Privacy Policy
Design Health is a Framer plugin operated by Domino Effect. This policy explains what we collect when you use the plugin, why we collect it, where it lives, who we share it with, and how to remove it.
We aim to collect as little as possible, and nothing about the visual content of your Framer projects leaves your browser unless it's part of a scan result you're about to view again inside the plugin.
Who we are
Domino Effect is the data controller. Contact: rodrigo@dominoeffect.co.
What we collect
Account
When you sign in, we store the email address and display name that your identity provider returns. If you sign in with Google, that includes your Google account id and avatar URL. If you sign in with a magic link, only your email is stored.
We also record a Framer-assigned account identifier returned by the Framer plugin runtime. We use it to prevent trial-period fraud, specifically, creating multiple Supabase accounts under the same Framer login to re-claim the free trial. When you delete your account, your subscription and scan data is erased immediately, but we retain this anti-fraud identifier for up to 12 months under GDPR Article 6(1)(f), legitimate interest in preventing fraud, after which it is automatically deleted.
Subscription state
If you start a trial or purchase a plan, we store your tier (free, trial, pro), plan cadence (monthly, annual, lifetime), trial start date, renewal date, any payment failure timestamp, and the Polar customer, subscription, and order ids that let us reconcile your account with our merchant of record.
Scan metadata
Each time you run a scan, we record a row containing your user id, a timestamp, the number of nodes scanned, and the number of findings. We use this to enforce the free-tier monthly quota. We do not store the content of the findings here.
Scan results cache
The plugin caches your most recent scan per Framer project, keyed by Framer's opaque project id. This cache contains the finding list, affected layer names, the text content we analyzed, and the color values we measured. We cache it so you can reopen the plugin on a project you've already scanned and see previous findings without running a new scan. Only one row is kept per (user, project); a newer scan overwrites the older one.
What we do not collect
- We do not collect analytics, telemetry, or behavioral tracking inside the plugin.
- We do not set marketing or advertising cookies on the auth site.
- We do not log your access or refresh tokens, and we do not log Polar order receipts.
- We do not read or store the content of Framer projects you have not scanned.
How we use your data
- To sign you in and keep your session alive.
- To show your trial, subscription, and renewal state inside the plugin.
- To enforce free-tier quota limits.
- To recreate the last scan view when you reopen the plugin on a project.
- To respond when you contact support.
Where it lives
Account and scan data is stored in a Supabase project hosted in the United States. Row-level security restricts every user to their own rows. All writes go through our own Supabase Edge Functions, which verify the user's access token on every request.
The auth site is a static page hosted on Cloudflare Pages. The page only reads the device code from the URL, completes your sign-in with Supabase, and forwards the resulting tokens to our Edge Function.
Who we share with
- Supabase: authentication, database, and serverless functions.
- Google: only if you sign in with Google OAuth. Google receives whatever sign-in metadata it always does; we only get your email, name, avatar, and Google account id back.
- Polar: our merchant of record for payments. When you upgrade, Polar collects your payment details directly; we never see your card. Polar returns customer, subscription, and order ids we store against your account.
- Cloudflare: static hosting for the auth site.
We do not sell personal data. We do not share personal data with advertisers.
Retention
Account and subscription rows stay until you delete your account. The scan metadata log stays for the current and previous calendar month so quota enforcement works across month boundaries. The scan results cache keeps exactly one row per (user, project); a newer scan overwrites the older one, and all rows are removed when you delete your account.
The anti-fraud Framer account identifier described above is the sole exception to the "removed on account deletion" rule. It is retained for up to 12 months after deletion and then purged on a scheduled job.
Your rights
You have the right to access, correct, export, and delete your data, and to object to or restrict processing. You can exercise these rights at any time by emailing rodrigo@dominoeffect.co.
If you are in the EEA, UK, or Switzerland, our legal basis is: contract for account and subscription data, and legitimate interest for quota metadata and the scan results cache that makes the product usable. You can complain to your local data protection authority if you believe we've mishandled your data.
If you are in California, you have additional rights under the CCPA including the right to know, delete, and not be discriminated against for exercising those rights. We do not sell personal information.
Deleting your account
Open the plugin, click the account menu, and choose Delete account.
You'll be asked to type DELETE to confirm. Once confirmed, the request calls our
/user-delete Edge Function, which removes your auth.users
row. Every table that references you cascades on delete, so the subscription row,
quota log, and scan results cache are all removed in the same transaction. The data
is unrecoverable after that point.
Changes to this policy
If we change this policy materially, we'll update the "Last updated" date above. If you have a live subscription, we'll notify you by email before the change takes effect.
Contact
Questions or requests: rodrigo@dominoeffect.co.