Privacy Policy
Effective date: October 18, 2025
1. Summary
We collect and use information to operate the Reframe platform, generate and manage your creative assets, provide support, improve features, and keep the Service secure. We don’t sell your personal information. We don’t use your private project content to train foundation models unless you explicitly opt-in.
2. Information we collect
Account & contact. Name, email, password hash, organization, role.
Billing. Payment method details (handled by our payment processor), transaction records, tax info.
Usage & device. IP address, device/OS/browser, settings, language, time zone, session IDs, feature usage, cookies, and similar technologies.
Content. Assets you upload (images, fonts, brand files), prompts, generations, mockups, product listings, and related metadata (e.g., template used, seed, size).
Integrations. Data you connect via third parties (e.g., Shopify store info, catalog SKUs, sales channels) subject to your permissions.
Support. Messages, attachments, feedback, and survey responses.
Marketing. Email engagement and campaign attribution if you opt-in.
3. How we use information
Provide the Service. Authenticate you, run generations and mockups, store assets, render videos, and manage team/permissions.
Improve & research. Analyze aggregated, de-identified usage to improve quality, safety, and performance.
Security. Prevent abuse, fraud, and spam; detect harmful content; enforce rate limits and AUP.
Communications. Send transactional emails (e.g., credits, invoices, outages). With your consent, send product tips and updates (opt-out anytime).
Compliance. Meet legal obligations and respond to lawful requests.
4. AI and data use
Model usage. We may use third-party model providers and our own models to process your prompts and assets.
Training defaults. We do not use your private User Content or Outputs to train foundation models by default.
Opt-in fine-tuning. You may opt-in to contribute assets to model improvements or custom fine-tunes for your workspace. You can opt-out later; this won’t affect models already trained.
Content filters. We may automatically scan content for abuse prevention and policy compliance.
5. Legal bases (EEA/UK)
Where GDPR/UK GDPR apply, we process personal data on these bases:
Contractual necessity (to provide the Service);
Legitimate interests (improve and secure the Service, prevent fraud, personalize non-sensitive features);
Consent (marketing emails, cookies beyond essential, training opt-ins);
Legal obligation (tax, accounting, regulatory).
6. Sharing information
We share personal data with:
Processors who help deliver the Service: cloud hosting, storage/CDN, model providers, analytics, error monitoring, logging, email, payments, authentication, customer support.
Integrations you enable (e.g., Shopify, ad platforms).
Authorities when required by law.
Business transfers in connection with a merger, acquisition, or sale of assets (with notice as required).
We do not sell your personal information. We may “share” limited identifiers for targeted advertising only if you have consented; you can opt-out at any time.
7. Cookies & tracking
We use:
Essential cookies for login, security, and core functionality.
Analytics cookies to understand usage and improve features.
Optional marketing cookies with your consent.
Manage preferences in Cookie Settings (link in footer). Your browser may also offer controls (e.g., Do Not Track); we honor applicable legal requirements for such signals.
8. Data retention
We retain personal data for as long as needed to provide the Service and for legitimate business or legal purposes. You can delete assets and projects from the dashboard. We may retain limited logs or invoices as required by law.
9. Security
We implement administrative, technical, and physical safeguards proportionate to the sensitivity of data (e.g., encryption in transit, access controls, least-privilege, audit logging). No method is 100% secure; please use strong passwords and enable any available security features (e.g., MFA).
10. International transfers
If we transfer data internationally, we use lawful mechanisms (e.g., Standard Contractual Clauses, UK IDTA, adequacy decisions). By using the Service, you understand data may be processed in countries with different laws than your own.
11. Your rights
Depending on your location, you may have rights to:
Access your data; rectify inaccuracies; delete data; port data; restrict or object to processing; withdraw consent.
Opt-out of marketing communications and certain tracking.
Appeal decisions related to automated processing where applicable.
To exercise rights, contact support@usereframe.app. We will verify your identity and respond within statutory timelines.
12. CCPA/CPRA (California)
California residents may request to know, delete, or correct personal information, and to opt-out of “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not sell personal information. To opt-out of “sharing,” use Cookie Settings or email support@usereframe.app. We will not discriminate against you for exercising your rights.
13. Children’s privacy
The Service is not intended for children under 13 (or 16 where applicable). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to remove it.
14. Third-party links
Our site may contain links to third-party websites or services. Their privacy practices and content are not controlled by us.
15. Changes to this policy
We may update this Privacy Policy. If changes are material, we’ll notify you (e.g., email or in-app). The “Effective date” reflects the latest version. Continued use means you accept the updated policy.
6. Contact us
For questions about these terms you can react out to support@usereframe.app