# Privacy Policy — Framehood

How Framehood collects, uses and protects personal data across the website, API, CLI and MCP server.

# Privacy Policy

Last updated: 3 July 2026
This Privacy Policy explains how Framehood ("Framehood", "we", "us") collects, uses, and protects personal data when you use our website, API, CLI, MCP server, and related services (the "Service"). We aim to collect only what we need to run the Service.

## 1. Information we collect

Account data: your email address and authentication identifiers when you sign in (including via Google OAuth).
Content you create: the prompts you send and the images, video, and audio you generate, plus files you upload for processing.
Billing data: subscription and payment information is processed by our payment provider (Stripe). We receive limited billing metadata (plan, status, invoice references) but never your full card number.
Usage and technical data: credit usage, job history, API requests, log data, IP address, and basic device/browser information collected to operate and secure the Service.

## 2. How we use your data

To provide, maintain, and improve the Service; to run your generation jobs and deliver results; to manage your account, credits, and billing; to provide support; to detect, prevent, and investigate abuse or security incidents; and to comply with legal obligations.

## 3. Legal bases (EEA/UK)

Where the GDPR applies, we process personal data to perform our contract with you (providing the Service), on the basis of our legitimate interests (securing and improving the Service), to comply with legal obligations, and, where required, with your consent.

## 4. Service providers and sharing

We share data with vendors that help us run the Service, including Supabase (authentication and database), Stripe (payments), Cloudflare (hosting, storage, and content delivery), and the third-party model providers that fulfil generation requests. These providers process data on our behalf under contractual safeguards.
We do not sell your personal data. We may disclose data if required by law or to protect our rights, users, or the public.

## 5. Data retention

We retain account, billing, and job data for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You can request deletion of your account and associated content.

## 6. Security

We use industry-standard measures — encryption in transit, access controls, and scoped credentials — to protect your data. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

## 7. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at the address below.

## 8. Cookies

We use essential cookies and similar technologies to keep you signed in and to operate the Service. We do not use advertising cookies.

## 9. International transfers

Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

## 10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

## 11. Changes to this policy

We may update this Policy from time to time. Material changes will be reflected by updating the date above and, where appropriate, by additional notice.

Questions about this document? Contact us at legal@framehood.ai .
