Skip to main content
← Back to home ENES

Privacy Policy for Fraps

Effective Date: July 2, 2026
Last Updated: July 2, 2026

Fraps (“Fraps,” “we,” “us,” or “our”) is operated by Fraps Labs, LLC, a Delaware limited liability company, located at 2810 N Church St Ste 88338, Wilmington, DE 19802, USA.

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal data when you use the Fraps mobile application and related services (collectively, the “Services”). It also explains your privacy rights and how to contact us.

If you have any questions or wish to exercise your privacy rights, you may contact us at support@fraps.app.

1. Who We Are

For purposes of applicable data protection laws, including the General Data Protection Regulation (“GDPR”), the controller responsible for your personal data is:

Fraps Labs, LLC
2810 N Church St Ste 88338, Wilmington, DE 19802, USA
support@fraps.app

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data collected through:

  • the Fraps mobile application;
  • account registration, authentication, and account management;
  • customer support communications;
  • images, maps, places, and other user-generated content submitted through the Services; and
  • backend and infrastructure systems used to operate, secure, and improve the Services.

Fraps is currently a mobile-first service. If we later provide additional web, email, or other service features, we may update this Privacy Policy accordingly.

3. Personal Data We Collect

We collect, and in some cases may collect or process, the following categories of personal data.

3.1 Account and Authentication Data

We may collect:

  • email address;
  • hashed password;
  • profile name;
  • public username or handle;
  • account identifiers;
  • authentication method;
  • Google sign-in data;
  • Apple sign-in data;
  • refresh token records;
  • session identifiers;
  • login history;
  • failed login and security event data; and
  • related authentication metadata.

We collect this data directly from you, from your chosen sign-in provider, or automatically through our authentication and account security systems.

3.2 Device, App, and Network Data

We may collect:

  • device identifier;
  • app version;
  • device and operating system metadata;
  • IP address;
  • user agent or comparable device/session metadata;
  • connection and diagnostic information;
  • push notification token, where you enable push notifications; and
  • security and audit logs.

We may retain certain device identifiers or related records across sessions, and in some cases after logout, where reasonably necessary for security, fraud prevention, session validation, abuse prevention, or device association.

The app does not use advertising SDKs or cookies. It does include Sentry, for crash and error diagnostics, which may process a device-level identifier, and Firebase Cloud Messaging, for delivery of push notification tokens; both are disclosed as sub-processors in Section 6.

3.3 Location Data

We may collect or process:

  • approximate location derived from IP address;
  • precise or near-precise location data derived from your device, subject to your device permissions and settings;
  • place-related coordinates and map-linked geographic data;
  • location data used to support search, autocomplete, routing, map rendering, and related location-based features; and
  • location metadata associated with uploaded content, where present.

Location data may be processed transiently, cached locally on device, transmitted to our backend, associated with places or content, or stored where necessary to provide, secure, maintain, or improve the Services.

Fraps does not collect or store your device’s precise GPS location on our servers. Location features that rely on your device’s position, such as centering the map on your location, run locally on your device. Where place-search suggestions are biased by location, the app sends the map’s current viewable area — not your device’s position — to Google to improve results, and we do not store those coordinates.

3.4 User-Generated Content

We may collect content you create, upload, save, organize, or share through the Services, including:

  • maps;
  • markers;
  • groups;
  • saved places;
  • notes;
  • descriptions;
  • visits;
  • profile information;
  • profile picture;
  • uploaded photos and images;
  • invitations;
  • membership or collaboration data;
  • follows, connections, or similar relationship data; and
  • other content you choose to submit.

3.5 Image and Media Data

Where you upload, capture, select, or submit images or other media through the Services, we may collect and process:

  • image files and media content;
  • file names and object keys;
  • dimensions, format, and content type;
  • hashes and derived identifiers;
  • previews, thumbnails, and display metadata;
  • embedded metadata, including EXIF and geolocation metadata where present; and
  • derived metadata used for processing, rendering, caching, integrity, or duplication control.

3.6 Support and Communications Data

We may collect:

  • messages you send to support;
  • attachments, screenshots, or other materials you provide;
  • correspondence history;
  • related account information needed to investigate or respond to your request; and
  • operational email handling data associated with support communications.

3.7 Transactional and Service Communication Data

If enabled now or in the future, we may collect or process data related to service communications, including:

  • email address;
  • message delivery status;
  • bounce events;
  • complaint events;
  • suppression status;
  • invitation and account-security communication metadata; and
  • limited metadata associated with password reset, login alerts, onboarding, invitations, or other service-related communications.

3.8 Sensitive Data

Fraps does not request or require special categories of personal data, such as data revealing health conditions, religious beliefs, ethnicity, or sexual orientation. Free-text fields and photos you submit may incidentally contain such information if you choose to include it; we ask that you not submit it. Where such information is present, we treat it as user content, and it is deleted in accordance with the retention and deletion rules described in Section 8.

3.9 Public Visibility to Other Users

Certain profile information is visible to any other signed-in user, including your username, display name, bio, whether you have set an avatar, your follower and following counts, and the number of maps you own. There is currently no setting to hide this information. Maps are private by default; a map you make public is visible to any signed-in user, including the identity of each marker’s contributor and the time each marker was added. Image files — including avatars, map cover images, and place photos — are delivered through content-delivery-network (CDN) links that do not require sign-in, so anyone with the link can view the image.

4. How We Use Personal Data

We use, and may use, personal data for the following purposes:

  • to create and manage user accounts;
  • to authenticate users through email and password, Google sign-in, Apple sign-in, or other supported authentication methods;
  • to issue, validate, rotate, revoke, and secure access tokens, refresh tokens, sessions, and device-bound authentication records;
  • to provide the core functionality of Fraps, including maps, markers, places, images, notes, visits, collaboration, and related user content;
  • to provide location-based features, map functionality, place search, autocomplete, distance calculations, and related geographic functionality;
  • to process, store, render, optimize, and deliver uploaded images and media;
  • to maintain account security, detect suspicious activity, prevent fraud, abuse, and unauthorized access, and preserve service integrity;
  • to operate, host, maintain, secure, and improve our systems, infrastructure, storage, and APIs;
  • to troubleshoot issues, monitor performance, conduct diagnostics, and support internal operational analytics or logging;
  • to respond to customer support requests and service inquiries;
  • to review reports submitted by users about content or other users;
  • to send transactional, onboarding, invitation, password-related, security-related, or other service communications, if such features are enabled;
  • to comply with legal obligations, enforce our terms, and protect our rights, users, and Services; and
  • to support future features that are consistent with this Privacy Policy and the nature of the Services.

Fraps does not sell personal data.
Fraps does not use personal data for third-party advertising.
Fraps does not share personal data with data brokers.
Fraps does not use automated decision-making or profiling that produces legal or similarly significant effects concerning you.

Where the GDPR or similar laws apply, we rely on the following legal bases for processing:

5.1 Performance of a Contract

We process personal data where necessary to provide the Services you request, including account creation, authentication, token/session management, location-based map functionality, storage of your content, and delivery of app features.

5.2 Legitimate Interests

We process personal data where necessary for our legitimate interests, including:

  • protecting the security and integrity of the Services;
  • preventing fraud, abuse, unauthorized access, and misuse;
  • validating sessions and device associations;
  • maintaining service reliability and functionality;
  • processing diagnostics, logs, and operational telemetry;
  • troubleshooting and improving system performance; and
  • administering support and operational processes.

Where we rely on legitimate interests, we do so only where those interests are not overridden by your rights and freedoms.

We rely on consent where required by law, including where access to precise location data, camera, photo library, or similar device capabilities depends on your permission under applicable law or platform requirements.

We may process personal data where necessary to comply with applicable laws, regulations, legal process, or enforceable governmental requests.

5.5 Vital Interests

In rare emergency situations, we may process or disclose personal data where necessary to protect the vital interests of you or another person, such as their life or physical safety.

6. How We Share Personal Data

We share personal data only as necessary to operate the Services, comply with legal obligations, or protect rights and safety.

6.1 Service Providers and Infrastructure

Amazon Web Services (AWS)

We use Amazon Web Services (AWS) to provide cloud hosting, database storage, object storage, content delivery, image/media processing, transactional email infrastructure if enabled, and related infrastructure operations. Personal data may be processed in the United States, including through AWS infrastructure in us-east-2, and in other regions used by AWS as necessary to provide its services.

Google

We may use Google services in connection with authentication, maps, places, geolocation-related features, and support functionality, including Google Sign-In, Google Maps, Google Places, and Google Workspace / Gmail for support or operational communications. Google may process account identity data, location-related requests, map or place queries, support communications, and related technical metadata as needed to provide these services. Your use of Google Maps and Google Places features is also subject to Google’s Privacy Policy at https://policies.google.com/privacy.

Apple

We use Apple sign-in and related Apple platform services for authentication and account access.

Cloudflare

We use Cloudflare as a network edge and reverse proxy for our API traffic (including api.fraps.app). As a result, data transmitted between the app and our servers — including IP address and request metadata — transits Cloudflare’s network for routing, delivery, and security, including protection against denial-of-service attacks. See Cloudflare’s Privacy Policy at https://www.cloudflare.com/privacypolicy/.

Firebase Cloud Messaging

Where you enable push notifications, we use Firebase Cloud Messaging (FCM), provided by Google, to deliver push notifications to your device. FCM processes your device push token for this purpose. See Google’s Privacy Policy at https://policies.google.com/privacy.

Error and Crash Reporting (Sentry)

We use Sentry for error monitoring and crash reporting across the application and our backend. Our backend is configured to send only operational diagnostic metadata — such as request path, status code, and error identifiers — and does not send personal data to Sentry. Our application’s crash reporting may include a device-level identifier and diagnostic data, with IP address collection disabled. See Sentry’s Privacy Policy at https://sentry.io/privacy/.

Operational and Incident-Review Tooling

Where you submit a report about content or another user, the details of your report — including the content of the report and identifiers associated with it — may be routed to internal operational and incident-review tooling so that we can review and act on it.

6.2 Other Disclosures

We may also disclose personal data:

  • where required by law, regulation, subpoena, court order, or governmental request;
  • where necessary to protect the security, integrity, or lawful operation of the Services;
  • where necessary to enforce our agreements or protect our rights or the rights of others; or
  • in connection with a merger, acquisition, financing, restructuring, or sale of all or part of our business, subject to appropriate safeguards where required by law.

7. International Data Transfers

Fraps’ primary infrastructure is located in the United States. As a result, your personal data may be processed or stored outside your country of residence, including outside the European Economic Area, the United Kingdom, or Switzerland.

Where required by applicable law, we rely on appropriate safeguards for international data transfers, including Standard Contractual Clauses or other lawful transfer mechanisms made available by our service providers.

8. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Account Data and User Content

We retain account data and user-generated content for as long as your account remains active or as needed to provide the Services.

Account deletion takes effect immediately: when your deletion request is processed, your account and content records are deleted, including your markers on maps you do not own, such as shared or collaborative maps. Residual copies may persist in backups for up to 90 days before being overwritten or removed. Media files, such as your avatar and map cover images, are removed from storage on a best-efforts basis and may take additional time to be fully cleared.

We may retain certain information for longer than described above where necessary to: comply with legal obligations or a legal hold; investigate safety issues or violations of our Terms of Service; or protect our rights, property, or security, or the rights, property, or security of others. Photos you contribute to shared place listings remain part of those listings after your account is deleted, because they are shared, canonical records associated with the place rather than with your account; you may request their removal using the contact information in Section 14.

8.2 Authentication, Device, and Security Records

Refresh token records, session identifiers, login history, device identifiers, security logs, and related authentication records may be retained for as long as reasonably necessary for fraud prevention, abuse detection, account security, session validation, operational integrity, and enforcement of our security measures.

8.3 Support Communications

Support requests and related correspondence may be retained for as long as reasonably necessary for troubleshooting, continuity, recordkeeping, service administration, and abuse prevention.

8.4 Media and Uploaded Content

Uploaded images, derived files, associated metadata, and related storage records may be retained for as long as reasonably necessary to provide the Services, preserve account functionality, maintain system integrity, and operate caching, recovery, or content-processing workflows, subject to deletion requests, lifecycle policies, and legal or operational exceptions.

8.5 Transactional Email and Service Communication Records

If service communication features are enabled, delivery logs, bounce events, complaint events, suppression records, and related operational telemetry may be retained for as long as reasonably necessary to maintain deliverability, support infrastructure reliability, investigate abuse, and comply with legal or operational requirements.

We may retain certain information for longer where necessary to comply with legal obligations, resolve disputes, enforce agreements, preserve evidence, or protect against fraud, abuse, or security threats.

9. Your Rights

Depending on your location and applicable law, you may have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of your personal data;
  • request export or portability of your personal data;
  • object to or request restriction of certain processing; and
  • withdraw consent where processing is based on consent.

You may delete your account directly from the app’s settings. You may also contact us at support@fraps.app to exercise any of these rights, including deletion.

Before fulfilling a request made outside of the app’s self-service tools, we take reasonable steps to verify your identity — for example, by confirming the request through the email address associated with your account, or by matching other account information you provide. If you use an authorized agent to submit a request on your behalf, we may require proof of the agent’s authorization. We may decline requests we are unable to reasonably verify.

Where GDPR applies, we aim to respond within 30 days, subject to any lawful extension permitted by applicable law.

If you are located in the EEA, UK, or another jurisdiction with similar protections, you may also have the right to lodge a complaint with your local data protection or supervisory authority.

If you are located in Argentina, you have the rights provided under Ley N.º 25.326 de Protección de los Datos Personales, which you may exercise using the contact information above. The applicable supervisory authority is the Agencia de Acceso a la Información Pública (AAIP), with whom you may file a complaint.

10. California Privacy Notice

If you are a California resident, you may have rights under applicable California privacy laws, including the right to:

  • know what categories of personal information we collect and disclose;
  • request deletion of your personal information;
  • request correction of inaccurate personal information;
  • access specific pieces of personal information; and
  • not be discriminated against for exercising your privacy rights.

Fraps does not sell personal information and does not share personal information for cross-context behavioral advertising.

California residents may exercise applicable rights by contacting support@fraps.app.

11. Children’s Privacy

Fraps is not directed to children under the age of 13. In jurisdictions where a higher age threshold applies for digital consent, including parts of the European Union, Fraps is not directed to children under 16 without appropriate parental consent.

We do not knowingly collect personal data from children in violation of applicable law, and we do not request age data as part of standard account creation at this time.

If you believe that a child has provided personal data in violation of applicable law, please contact us at support@fraps.app so that we may take appropriate action.

12. Security

We use reasonable technical and organizational measures designed to protect personal data, including access controls, password hashing, token and session management, device-linked session safeguards, infrastructure security controls, secure local storage for sensitive credentials, and other measures appropriate to the nature of the Services.

Personal data is encrypted in transit between the app and our servers using industry-standard TLS (HTTPS), and is encrypted at rest in our databases, file storage, and server infrastructure.

If you are a security researcher and believe you have found a vulnerability, please report it to support@fraps.app; we ask that you give us a reasonable opportunity to investigate and address the issue before disclosing it publicly.

However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will provide at least 14 days’ advance notice before the changes take effect, by appropriate means, which may include:

  • an in-app notice;
  • an email to the address associated with your account, if email communication features are enabled; or
  • another clear notice through the Services.

We may make changes with shorter or no advance notice where required by law, or where necessary to address security, fraud, or abuse-prevention concerns.

The “Effective Date” at the top of this Privacy Policy indicates when the current version took effect.

14. Contact Information

If you have any questions, requests, or complaints regarding this Privacy Policy or our data practices, you may contact:

Fraps Labs, LLC
2810 N Church St Ste 88338, Wilmington, DE 19802, USA
support@fraps.app

For privacy-specific matters and data-rights requests, you may also contact privacy@fraps.app.