Framework
Sign in

Legal · last updated May 14, 2026

Privacy Policy

This Privacy Policy describes how Framework ("we", "us", "our") collects, uses, shares, and protects information about you in connection with the Framework website, leaderboards, daily case, points shop, rewards program, and any related features (collectively, the "Service"). It also describes the choices you have regarding our use of your information and how you can access and update it.

1. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically when you use the Service, and information we receive from third parties.

1.1 Information you provide

  • Account information. When you sign in via Discord, Google, or Steam, we receive a unique identifier, your display name, profile picture URL, and email address from the identity provider. We never see your provider password.
  • Linked accounts. If you link a Kick account or an Affiliate Site account, we store the username or account ID you provide and use it to look up your activity with that service.
  • Shipping information. When you redeem a physical item, you provide a shipping address. We retain it only as long as needed to fulfill and audit the order, and we may share it with shipping carriers and fulfillment partners.
  • Support communications. If you contact us through Discord, email, or any in-product support channel, we retain the communication for record-keeping and improving our support process.
  • User content. If you submit chat messages, emote submissions, or other content through the Service, we retain that content as described in our Terms.

1.2 Information collected automatically

  • Usage data. Pages visited, features used, timestamps, and similar telemetry needed to operate the Service and improve it.
  • Device and connection data. IP address, user-agent string, browser type, operating system, screen size, and language preferences.
  • Cookies and similar technologies. Small text files stored in your browser, plus local-storage entries used to remember session state, your daily-case cooldown, your wager-tier claims for the current month, and similar preferences. See Section 5 for details.
  • Logs. Server logs of requests for diagnostic and security purposes, including authentication events and error stacks.

1.3 Information from third parties

  • Affiliate Sites. When you link an account at a partner gambling site using one of our affiliate codes, that site shares limited statistical information about your activity with us — typically wager totals, deposit totals, net gaming revenue (NGR), and identifiers such as a user ID or hashed account ID.
  • Identity providers. Discord, Google, and Steam share the identifying fields described in 1.1 each time you sign in or link an account.
  • Anti-fraud and security partners. Where reasonably necessary, we may receive risk signals from anti-fraud and security partners to help detect and prevent abuse of the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service, including leaderboards, daily cases, wager tiers, raffles, and the points shop;
  • Authenticate you and maintain the security of your account;
  • Compute leaderboard standings and prize eligibility based on Affiliate Site data;
  • Fulfill redemptions, including delivering digital codes and shipping physical items;
  • Communicate with you regarding the Service, support requests, policy changes, and security alerts;
  • Detect, investigate, and prevent fraud, abuse, multi-accounting, and other prohibited conduct;
  • Comply with legal obligations, including responding to lawful requests by public authorities;
  • Analyze trends and usage to improve product performance, user experience, and reliability.

3. Legal Bases for Processing (EEA and UK users)

If you are located in the European Economic Area or the United Kingdom, we rely on one or more of the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to provide the Service you have requested (e.g. processing redemptions, awarding Points, running leaderboards);
  • Legitimate interests — to operate and improve the Service, prevent fraud, and ensure security, where those interests are not overridden by your rights;
  • Consent — for optional features (e.g. marketing communications, if and when offered); you may withdraw consent at any time;
  • Legal obligation — to comply with applicable law, including tax-reporting, anti-money-laundering, and lawful information requests.

4. Sharing and Disclosure

We do not sell your personal information. We share information only as described below.

  • Service providers. We share information with vendors who process data on our behalf, including hosting (Supabase / cloud infrastructure), email delivery, analytics, error monitoring, and fulfillment partners. These vendors are contractually required to handle your data only as instructed and to protect it appropriately.
  • Affiliate Sites. When you link your account at an Affiliate Site, we exchange limited identifiers with that site so it can attribute activity to your affiliate code. The Affiliate Site processes your wagering activity under its own privacy policy.
  • Identity providers. Authentication via Discord, Google, or Steam involves exchanging tokens and basic profile fields with those providers under their respective privacy policies.
  • Public surfaces of the Service. Limited information — for example a masked version of your display name, your podium placement, and the prize you won — may appear on public leaderboards, recent-winner widgets, and similar surfaces. We mask display names by default to protect winner privacy.
  • Legal and protective disclosures. We may disclose information if we reasonably believe disclosure is required by law, regulation, legal process, or governmental request; to protect the rights, property, or safety of Framework, our users, or others; or to enforce these Terms.
  • Business transactions. If Framework is involved in a merger, acquisition, financing, sale of assets, or similar transaction, information about you may be transferred as part of that transaction.

5. Cookies and Local Storage

We use cookies and similar technologies to operate the Service and remember your preferences. Specifically:

  • Strictly necessary cookies — sign-in session, CSRF protection, and equivalent functionality essential to the Service.
  • Functional storage — local-storage entries that track your daily case cooldown, your wager-tier claim status for the current month, and your selected leaderboard view. This data does not leave your browser unless you explicitly take an action that sends it to us.
  • Analytics — aggregated usage information collected to help us understand which features are used.

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from signing in or using significant portions of the Service.

6. Data Retention

We retain personal information for as long as needed to provide the Service and for other essential purposes such as complying with legal obligations, enforcing our Terms, resolving disputes, and maintaining the security of the Service. Specifically:

  • Account profile and authentication data: while your account is active, plus a reasonable wind-down period after deletion;
  • Leaderboard entries and snapshots: indefinitely for historical record, masked once a competition concludes;
  • Point ledger entries: indefinitely for audit and dispute purposes;
  • Shipping addresses: 18 months after the last associated order or as required by tax or customs law (whichever is longer);
  • Support communications: 24 months after the last interaction;
  • Server logs: typically 90 days, longer if needed for security investigations.

7. Data Security

We implement reasonable technical and organizational measures designed to protect information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption in transit (TLS), encryption at rest where supported by our infrastructure, role-based access controls, audit logging, and periodic security review. No system can be made completely secure; you use the Service at your own risk.

8. Your Rights and Choices

Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you;
  • Correction — ask us to correct inaccurate or incomplete information;
  • Deletion — ask us to delete your personal information, subject to exceptions for legal, audit, and security retention;
  • Restriction — request that we restrict certain processing;
  • Portability — receive your information in a structured, machine-readable format;
  • Objection — object to certain processing based on legitimate interests;
  • Withdraw consent — where we rely on consent, withdraw it at any time;
  • Lodge a complaint — with your local data protection authority.

To exercise any of these rights, contact us at [email protected]. We may require verification of your identity before fulfilling a request. We will respond within the timeframes required by applicable law.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you specific rights regarding your personal information, including the right to know what information we collect and how we use it, the right to request deletion, the right to correct inaccurate information, the right to opt out of "sale" or "sharing" of personal information (we do not sell your personal information), and the right to limit use of sensitive personal information. To exercise these rights, contact us using the addresses below.

10. International Transfers

We operate globally. Your information may be transferred to, stored, or processed in a country other than the one in which you reside, including countries where data protection laws may differ from those in your jurisdiction. Where we transfer personal information out of the EEA, the UK, or other jurisdictions with cross-border restrictions, we use lawful transfer mechanisms (such as standard contractual clauses or recognized adequacy decisions).

11. Children's Privacy

The Service is not directed to children under the age of 18 (or the higher minimum gambling age in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected information from a child without parental consent, we will delete that information and terminate the associated account. If you believe a child has provided us with personal information, contact us at the address below.

12. Third-Party Services and Links

The Service contains links to third-party websites and integrations with third-party providers (including Affiliate Sites and OAuth providers). This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with information.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated via reasonable means, including in-product notification, email (if you have provided one), or a banner on the Service. Your continued use of the Service after the effective date of a change indicates your acceptance of the revised policy.

14. Contact Us

For privacy questions or to exercise your rights, contact [email protected]. For data-protection-officer correspondence (where applicable), contact [email protected].

See also our Terms of Service for the full agreement governing your use of Framework.

© 2026 Framework. All rights reserved.