Legal
Privacy Policy
Last updated: March 9, 2026
Philippines Data Privacy Act Compliance — This policy complies with Republic Act No. 10173 (Data Privacy Act of 2012) and NPC regulations.
Introduction
FrameX ("we," "us," "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our field documentation platform (the "Service").
We are registered with the National Privacy Commission of the Philippines and comply with the Data Privacy Act of 2012 (Republic Act No. 10173).
Information We Collect
Personal Information You Provide
- Account Information: Name, email address, password, profile picture
- Organization Information: Organization name, industry, size, address
- Role Information: Your role within the organization (Admin, Member, Viewer)
- Communication Data: When you contact support or provide feedback
- Payment Information: Billing details (processed securely by third-party payment providers)
Automatically Collected
- Usage Data: Pages visited, features used, time spent, actions taken
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, referring URLs, crash reports
- Location Data: General location derived from IP address (not precise GPS)
User-Generated Content
As part of using the Service, you may upload project information and descriptions, field photos and images, reports and documentation, checklist responses and assessments, and comments and notes.
Important: You are responsible for ensuring you have proper consent to upload any personal information contained in your field photos or documentation.
How We Use Your Information
Service Delivery
- Creating and managing your account
- Providing access to projects and features
- Processing and storing uploaded content
- Generating reports and documentation
- Managing organization memberships and roles
Communication
- Sending service-related notifications (updates, security alerts)
- Responding to your inquiries and support requests
- Sending newsletters and product updates (with your consent)
- Notifying about changes to terms or policies
Service Improvement
- Analyzing usage patterns to improve functionality
- Testing new features during beta
- Conducting research and development
- Generating anonymized analytics
Security & Compliance
- Detecting and preventing fraud or abuse
- Maintaining audit logs for security
- Complying with legal obligations
- Enforcing our Terms of Service
Legal Basis for Processing
Under the Philippines Data Privacy Act, we process your personal information based on:
Consent
By using the Service, you consent to the collection and processing of your personal information as described in this Privacy Policy. You may withdraw consent at any time by deleting your account.
Contract Performance
Processing is necessary to perform the contract between you and FrameX (providing the Service you requested).
Legitimate Interests
We process data for legitimate business purposes such as security, fraud prevention, and service improvement, provided these do not override your rights.
Legal Obligation
We may process data to comply with Philippine laws and regulations.
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:
Within Your Organization
Users within your organization can access shared projects, photos, and reports based on their assigned roles. This is essential for the Service's collaborative functionality.
Service Providers
- Cloud Hosting: Supabase (database and storage)
- Payment Processing: Stripe or other payment providers
- Email Services: For transactional and marketing emails
- Analytics: To understand usage patterns
These providers are bound by confidentiality obligations and data protection requirements.
Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights and safety of FrameX and others.
Business Transfers
In connection with a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction. You will be notified of any such change.
Data Security
We implement appropriate technical and organizational measures to protect your personal information:
Technical Safeguards
- Encryption in transit (TLS/SSL)
- Row-level security for multi-tenant data isolation
- Secure authentication with password hashing
- Regular security updates and patches
- Access controls and audit logging
Organizational Safeguards
- Employee training on data protection
- Access limited to authorized personnel only
- Regular security assessments
- Incident response procedures
Data Breach Notification
In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals within 72 hours, report to the National Privacy Commission as required, and take immediate steps to contain and remediate the breach.
Data Retention
Active Accounts
Data is retained while your account is active and for a reasonable period thereafter.
Deleted Accounts
Upon account deletion, we will remove your profile information, anonymize your contributions to shared projects, retain audit logs as required by law (typically 5 years), and delete backup copies within a reasonable timeframe.
Legal Requirements
We may retain certain data longer if required by Philippine law, tax regulations, or for legitimate business purposes (e.g., dispute resolution).
Your Data Privacy Rights
Under the Philippines Data Privacy Act, you have the following rights:
Right to Access
Request a copy of your personal data. View most data directly in Service settings.
Right to Rectification
Correct inaccurate or incomplete information through account settings.
Right to Erasure
Request deletion of your account and personal data via settings or support.
Right to Object
Object to processing for direct marketing; opt-out via the unsubscribe link.
Right to Portability
Export your data (projects, photos, reports) in commonly used formats.
Right to Damages
Claim compensation for unlawfully obtained or misused personal data.
Right to Complain
File a complaint with the National Privacy Commission if your rights are violated.
To exercise your rights, email privacy@FrameX.example.com with the subject line "Data Privacy Request." We will respond within 30 days as required by the NPC.
International Data Transfers
Your data may be processed outside the Philippines. Our hosting provider may store data in servers located outside the Philippines, and some third-party providers may operate from other countries.
We ensure appropriate safeguards are in place, including contracts with data protection clauses, providers certified under international standards, and compliance with NPC guidelines on cross-border data transfers.
Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.
Changes to This Privacy Policy
- Updates will be posted on this page with a new "Last Updated" date
- Material changes will be communicated via email or in-app notification
- Continued use after changes constitutes acceptance of the updated policy
Contact Us
For questions, concerns, or requests regarding this Privacy Policy or our data practices:
General Inquiries — support@getFrameX.com
Address — Batangas City, Philippines
National Privacy Commission
If you have unresolved concerns, you may contact the Philippines National Privacy Commission:
Website — privacy.gov.ph
Email — complaints@privacy.gov.ph
Hotline — (02) 8123-3344
This Privacy Policy complies with Republic Act No. 10173 (Data Privacy Act of 2012) and implementing rules and regulations issued by the National Privacy Commission of the Philippines.