Privacy Policy

Last Updated: May 18, 2026

1. Introduction

This Privacy Policy is published by Krazframe, the developer and operator of the Krazframe platform. It covers the following services and applications:

• Krazframe — the website and app at krazframe.com (package: com.krazframe)
• Neon Siege — mobile game (package: com.krazframe.neonsiege)
• Neon Survivor — mobile game (package: com.krazframe.neonsurvivors)
• Polarity War — mobile game (package: com.krazframe.polaritywar)

This Privacy Policy explains how Krazframe collects, uses, discloses, and safeguards your information when you use any of the above services. Please read this policy carefully. By accessing or using any Krazframe service, you agree to the terms outlined in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you create an account, we collect your username, email address (optional), and password (encrypted).
• Profile Information: You may choose to provide additional information such as a bio and profile picture (avatar).
• Content: Any posts, images, comments, or other content you upload or create on Krazframe.
• Communications: If you contact us directly, we may receive additional information such as your name, email address, and message content.

2.2 Information Automatically Collected

• Usage Data: We collect information about how you interact with our platform, including pages visited, posts viewed, and features used.
• Device Information: We may collect information about your device, including IP address, browser type, operating system, and device identifiers.
• Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to enhance your experience and maintain your session.
• Voting and Interaction Data: We track your votes (upvotes/downvotes) and interactions to calculate clout scores and rank content.
• IP Address Logging: Your IP address is recorded when you vote, comment, or register — regardless of whether you are logged in. For anonymous users (not logged into an account), the IP address is the primary identifier used to enforce rate limits and prevent abuse. For registered users, login IPs are stored to detect and prevent multi-account abuse (alt accounts).
• Device Fingerprint: When you log into a registered account, we collect a browser/device fingerprint (a hash derived from your browser's reported properties such as user agent, screen dimensions, and language settings). This fingerprint is stored and used alongside IP address data to detect alt accounts. The raw fingerprint components are stored in our database but are not shared with third parties or used for advertising.
• Approximate Location (from IP): We do not request precise (GPS) location. We do, however, look up an approximate country-level location from your IP address using public IP-to-country range databases. This is used to enforce country-level content restrictions (geofencing), to flag traffic from anonymising VPNs/proxies for abuse prevention, and to display country-of-origin information to admins reviewing reports. The derived country code is stored alongside the request; the underlying IP-to-country database is loaded from our own server, not queried from a third party at request time.

2.3 Uploaded Content and Metadata

When you upload images or other media, the file you upload is stored as-is. We do not automatically strip metadata (EXIF data) from uploaded images. If your photo contains embedded GPS coordinates, camera model, or other metadata, that metadata will be present in the stored file. We recommend removing sensitive metadata before uploading if this is a concern. Uploaded files are publicly accessible via their URLs.

2.4 LLM AutoPoster (Opt-In Feature)

Users who are granted the LLM AutoPoster permission may configure an AI-powered comment bot linked to their account. This feature uses API keys that you provide (e.g., for a third-party AI service). Your API key is stored encrypted in our database. When the autoposter is active, post content from Krazframe is sent to the third-party AI API you configured, and the resulting AI-generated text is posted as a comment on your behalf.

2.5 RSS Auto-Posting and Article Summarization

Users with the RSS Auto-Poster permission can configure their account to automatically create posts from a third-party RSS feed they choose. When this feature is enabled for an account, Krazframe also uses a third-party AI service (Groq, groq.com/privacy-policy) to summarize each fetched article's title and description into a short post body. The data sent to Groq is the public content of the RSS feed item — it does not include Krazframe user accounts, IP addresses, or any other personal information. The summarized text is then posted on Krazframe under the configured account.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Create and manage your account
• Enable content uploads and interactions (posts, comments, votes)
• Calculate and display clout scores and user rankings
• Personalize your experience on the platform
• Communicate with you about updates, features, or support
• Detect, prevent, and address technical issues or abusive behavior
• Enforce our Terms of Service and community guidelines
• Comply with legal obligations

4. Information Sharing and Disclosure

4.1 Public Information

By default, the following information is publicly visible on Krazframe:

• Your username and profile information (bio, avatar)
• Posts, images, and comments you create
• Your clout score and level
• Upload history and galleries

4.2 Service Providers and Third-Party Resources

We do not use third-party analytics services (e.g., Google Analytics) and we do not display third-party advertisements. We do, however, load some publicly available web resources from third-party content delivery networks. When your browser loads a page on Krazframe, it independently makes requests to the following hosts to fetch fonts and JavaScript libraries:

• Google Fonts (fonts.googleapis.com, fonts.gstatic.com) — used to load typefaces on every page. Google receives your IP address, browser User-Agent, and the page you are viewing (Referer) as a normal byproduct of loading these font files. See Google Fonts and privacy.
• unpkg.com (fronted by Cloudflare) — used to load the masonry-layout and imagesloaded JavaScript libraries on pages that display a grid of posts. unpkg / Cloudflare receive your IP, User-Agent, and Referer.
• YouTube (privacy-enhanced mode) — when a post contains a YouTube video, your browser loads the video player from youtube-nocookie.com. Google still receives your IP address and User-Agent in order to deliver the video, but the player does not set advertising/personalization cookies and does not associate the view with your Google account for ad targeting. Thumbnail images for YouTube posts are loaded from img.youtube.com.
• Hosting and infrastructure providers — our web host receives every request to the site as a normal part of serving it.
• cPanel / email hosting — if you have an email account on the platform, your email is stored with our hosting provider's cPanel email service.

We do not transmit your account data to any of the resource-loading hosts above. Their visibility into you is limited to what your browser sends when fetching their public files (IP, User-Agent, Referer).

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

4.4 Business Transfers

If Krazframe is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. You may request deletion of your account at any time. After deletion:

• Your account information and profile will be removed
• Your posts and content may remain visible but will be disassociated from your username (shown as [deleted user])
• Some information may be retained in backups for a limited time
• We may retain certain information as required by law or for legitimate business purposes

6. Cookies and Tracking Technologies

6.1 What We Use

Krazframe uses the following technologies to deliver and improve our service:

Strictly Necessary (No consent required)

• Session Cookies: Maintain your logged-in state (cleared when you close your browser)
• Session Storage: Temporarily store vote states during your browsing session to provide instant feedback when you vote. This is essential for the frictionless social experience that defines Krazframe — without it, you would not see your votes reflected immediately due to server caching. All data is cleared when you close your browser.

Note: The sessionStorage for vote tracking is functionally required to deliver the service you requested (viewing and voting on content). Without this temporary storage, the voting system would not work as intended, breaking a core feature of the platform.

Not Used

We do NOT use:

• Third-party advertising cookies
• Third-party analytics cookies (e.g., Google Analytics)
• Social media tracking pixels
• Persistent cookies for tracking across sessions

6.2 Your Control

All cookies and storage used by Krazframe are strictly necessary for the site to function. You can:

• Clear session data: Close your browser to clear all session cookies and sessionStorage
• Disable cookies: Configure your browser settings, though this will prevent you from logging in
• Private browsing: Use incognito/private mode to prevent any data persistence

6.3 EU Compliance

Krazframe only uses strictly necessary cookies and storage as defined by EU ePrivacy Directive and GDPR Article 6(1)(f). These technologies are essential for delivering the service you explicitly requested:

• Vote feedback: SessionStorage enables instant vote confirmation, a core feature of our frictionless social platform. Server-side caching (used for performance) would otherwise delay feedback by up to 60 seconds, breaking the fundamental user experience.
• User authentication: Session cookies enable you to remain logged in while browsing.

These do not require explicit consent under EU law because the site cannot function without them. We prioritize your privacy by:

• Using session-only storage (cleared when you close your browser)
• Never tracking you across browsing sessions
• Not using any third-party tracking or advertising cookies
• Providing a no-popup, frictionless experience with no cookie consent banners

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct your personal information through your profile settings
• Deletion: Request deletion of your account and associated data
• Data Portability: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from promotional communications (if any)
• Withdraw Consent: Withdraw consent for processing where we rely on consent as the legal basis

To exercise these rights, please contact us at the email address provided below.

8. Children's Privacy

Krazframe is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly.

9. Security

We implement reasonable security measures to protect your information, including:

• Passwords are stored using the bcrypt one-way hashing algorithm. We do not store reversible plaintext copies of your account password in our database.
• All traffic between your browser and Krazframe is served over HTTPS with HSTS enabled.
• Third-party API keys (such as those you provide for the LLM AutoPoster feature) are stored encrypted at rest using AES-256.
• Periodic security review of the code base.
• Limited access to personal information by authorized personnel only.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Third-Party Embeds and Links

Krazframe lets users post links and YouTube videos. When you view a page that contains one of these:

• YouTube videos are embedded using YouTube's privacy-enhanced domain (youtube-nocookie.com). Loading the embed sends your IP address and browser User-Agent to Google so that the video can play, but the player does not set advertising or personalization cookies and does not associate the playback with your Google account for ad targeting.
• External image links (where a post points to an image hosted elsewhere) are loaded directly from that third-party image host. The host receives your IP address and User-Agent.
• Outbound links in posts and comments are opened in your browser like any other web link — clicking them takes you off Krazframe.

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using Krazframe, you consent to the transfer of your information to our facilities and service providers.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

13. European Union (GDPR) Rights

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

14. Mobile Applications

14.0 Krazframe App (com.krazframe.app)

The Krazframe app on Google Play is a thin native wrapper that loads krazframe.com inside a WebView. All data collection, storage, and processing occurs on the Krazframe website and is governed by the sections above (Sections 1–13). The app itself does not contain any native analytics SDKs, advertising libraries, or independent data collection beyond what the website does. When you use the Krazframe app you are using the website — your IP address, session cookies, votes, comments, uploads, and device fingerprint are handled identically to a desktop browser session.

Permissions requested by the Krazframe app:

• Internet: Required to load krazframe.com.
• Storage / Media access (if applicable): Required to allow you to upload photos or files from your device to the site.

No other device permissions are requested or used.

This section also applies to Krazframe's mobile games: Neon Siege, Neon Survivor, and Polarity War (and any future KrazyGames titles), available on Google Play and the Apple App Store.

14.1 Data Collected by Mobile Apps

• Game progress and scores: Local game state, high scores, and virtual currency (Kredits) balances stored on your device or linked to your Krazframe account if you choose to log in.
• Device information: Device model, operating system version, and unique device identifiers as required by the platform (Android/iOS) for app functionality.
• Crash and diagnostic data: If the app crashes, basic diagnostic information may be collected to help identify and fix bugs.

14.2 What Mobile Apps Do NOT Collect

• We do not display or serve third-party advertisements in our mobile games.
• We do not use third-party analytics SDKs (e.g., Firebase Analytics, Flurry) in our mobile apps.
• We do not request or use precise (GPS) location data. We do derive an approximate country-level location from your IP address to enforce regional content restrictions and prevent abuse; this is described in Section 2.2.
• We do not sell any data collected through our mobile apps.

14.3 Optional Account Linking

Our mobile games can be played without a Krazframe account. If you choose to log in with your Krazframe account, your game progress and Kredits balance may sync with your account as described in the main sections of this policy.

14.4 In-App Purchases

Any in-app purchases are processed entirely through Google Play or the Apple App Store. Krazframe does not directly handle or store payment information. Please refer to Google's or Apple's privacy policies for details on how payment data is handled.

14.5 Children

Our mobile games are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 through our mobile apps. If you believe a child has provided personal information, please contact us and we will promptly delete it.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of Krazframe after changes are posted constitutes acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

• Email: privacy@krazframe.com
• Website: krazframe.com