Privacy Policy

• Account Information: Name, email address, password, profile picture
• Organization Information: Organization name, industry, size, address
• Role Information: Your role within the organization (Admin, Member, Viewer)
• Communication Data: When you contact support or provide feedback
• Payment Information: Billing details (processed securely by third-party payment providers)

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, referring URLs, crash reports
• Location Data: General location derived from IP address (not precise GPS)

As part of using the Service, you may upload project information and descriptions, field photos and images, reports and documentation, checklist responses and assessments, and comments and notes.

Important: You are responsible for ensuring you have proper consent to upload any personal information contained in your field photos or documentation.

• Creating and managing your account
• Providing access to projects and features
• Processing and storing uploaded content
• Generating reports and documentation
• Managing organization memberships and roles

• Sending service-related notifications (updates, security alerts)
• Responding to your inquiries and support requests
• Sending newsletters and product updates (with your consent)
• Notifying about changes to terms or policies

• Analyzing usage patterns to improve functionality
• Testing new features during beta
• Conducting research and development
• Generating anonymized analytics

• Detecting and preventing fraud or abuse
• Maintaining audit logs for security
• Complying with legal obligations
• Enforcing our Terms of Service

By using the Service, you consent to the collection and processing of your personal information as described in this Privacy Policy. You may withdraw consent at any time by deleting your account.

Processing is necessary to perform the contract between you and FrameX (providing the Service you requested).

We process data for legitimate business purposes such as security, fraud prevention, and service improvement, provided these do not override your rights.

We may process data to comply with applicable laws and regulations.

Users within your organization can access shared projects, photos, and reports based on their assigned roles. This is essential for the Service's collaborative functionality.

• Cloud Hosting: Cloudflare (Storage) and Supabase (Database and Storage)
• Payment Processing:Polar
• Email Services: For transactional and marketing emails
• Analytics: To understand usage patterns

These providers are bound by confidentiality obligations and data protection requirements.

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights and safety of FrameX and others.

In connection with a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction. You will be notified of any such change.

• Encryption in transit (TLS/SSL)
• Row-level security for multi-tenant data isolation
• Secure authentication with password hashing
• Regular security updates and patches
• Access controls and audit logging

• Employee training on data protection
• Access limited to authorized personnel only
• Regular security assessments
• Incident response procedures

In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals within 72 hours, report to the relevant data protection authority as required, and take immediate steps to contain and remediate the breach.

Data is retained while your account is active and for a reasonable period thereafter.

Upon account deletion, we will remove your profile information, anonymize your contributions to shared projects, retain audit logs as required by law (typically 5 years), and delete backup copies within a reasonable timeframe.

We may retain certain data longer if required by applicable law, tax regulations, or for legitimate business purposes (e.g., dispute resolution).

Required for the Service to function (authentication, security, preferences).