Privacy Policy

Last updated: June 7, 2026

1. Introduction

Framova Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Framova website, mobile applications, and services (the "Service"). Please read this policy carefully. If you have questions, contact us at privacy@framova.cc.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration

• Name, email address, password
• Phone number (optional)
• Company name (if applicable)
• Billing address and payment information
• Profile information (avatar, bio, website)

Service Usage

• Thumbnails you create, edit, or upload
• Images, text, and assets you input into the Service
• Communications with us (support tickets, emails, chat logs)
• Feedback, reviews, and survey responses
• Any other information you voluntarily provide

Payment Information

• Credit/debit card details (processed securely by Stripe; we do not store full card numbers)
• Billing history and subscription status
• Invoices and transaction records

2.2 Information Collected Automatically

Device and Usage Data

• IP address, browser type, operating system, and device identifiers
• Pages visited, features used, duration of sessions
• Referring URL and pages you navigate to after leaving our Service
• Search queries within the Service
• AI generation requests, model selections, and parameters

Cookies and Tracking Technologies

• Session cookies (authentication, preferences)
• Persistent cookies (remember login, analytics)
• Web beacons and pixels (usage tracking)
• Local storage and similar tracking technologies

See Section 6 (Cookie Policy) for more details.

Crash Reports and Diagnostics

• Error logs, stack traces, and performance metrics
• Feature interaction data to identify bugs and usability issues

2.3 Information from Third Parties

Third-Party Services

• Data from fal.ai, Supabase, Stripe, and other integrated providers
• Authentication data if you log in via Google, GitHub, or other OAuth providers
• Payment processor information (Stripe)

Public Sources

• Information about you available on the internet or public records
• Social media profiles if you link them to your Account

3. How We Use Your Information

3.1 Service Delivery and Operations

• Creating and maintaining your Account
• Processing payments and managing subscriptions
• Providing customer support and responding to inquiries
• Delivering requested features and AI generation
• Storing and retrieving your User Content
• Monitoring and analyzing Service usage

3.2 Improvement and Development

• Identifying bugs, improving performance, and optimizing features
• Conducting analytics and understanding user behavior
• A/B testing new features
• Training AI models and improving AI quality (see Section 3.5)
• Developing new products and services

3.3 Communication

• Sending transactional emails (confirmations, receipts, password resets)
• Notifying you of changes to our Service or these policies
• Responding to your support requests
• Sending marketing emails (with opt-out capability)
• Surveys and feedback requests

3.4 Safety and Legal Compliance

• Detecting, preventing, and addressing fraud, abuse, and security incidents
• Enforcing our Terms of Service and other agreements
• Complying with applicable laws, regulations, and legal process
• Protecting the rights, property, and safety of Framova, users, and the public

3.5 AI Model Training and Improvement

Important: Framova partners with fal.ai for AI generation. When you use AI features:

• Your input text, images, and generation parameters may be sent to fal.ai's servers for processing
• Opt-In vs. Opt-Out: By default, fal.ai may use non-personally-identifiable User Content to improve its models. You may opt out of this at any time in your Account settings under "Privacy & AI Training"
• Fal.ai's privacy practices are governed by their separate Privacy Policy
• User-identified private/sensitive content will not be used for training

4. How We Share Your Information

4.1 Service Providers and Processors

We share data with third-party service providers who process data on our behalf:

• fal.ai: AI model provider (image generation input and output)
• Supabase: Database provider (all account and User Content data)
• Stripe: Payment processor (billing and payment information)
• Vercel: Cloud hosting provider (application and logs)
• SendGrid/Mailgun: Email service provider (communication data)

All service providers are contractually obligated to use data only as necessary to provide services and to maintain confidentiality and security.

4.2 Business Partners and Marketing

With your consent, we may share anonymized or pseudonymized data with:

• Analytics and advertising partners (Google Analytics, Mixpanel)
• Marketing partners for promotional campaigns
• Academic researchers studying AI and creative tools (with your opt-in)

4.3 Legal Requirements and Enforcement

We may disclose your information:

• If required by law, court order, or government request
• To enforce our Terms of Service and other agreements
• To protect against fraud, security threats, or legal liability
• In response to a DMCA notice or intellectual property claim

4.4 Business Transitions

If Framova is acquired, merged, or undergoes bankruptcy:

• User information may be transferred as an asset
• We will provide notice and comply with applicable data protection laws

4.5 Public Sharing (With Your Consent)

With your explicit permission, we may:

• Share your User Content in case studies, testimonials, or marketing materials
• Display your thumbnail creations in a public gallery or portfolio feature
• Showcase your work on social media or our website

You may withdraw this consent at any time.

5. Data Retention

5.1 Account Data

• During Active Account: Indefinitely while your Account is active
• After Deletion: Deleted within 30 days, except where retention is legally required
• Backups: Retained in encrypted backups for up to 90 days for disaster recovery

5.2 User Content (Thumbnails and Creations)

• Owner-Retained: Stored in your Account for as long as needed
• Upon Deletion: Removed from primary storage within 7 days; backup copies purged within 90 days
• AI Generation Logs: Retained for 1 year to provide generation history and analytics

5.3 Usage and Analytics Data

• Raw logs: Retained for 30 days
• Aggregated analytics: Retained indefinitely for product analysis
• Personally identifiable analytics: Anonymized after 12 months

5.4 Legal and Compliance Data

• Billing records: Retained for 7 years (tax and regulatory requirements)
• Support tickets: Retained for 2 years unless deletion is requested
• Data subject requests: Records retained for 3 years for compliance evidence

6. Cookie Policy and Tracking Technologies

6.1 Types of Cookies

Essential Cookies (Required)

• Authentication and session management
• Security and fraud prevention
• Load balancing and service continuity

Functional Cookies (Preference)

• Remembering your settings and preferences
• Storing your language selection
• Saving generation history for quick access

Analytics Cookies (Performance)

• Google Analytics for understanding usage patterns
• Mixpanel for feature adoption and user funnels
• Vercel Analytics for performance monitoring

Marketing Cookies (Targeting)

• Google Ads and Facebook Pixel for conversion tracking
• Advertising networks for retargeting campaigns

6.2 Cookie Consent

• First Visit: You will be prompted to accept cookie categories
• Manage Preferences: You can modify cookie settings in your Account or via our cookie banner
• Opt-Out: Essential cookies cannot be disabled, but you may opt out of analytics and marketing cookies

6.3 Browser Controls

You can control cookies via your browser settings:

• Disable all cookies (may break functionality)
• Delete existing cookies
• Receive notifications when cookies are set

6.4 Do Not Track

Framova respects browser Do Not Track (DNT) signals. If DNT is enabled, we will not use third-party analytics or marketing cookies.

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

If you are in the EU, you have the following rights under the GDPR:

Right to Access

• Request a copy of your personal data in a structured, machine-readable format
• Contact: privacy@framova.cc
• Response time: 30 days

Right to Rectification

• Correct inaccurate or incomplete personal data
• Use your Account settings or contact support

Right to Erasure ("Right to be Forgotten")

• Request deletion of your personal data
• Applies unless we have a legal basis to retain it
• Some data (tax records, legal obligations) may not be deleted

Right to Restrict Processing

• Limit how we use your data temporarily
• Useful if you dispute the accuracy or legitimacy of processing

Right to Data Portability

• Receive your data in a portable format (CSV, JSON)
• Transfer your data to another service

Right to Object

• Opt out of specific processing activities (marketing, analytics, AI training)
• Configure preferences in your Account settings

Right to Lodge a Complaint

• File a complaint with your national data protection authority (DPA)
• Example: GDPR DPA contact: [Your Country's DPA]

7.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the CCPA:

Right to Know

• Know what personal information is collected, used, and shared
• Submit a request: privacy@framova.cc
• Response time: 45 days (may be extended by 45 days)

Right to Delete

• Request deletion of personal information
• Exceptions for legally required data or service-critical data

Right to Opt-Out of Sale/Sharing

• Framova does not "sell" personal information
• We do share data with service providers; this is not considered a sale under CCPA
• You may opt out via our "Do Not Sell My Info" link in the footer

Right to Limit Use of Sensitive Information

• Opt out of using sensitive data beyond what's needed for service delivery
• Manage via your privacy settings

Non-Discrimination

• We do not discriminate against you for exercising privacy rights
• No differences in service quality or pricing

7.3 Other Privacy Laws

LGPD (Brazil)

• Right to access, correct, delete, and data portability
• Contact: privacy@framova.cc

PIPEDA (Canada)

• Right to access and request correction
• Contact: privacy@framova.cc

Other Jurisdictions Framova respects privacy laws in all jurisdictions where we operate. If you have rights under a law not listed above, please contact us.

8. Data Security

8.1 Security Measures

Framova implements industry-standard security controls:

• Encryption in Transit: TLS 1.3 for all data transmitted
• Encryption at Rest: AES-256 for sensitive data stored in Supabase
• Access Controls: Role-based access control (RBAC) and principle of least privilege
• Authentication: Multi-factor authentication (MFA) available
• Auditing: Comprehensive logging of access and modifications
• Vulnerability Management: Regular penetration testing and security audits
• Incident Response: Documented procedures for data breaches

8.2 Your Responsibility

• Keep your password confidential
• Use a strong, unique password
• Enable multi-factor authentication
• Do not share your Account credentials
• Report suspected security breaches immediately

8.3 Data Breach Notification

In the event of a breach that compromises personal data:

• We will notify affected users within 72 hours (or as required by law)
• We will provide details of the breach and recommended actions
• We will cooperate with law enforcement and regulators

9. International Data Transfers

9.1 Transfers to the US and Other Countries

Framova's servers are primarily located in the United States (Supabase US-East-1 region). If you are in the EU, by using Framova, you consent to the transfer of your personal data to the US.

9.2 Legal Basis for Transfers

We rely on:

• Contractual Necessity: Data transfer is necessary to provide the Service
• User Consent: You consent to these Terms and Privacy Policy
• Standard Contractual Clauses (SCCs): We use SCCs in data processing agreements with service providers
• Adequacy Decisions: Where applicable (EU-UK post-Brexit)

9.3 GDPR Compliance

Framova complies with GDPR requirements for international data transfers. Our Data Processing Agreement (DPA) is available upon request.

10. Children's Privacy

Framova is not intended for users under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child:

• We will delete it promptly
• We will notify the parent or guardian
• We may terminate the child's Account

Parents who believe their child has provided information to Framova should contact us immediately at privacy@framova.cc.

11. Third-Party Links and Services

Framova may contain links to third-party websites and integrate with external services (YouTube, Google Analytics, etc.). This Privacy Policy applies only to Framova; we are not responsible for:

• Third-party privacy practices
• Third-party data collection
• Third-party content or services

We encourage you to review third-party privacy policies before sharing information.

12. California Consumer Privacy Act (CCPA) - Specific Disclosures

12.1 Categories of Personal Information Collected

• Identifiers (name, email, IP address, user ID)
• Commercial Information (purchase history, subscription status, billing data)
• Internet or Other Electronic Network Activity (browsing history, feature usage, clicks, session data)
• Geolocation Data (IP-based location inference only; we do not collect precise GPS)
• Sensory Information (none collected)
• Professional/Employment Information (company name, role if provided)
• Education Information (none collected)
• Inferences (AI-derived insights about your preferences, interests, based on usage patterns)

12.2 Sources of Information

• Directly from you (account registration, submissions)
• Automatically during Service use (cookies, analytics)
• From service providers (Stripe, fal.ai, Supabase)
• From public sources (social media, if linked)

12.3 Purposes of Use

See Section 3 (How We Use Your Information).

12.4 Sharing/Disclosure

See Section 4 (How We Share Your Information).

12.5 Retention Periods

See Section 5 (Data Retention).

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or law. We will notify you of material changes via:

• Email notification
• Prominent in-app notice
• Updated "Last updated" date at the top of this page

Continued use of Framova after changes constitute your acceptance of the updated Privacy Policy.

14. Contact Us

For privacy inquiries, requests, or complaints, contact:

Framova Inc.
Email: privacy@framova.cc
Mailing Address: [Your Legal Address]
Website: https://framova.cc

Data Protection Officer (EU Users)
Email: dpo@framova.cc

California Privacy Notice Opt-Out
You may submit a request via our privacy portal or by emailing: privacy@framova.cc

IMPORTANT: This Privacy Policy is a template and must be reviewed by a qualified legal professional before deployment. Privacy laws vary by jurisdiction, and your specific implementation of Framova may require modifications to comply with GDPR, CCPA, LGPD, and other applicable regulations.