from those updates at any time.
  • To secure, debug, monitor, and improve the service.
  • To show approximate local currency based on country-level IP lookup.
  • To comply with legal, accounting, tax, security, and platform obligations.

Service providers

We use trusted service providers to run The Framework. They process data for us or provide services that are necessary for the product:

  • Heroku and PostgreSQL for hosting and database infrastructure.
  • Amazon S3 / Active Storage for private media and uploaded assets.
  • Stripe for payments, checkout, billing, subscription management, and customer portal access.
  • Resend for transactional email delivery.
  • Sentry for error tracking and diagnostics.
  • Better Stack for uptime monitoring.
  • Plausible Analytics for privacy-friendly aggregate website analytics.
  • IPinfo for country-level IP lookup used to display approximate local currency.
  • Google Fonts for serving the Instrument Sans web font.
  • Apple App Store and Google Play, if you install or access the mobile app through those stores.

Cookies and analytics

We use essential session cookies for security, form protection, and sign-in. We do not use advertising cookies, third-party tracking pixels, or cross-site tracking. Plausible Analytics is used for aggregate website analytics and does not set cookies. See our Cookie Policy.

Payments

Payments are processed by Stripe. We do not store full card numbers or card security codes. Stripe may collect payment details, billing details, fraud prevention signals, and related transaction data under its own terms and privacy policy.

Data retention

We keep personal data only as long as needed for the purposes above. Account and progress data are kept while your account exists. If you delete your account, we delete the active account record, sign-in sessions, app settings, and listening progress. We may retain limited records as needed for billing, security, fraud prevention, abuse prevention, chargeback handling, accounting, tax, and legal obligations. Waitlist data is kept until launch communications are complete or you ask us to remove it. Operational logs, error reports, backups, and security records are kept for limited periods according to our providers' retention settings and operational needs.

Your choices and rights

You can delete your account from Settings in the app. You can also contact us to request access, correction, deletion, restriction, or portability of your personal data, or to object to certain processing. Some requests may be limited by legal, security, accounting, fraud-prevention, abuse-prevention, or chargeback obligations. You can also manage or cancel your subscription through the account page and Stripe customer portal.

International transfers

Our providers may process data in Switzerland, the European Economic Area, the United States, and other countries where they operate. Where required, we rely on appropriate contractual, legal, and technical safeguards for these transfers.

Security

We use HTTPS, secure session cookies, access controls, private media delivery, error monitoring, and provider security features to protect the service. No online service can guarantee perfect security, but we work to keep data protected and limited to what the product needs.

Children

The Framework is not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us and we will take appropriate steps to delete it.

Changes

We may update this policy as the service changes. If a change is material, we will take reasonable steps to notify users, such as updating this page or sending a service message.