Privacy Policy

Last updated: April 7, 2026

Overview

Frankly is built on a core principle: anonymous respondents stay anonymous. We collect the minimum data necessary to provide the Service, and we never attempt to identify anonymous respondents.

What We Collect

Account holders (post authors)

  • Name and email — provided during registration, used for authentication and notifications
  • Profile image — optional, displayed on replies
  • Posts and replies — content you create on the platform
  • Uploaded files — images and PDFs attached to posts

Anonymous respondents

  • Anonymous token — a random cookie stored in your browser, hashed before storage. Used solely to prevent duplicate votes and to group responses from the same browser session. This token cannot identify you.
  • Response content — the text you submit

We do not collect IP addresses, device fingerprints, or any other identifying information from anonymous respondents.

Automatically collected

  • Usage data — basic analytics like page views may be collected by our hosting provider (Vercel)
  • Cookies — session cookies for authentication, anonymous token cookie for respondent identity

How We Use Your Data

  • Providing the Service — displaying posts, responses, and replies
  • Authentication — verifying your identity when you sign in
  • Notifications — sending email when someone responds to your post or invites you to an organization
  • Preventing abuse — rate limiting and duplicate vote prevention

Anonymity Guarantees

The anonymous token stored in your browser is hashed using SHA-256 before being saved to our database. This means:

  • We can tell that two responses came from the same browser, but we cannot determine whose browser it is
  • Post authors cannot see who submitted a response, even if the response is marked private
  • We do not store any data that could link an anonymous response to a specific person

Data Storage

  • Database — hosted on Neon (PostgreSQL), data stored in the US
  • Files — stored on Vercel Blob Storage
  • Email — transactional emails sent via Resend
  • Authentication — managed by Better Auth with secure session handling

Third-Party Services

We use the following third-party services to operate Frankly:

  • Vercel — hosting, serverless functions, blob storage
  • Neon — PostgreSQL database
  • Resend — transactional email delivery
  • Google — OAuth sign-in (if you choose to sign in with Google)

Each of these services has their own privacy policy. We only share the minimum data required for each service to function.

Data Retention

  • Account data — retained until you delete your account
  • Posts and responses — retained until deleted by the post author or organization
  • Uploaded files — retained while linked to a post; orphaned files are automatically cleaned up within 24 hours
  • Anonymous tokens — cookie expires after 1 year; hashed tokens in the database are retained with their associated responses

Your Rights

You have the right to:

  • Access your account data and posts
  • Update your name, email, and profile image
  • Delete your account and all associated data
  • Export your data upon request

Anonymous responses cannot be edited or deleted by the respondent since we have no way to verify ownership. Post authors can delete individual responses from their posts.

Children

Frankly is not intended for use by anyone under the age of 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.

Contact

Privacy questions? Contact us at privacy@withfrankly.com.