Privacy Policy

Last updated: February 15, 2026

1. Introduction

Frame Inc. ("Frame," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at useframe.co and app.useframe.co (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Full name and display name
  • Email address
  • Organization name and domain
  • Account password (stored securely using industry-standard hashing)
  • Profile settings (language preference, avatar URL)

Usage Data

We automatically collect information about how you use the Service:

  • Prompts created, edited, and deleted
  • AI model selections (Claude, Gemini) and processing results
  • Project and team management activities
  • Marketplace interactions (views, forks, ratings)
  • Feature usage patterns and session duration

Technical Data

We collect technical information including:

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Referring URLs and pages visited

Cookies and Tracking Technologies

We use cookies and similar technologies as described in our Cookie Policy. These help us maintain your session, remember your preferences, and analyze Service usage.

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process your prompts through AI models and deliver structured outputs
  • Manage your account and organization settings
  • Send transactional communications (account verification, password resets, billing notifications)
  • Monitor usage for billing and subscription enforcement
  • Analyze usage patterns to improve features and user experience
  • Detect, prevent, and address security issues and abuse
  • Maintain audit logs for compliance and organizational transparency

4. AI and Prompt Data

When you use Frame's AI transformation features, your prompts are processed as follows:

  • Transmission: Your prompt text is sent to the selected AI provider (Anthropic for Claude, Google for Gemini) via encrypted API connections
  • Processing: The AI provider processes your prompt and returns the structured output, which we store in your account
  • Storage: Your original prompts and generated outputs are stored in our database, associated with your account and project
  • No training: We do not use your prompts or generated content to train AI models. Your data is processed solely to deliver the Service
  • Version history: Previous versions of prompts and outputs are retained to support the version history feature

The AI providers' own data handling practices apply to the processing step. We have data processing agreements with both Anthropic and Google that prohibit them from using your data for model training.

5. Data Sharing and Third Parties

We share your information only in the following circumstances:

  • AI Model Providers: Anthropic (Claude) and Google (Gemini) receive your prompt text for processing. They are contractually bound to process data only as instructed and maintain confidentiality
  • Infrastructure Providers: Cloud hosting, database, and email service providers who help us operate the Service, all bound by data processing agreements
  • Organization Members: Within your organization, other users may see shared projects, prompts, and activity based on their assigned role
  • Marketplace: Content you publish to the public marketplace is visible to all users
  • Legal Requirements: We may disclose information if required by law, court order, or government request

We never sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Secure password hashing using modern algorithms
  • Role-based access control within the application
  • Regular security assessments and vulnerability scanning
  • Employee access restricted on a need-to-know basis

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your data as follows:

  • Active accounts: Data is retained for the duration of your account
  • Deleted accounts: Data is permanently deleted within 30 days of account termination
  • Audit logs: Retained for the period required by your subscription tier and applicable law
  • Billing records: Retained as required by tax and financial regulations
  • Anonymized analytics: Aggregated, non-identifiable data may be retained indefinitely

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Under GDPR (European Economic Area)

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we limit the processing of your data
  • Objection: Object to the processing of your personal data
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

Under CCPA (California)

  • Know: Right to know what personal information is collected and how it is used
  • Delete: Right to request deletion of personal information
  • Non-Discrimination: Right not to be discriminated against for exercising your rights

To exercise any of these rights, contact us at privacy@useframe.co. We will respond within 30 days.

9. International Data Transfers

Frame operates globally, and your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission where applicable.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through the Service.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: