Privacy Policy

Future is built on a foundational principle: your data is yours. Unlike traditional AI platforms that treat user data as a silent resource, we give you complete visibility into what data we collect, how it is used, and the ability to export or delete it at any time. This is not merely a legal obligation — it is our core product promise.

We do not sell your data. We do not run advertising. We do not build behavioral profiles for third parties. All data we collect is used solely to operate and improve the Future platform for your benefit and the benefit of the shared model.

The data controller for personal data processed through this platform is Future AI ("Future", "we", "us"). For privacy-related inquiries, contact our Data Protection Officer at support@futurecore-ai.com.

We collect the following categories of data:

• —Account information — email address, username, and authentication credentials
• —Profile data — avatar selection, learning preferences set during onboarding
• —Usage data — prompts, AI responses, corrections, thumbs-up/thumbs-down feedback
• —Coin transaction history — amounts earned and spent, features unlocked
• —Interaction metadata — timestamps, session length, feature usage patterns
• —Device information — browser type, operating system, IP address (for security only)
• —Local storage — authentication tokens, UI preferences (see Cookie Policy for full list)

We process your personal data on the following legal grounds under the GDPR and applicable data protection law:

• —Contract performance — to operate your account, authenticate you, and deliver the platform services you requested
• —Legitimate interests — to improve the AI model using aggregated interaction patterns, and to protect against fraud and abuse
• —Consent — for training data usage (your interactions improving the AI model); you can withdraw this consent at any time
• —Legal obligation — to comply with applicable law, court orders, or regulatory requirements

Your data is used to:

• —Authenticate you and maintain your secure session on the platform
• —Process and respond to your AI queries through our model infrastructure
• —Calculate and credit your Gold Coin earnings based on verified usage
• —Personalize your experience and restore your UI preferences
• —Improve the Future AI model using your feedback and interactions (with consent)
• —Communicate with you about your account, security events, and platform updates
• —Detect and prevent fraud, abuse, and unauthorized access
• —Comply with applicable legal obligations

When you use Future, your interactions — including prompts, AI responses, and any corrections or feedback you provide — are used as training data to improve the Future AI model. This is the core value exchange: your feedback makes the model smarter, and you earn Gold Coins in return.

You can opt out of training data usage at any time via Settings → Privacy & Data. Note that opting out will disable Gold Coin earning, as coins are tied to verified contribution to the model.

Training data is processed in aggregate and is not used to build individual behavioral profiles for advertising or sold to any third party.

We do not sell your personal data. We do not share it with advertising networks. We may share data only in the following limited circumstances:

• —Infrastructure providers — Supabase (database, authentication, edge functions) under a strict data processing agreement. All data remains within Supabase's GDPR-compliant infrastructure.
• —AI model infrastructure — Server-side AI inference and web search APIs process your prompts to generate responses. These are server-to-server calls; your data is not exposed to any advertising systems.
• —Analytics — Microsoft Clarity receives anonymised session recording data (scroll depth, clicks, heatmaps) only when you have given analytics consent. Input masking is enabled; no name, email, or passwords are ever transmitted. You can withdraw consent at any time via Cookie Settings.
• —Law enforcement or regulators — only when required by applicable law, a court order, or to protect the safety of users or third parties.

No advertising networks, data brokers, or undisclosed third parties receive any data from this platform.

The following third-party services are used by the platform and may process your data:

• —Supabase (supabase.co) — database, authentication, and serverless edge functions. GDPR-compliant, EU data residency available.
• —AI inference provider — server-side AI response generation. Your prompts are sent server-to-server and are never stored for advertising or profiling purposes.
• —Web search provider — server-side web search feature. Used only when you explicitly trigger web search for a specific query.
• —Microsoft Clarity (clarity.ms) — session recording, click heatmaps, and scroll analysis for usability improvement. Loaded only after analytics consent is granted. Automatic input masking enabled. No advertising data collected. Governed by Microsoft's Privacy Statement.
• —Google Fonts (fonts.googleapis.com) — loads the Geist Mono typeface from Google's CDN. No tracking cookie is set, but Google may log your IP address per their Privacy Policy.
• —Cloudflare CDN (cdnjs.cloudflare.com) — serves the Remix Icon icon library. Static asset delivery only, no tracking.

We retain your account data for as long as your account is active. If you delete your account, your personal data is removed from active systems within 30 days, subject to the following:

• —Anonymized interaction data used for model training may be retained for up to 3 years in an irreversibly anonymized form that cannot be linked back to you
• —Financial transaction records (coin purchases) may be retained for up to 7 years to comply with applicable accounting and tax obligations
• —Security logs (authentication events, anomaly detection) are retained for up to 12 months

Depending on your jurisdiction (including GDPR for EU/EEA residents and CCPA for California residents), you have the following rights:

• —Access — request a full export of all personal data we hold about you
• —Rectification — correct inaccurate personal information in your account
• —Erasure — request deletion of your account and associated personal data
• —Portability — receive your data in a structured, machine-readable JSON format
• —Restriction — request that we limit processing of your data in certain circumstances
• —Objection — object to processing based on legitimate interests
• —Opt-out of training — withdraw consent for your interactions being used as training data at any time (Settings → Privacy & Data)
• —Non-discrimination (CCPA) — we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, use the self-service tools in your account settings or contact us at support@futurecore-ai.com. We will respond within 30 days.

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, and Supabase Row Level Security policies that ensure each user can only access their own data. Two-factor authentication is available and strongly recommended.

No system is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by applicable law.

We use a minimal set of browser storage entries to keep you signed in and remember your preferences. Optional analytics cookies (Microsoft Clarity) are only activated after you have given explicit consent via the Cookie Settings panel. We have no advertising cookies and no data selling. See our Cookie Policy for a complete, accurate list of every storage entry used.

The Service is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. Users between 13 and 18 must have parental or guardian consent. If you believe a child has provided us with personal data without consent, contact us at support@futurecore-ai.com.

Your data may be processed in countries outside your own. Where we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

We may update this Privacy Policy periodically. We will notify you of material changes via in-app notification and email at least 14 days before they take effect. The date at the top of this page reflects the most recent revision.

For privacy-related requests, data subject rights exercises, or questions about this policy, contact our Data Protection Officer at support@futurecore-ai.com.

If you are an EU/EEA resident and believe we are not handling your data lawfully, you have the right to lodge a complaint with your local supervisory authority.