Privacy Policy
Last updated: March 12, 2026
1. Controller
The controller responsible for data processing on this website is: Fabiano Frascati, Frascati Systems (Einzelunternehmen), Switzerland. Email: office@frascatisystems.com. This privacy policy applies to the website frascati.app and all related services (collectively, the "Service").
2. Legal Basis
We process personal data in accordance with the Swiss Federal Act on Data Protection (DSG/FADP, effective September 1, 2023) and, where applicable to users in the EU/EEA, the General Data Protection Regulation (GDPR). Processing is based on: (a) performance of a contract (account creation, service delivery, payment processing), (b) legitimate interests (security, analytics, service improvement), (c) legal obligations (tax/accounting records), or (d) your consent (where explicitly requested).
3. Data We Collect
Account data: name, email address, profile picture (via OAuth providers). Payment data: processed by Stripe — we do not store credit card numbers. Usage data: projects created, AI prompts sent, features used, credit consumption. Technical data: IP address, browser type, device information, access times. Published projects: content you choose to publish at frascati.app/p/[slug] is publicly accessible.
4. AI Data Processing
Your prompts and project code are sent to third-party AI providers for code generation. Current providers: Anthropic (Claude), OpenAI, Google (Gemini), DeepSeek — routed via OpenRouter. We do not use your prompts or generated code to train AI models. AI providers process data according to their respective privacy policies and data processing agreements. Prompts are not stored by us beyond the active session. Generated code is stored as part of your project data.
5. Third-Party Services & Data Processors
We use the following third-party services that process your data: (a) Vercel (USA) — hosting, serverless functions, analytics (privacy-friendly, no tracking cookies). (b) Neon (USA) — PostgreSQL database hosting. (c) Stripe (USA) — payment processing for subscriptions and credit purchases. (d) OpenRouter / Anthropic / OpenAI / Google (USA) — AI code generation. (e) Resend (USA) — transactional email delivery. (f) Sentry (USA) — error tracking and monitoring. (g) Google / GitHub (USA) — OAuth authentication. All providers are bound by data processing agreements. Data transfers to the USA are covered by the Swiss-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs).
6. Cookies & Tracking
We use essential cookies only: authentication session cookies (NextAuth) required for login functionality. These are strictly necessary and do not require consent. We do not use advertising cookies, cross-site tracking, or third-party marketing cookies. Vercel Analytics is privacy-friendly and does not use cookies or collect personal data. You can control cookies through your browser settings, but disabling essential cookies will prevent login functionality.
7. Data Retention
Account data: retained while your account is active. Project data: retained until you delete it or your account is terminated. After account deletion: all personal data and projects are permanently removed within 30 days. Billing records: retained for 10 years as required by Swiss tax law (Art. 958f OR). Error logs (Sentry): automatically deleted after 90 days. Health check data: automatically cleaned up after 90 days.
8. Your Rights
Under the Swiss DSG and GDPR, you have the right to: (a) Access — request a copy of your personal data. (b) Rectification — correct inaccurate data. (c) Deletion — request deletion of your data ("right to be forgotten"). (d) Data portability — receive your data in a structured, machine-readable format. (e) Object — object to processing based on legitimate interests. (f) Restriction — request restricted processing under certain conditions. (g) Withdraw consent — where processing is based on consent, withdraw it at any time. To exercise these rights, contact us at office@frascatisystems.com. We will respond within 30 days.
9. International Data Transfers
Your data is processed by services located in the USA (see Section 5). These transfers are safeguarded by: (a) the Swiss-US Data Privacy Framework (for certified US companies), (b) Standard Contractual Clauses (SCCs) approved by the European Commission, and (c) data processing agreements with all providers. The Swiss Federal Data Protection and Information Commissioner (FDPIC) has recognized the USA as providing adequate protection for data transfers under the DPF.
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including: encryption in transit (TLS/HTTPS) and at rest, access controls and authentication, regular security monitoring, secure password hashing, and rate limiting on all API endpoints. Despite these measures, no internet transmission is 100% secure. We will notify affected users and the FDPIC of any data breach as required by Art. 24 DSG.
11. Children's Privacy
Frascati is not intended for children under 16 (the minimum age under Swiss DSG). We do not knowingly collect data from children under 16. If we discover such data has been collected, it will be promptly deleted. Parents or guardians who believe their child has provided data to us should contact us at office@frascatisystems.com.
12. Automated Decision-Making
We do not make automated decisions that produce legal or similarly significant effects on you (Art. 21 DSG / Art. 22 GDPR). AI code generation is a tool that assists you in creating websites — it does not make decisions about you. Credit usage and plan limits are applied based on transparent, predefined rules.
13. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. The current version is always available at frascati.app/privacy.
14. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland, www.edoeb.admin.ch. For EU/EEA users: you may also contact your local data protection authority.
15. Contact
For privacy-related questions or to exercise your data rights: Fabiano Frascati, Frascati Systems, Email: office@frascatisystems.com.