Privacy Policy
Privacy Policy
A working document for product, operational, and legal review. It is intentionally public in development so reviewers can validate the complete signup path.
1. Review status
This document is a development-review draft and is not approved for production use. It does not replace a legally reviewed privacy notice.
Production collection must remain blocked until the data controller identity, effective date, contact method, and applicable jurisdictional disclosures are approved.
2. Data under review
The pilot design anticipates account identifiers, workspace and project configuration, agent-connection metadata, hosted-page session identifiers, usage counters, audit events, and bounded operational logs.
LiveFrame should not store customer business records or raw customer secrets beyond the narrowly approved operational metadata needed to provide the runtime.
3. Proposed purposes
Proposed purposes include authenticating operators, delivering hosted interfaces, enforcing tenant isolation and usage controls, troubleshooting failures, preventing abuse, and maintaining service security.
Final review must map each purpose to a lawful basis and disclose any optional analytics separately.
4. Service providers and transfers
The current infrastructure plan uses Railway for LiveFrame services and Supabase for authentication and Postgres. Final disclosures must identify approved subprocessors, processing regions, transfer safeguards, and notification procedures.
5. Retention and deletion
Runtime and audit retention must follow the approved, dry-run-first retention schedule. Final policy must state account, backup, security-log, and legal-hold periods and explain deletion limitations.
6. Security
The product design separates Admin and public hosted-page trust zones, uses scoped credentials, validates untrusted agent output, and records bounded operational evidence. No system can promise absolute security.
Final review must align public security statements with verified controls and incident procedures.
7. Individual choices and rights
Access, correction, deletion, portability, objection, consent withdrawal, complaint, and appeal procedures remain to be approved for the jurisdictions where LiveFrame will operate.
8. Review contact
Privacy questions about this draft should be directed to the LiveFrame release owner through the approved project communication channel. A production privacy contact has not yet been approved.