Privacy Policy

Marble Frame ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our AI-powered website builder service ("the Service").

By using the Service, you consent to the practices described in this policy. If you do not agree, please do not use the Service.

2.1 Information You Provide

• Account information: name, email address, and profile photo (when authenticating via a third-party provider such as Google)
• Payment information: billing details processed by our payment provider — we do not store credit card numbers on our servers
• Domain registration details: contact information required by ICANN for domain registration (name, address, email, phone)
• Website content: descriptions, prompts, text, and media assets you upload or provide for AI website generation
• Contact form submissions: messages sent through contact forms on your generated websites
• Feedback: comments, bug reports, and feature requests you submit through the feedback feature
• Communications: emails and messages you send to our support channels

2.2 Information Collected Automatically

• Usage data: pages visited, features used, generation history, and interaction patterns
• Device information: browser type, operating system, device type, and screen resolution
• Log data: IP address, access times, referring URLs, and error logs
• Cookies and local storage: authentication tokens and user preferences stored in your browser

We use your information to:

• Provide the Service: generate websites, process payments, register domains, and host your content
• Authenticate your identity: verify your account through our authentication system
• Process payments: charge for AI credits, domain registration, and hosting subscriptions through our payment provider
• Improve the Service: analyze usage patterns, diagnose technical issues, and develop new features
• Communicate with you: send service-related notifications, billing receipts, and respond to feedback
• Ensure security: detect fraud, prevent abuse, and protect our infrastructure
• Comply with legal obligations: fulfill regulatory requirements and respond to lawful requests

We do not sell your personal information to third parties. We do not use your website content or prompts to train AI models.

When you generate or update a website, your prompts and existing website content are sent to our AI provider for processing. This is necessary to provide the core functionality of the Service.

• Prompts are sent to our AI provider at the time of generation and are subject to their privacy policy
• We do not store raw AI model responses beyond the generated website files
• Usage and cost data are stored for billing and credit tracking purposes
• Uploaded images and asset references may be included in prompts so the AI can incorporate them in your website design

We share information with trusted third-party providers solely to operate the Service. These providers fall into the following categories:

Each provider processes data according to their own privacy policies. We encourage you to review them.

Your data is stored on secure cloud infrastructure in the United States. We implement the following security measures:

• All data in transit is encrypted using TLS/SSL
• All databases use server-side encryption at rest
• File storage uses server-side encryption for stored files
• Authentication tokens are verified server-side on every API request
• Internal access controls enforce least-privilege principles
• Payment card data is handled entirely by our payment processor and never touches our servers

While we take reasonable precautions, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

• Account data: retained for the lifetime of your account and for 30 days after deletion
• Website files and assets: retained while your account is active; deleted upon account closure
• Payment records: retained for 7 years to comply with financial record-keeping requirements
• Contact form messages: retained until you delete them or close your account
• Server logs: retained for up to 90 days for security and debugging purposes
• Feedback submissions: retained indefinitely for product improvement unless you request deletion

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your data (subject to legal retention requirements)
• Portability: request your data in a machine-readable format
• Restriction: request restriction of processing in certain circumstances
• Objection: object to processing based on legitimate interests
• Withdraw consent: withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@marbleframe.com. We will respond within 30 days.

We use the following storage mechanisms:

• Authentication tokens: stored in browser local storage to maintain your session (essential, cannot be disabled)
• User preferences: stored in local storage for UI state like sidebar position and theme settings
• Application cache: website data cached in local storage for performance

We do not currently use third-party analytics cookies or advertising trackers. If this changes, we will update this policy and provide opt-out mechanisms.

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

Your data is processed and stored in the United States. If you are located outside the United States, your information is transferred to and processed in the US. By using the Service, you consent to this transfer. We rely on standard contractual clauses and service provider agreements to ensure appropriate safeguards for international transfers.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last updated" date
• Sending an email notification for significant changes
• Displaying an in-app notification upon your next login

Continued use of the Service after changes constitutes acceptance of the updated policy.

For questions, concerns, or requests related to this Privacy Policy, contact us at: