Last updated: 3 July 2026
This Privacy Policy explains how Framehood ("Framehood", "we", "us") collects, uses, and protects personal data when you use our website, API, CLI, MCP server, and related services (the "Service"). We aim to collect only what we need to run the Service.
Account data: your email address and authentication identifiers when you sign in (including via Google OAuth).
Content you create: the prompts you send and the images, video, and audio you generate, plus files you upload for processing.
Billing data: subscription and payment information is processed by our payment provider (Stripe). We receive limited billing metadata (plan, status, invoice references) but never your full card number.
Usage and technical data: credit usage, job history, API requests, log data, IP address, and basic device/browser information collected to operate and secure the Service.
To provide, maintain, and improve the Service; to run your generation jobs and deliver results; to manage your account, credits, and billing; to provide support; to detect, prevent, and investigate abuse or security incidents; and to comply with legal obligations.
Where the GDPR applies, we process personal data to perform our contract with you (providing the Service), on the basis of our legitimate interests (securing and improving the Service), to comply with legal obligations, and, where required, with your consent.
We share data with vendors that help us run the Service, including Supabase (authentication and database), Stripe (payments), Cloudflare (hosting, storage, and content delivery), and the third-party model providers that fulfil generation requests. These providers process data on our behalf under contractual safeguards.
We do not sell your personal data. We may disclose data if required by law or to protect our rights, users, or the public.
We retain account, billing, and job data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion of your account and associated content.
We use industry-standard measures — encryption in transit, access controls, and scoped credentials — to protect your data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Depending on your location, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at the address below.
We use essential cookies and similar technologies to keep you signed in and to operate the Service. We do not use advertising cookies.
Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.
The Service is not directed to children under 16, and we do not knowingly collect their personal data.
We may update this Policy from time to time. Material changes will be reflected by updating the date above and, where appropriate, by additional notice.
Questions about this document? Contact us at [email protected].