Legal

Privacy Policy

Last updated: May 21, 2026

Framd is built by photographers who take trust seriously. Here's exactly what we collect, why, and how we protect it.

Introduction

Framd, Inc. (“Framd,” “we,” “us,” or “our”) operates framd.io and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform — whether as a photographer listing your services or a client booking a session.

By using Framd, you agree to the practices described in this policy. If you do not agree, please do not use our services.

What Information We Collect

Account Information

When you create a Framd account we collect your name, email address, password (stored as a secure hash), and the type of account you create (client or photographer). Photographers additionally provide a bio, location, specialties, session rates, and profile photos.

Photos and Videos

Photographers upload images and videos to galleries, their portfolio, and the Framd feed. These files are stored on Cloudflare R2 and processed solely to deliver them to your intended audience. We do not use your creative work for training AI models.

Client Gallery Interactions

When clients interact with a delivered gallery — marking favorites, leaving comments, or selecting photos for download — we record those interactions so photographers can act on client selections. This data belongs to you and your photographer relationship.

Payment Information

Framd collects payment information solely for photographer subscription billing, which is handled by Stripe. We never store your full card number, CVV, or bank account details — only the Stripe customer ID and subscription status needed to manage your account. Framd does not process, collect, or hold payments between photographers and their clients; those transactions happen directly between the parties. Photographers who optionally connect a Stripe account through Framd do so under Stripe's own terms; Framd facilitates only the technical connection and does not access those funds.

Usage Data

We collect standard web analytics: pages visited, time spent, referring URLs, browser type, and device type. This data is aggregated and used only to improve the platform. We do not sell this data or use it to build advertising profiles.

Communications

Messages sent through the Framd platform (booking inquiries, contract discussions) are stored to provide the service and display message history. Email addresses are used to send transactional messages via SendGrid. Phone numbers provided during booking are used for SMS confirmations via Twilio.

How We Use Your Information

  • Provide the service. Operate your account, deliver galleries, process bookings, manage subscriptions, and facilitate contracts and invoices.
  • Communicate with you. Send booking confirmations, gallery delivery notifications, payment receipts, and — only with your consent — platform updates and feature announcements.
  • Improve the platform. Analyze usage patterns to prioritize features, fix bugs, and improve performance. We never use your photos or creative work for this purpose.
  • Process subscription payments. Create and manage Stripe customer and subscription records for photographer plan billing. Framd does not process payments between photographers and clients.
  • Enforce our policies. Detect fraud, investigate abuse reports, and enforce our Terms of Service and community vetting standards.

How We Share Your Information

With photographers you work with

When you book a photographer, your name, contact details, and booking information are shared with that photographer so they can fulfill the session. Photographers are responsible for handling client data they receive in compliance with applicable law.

With clients you serve (photographers)

Your public photographer profile — portfolio, bio, rates, and availability — is visible to anyone on the platform. Booking requests connect you with specific clients.

Service providers

We share data with trusted third parties that help us operate Framd. Each is bound by a data processing agreement and may only use your data to provide services to us:

  • Cloudflare R2File storage for photos, videos, and galleries
  • SupabaseDatabase and authentication infrastructure
  • StripeSubscription billing for photographer plans; optional Stripe Connect for photographer-direct payment links
  • SendGridTransactional email delivery
  • TwilioSMS notifications for bookings
  • Google MapsLocation lookup for photographer matching

Legal requirements

We may disclose your information if required by law, court order, or government authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Framd, our users, or others.

We never sell your personal data. Full stop.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Here is how that works in practice:

  • Active subscribers. All data — galleries, bookings, contracts, messages — is retained in full.
  • After cancellation. You receive a 90-day grace period with full access. After that, your galleries enter a Paused state (not deleted). Client gallery links display a contact message pointing back to you.
  • Right to deletion. You may request complete deletion of your account and data at any time by emailing support@framd.io. We will complete deletion within 30 days, except where retention is required by law (e.g., financial records).

Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of them, email support@framd.io.

Access

Request a copy of the personal data we hold about you.

Correction

Ask us to correct inaccurate or incomplete information.

Deletion

Request that we delete your account and associated personal data.

Portability

Receive your data in a structured, machine-readable format.

Opt-out of marketing

Unsubscribe from non-transactional communications at any time via the unsubscribe link in any email or by contacting us.

Restriction

Request that we restrict processing of your data in certain circumstances.

Cookies and Tracking

Framd uses cookies and similar technologies to operate and improve the platform:

  • Authentication cookies. Set by Supabase to maintain your login session. These are strictly necessary and cannot be disabled without logging you out.
  • Preference cookies. Store your active role (client vs. photographer), theme, and other UI preferences.
  • Analytics. We may use privacy-respecting analytics tools that do not fingerprint individual users or share data with advertising networks.

You can control cookies through your browser settings. Disabling cookies may limit some platform functionality.

Children's Privacy

Framd is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. By creating an account, you represent that you are at least 18 years old.

If we learn that we have collected personal information from a minor without verifiable parental consent, we will delete that information promptly. If you believe a minor has provided us with personal data, please contact us at support@framd.io.

Framd complies with the Children's Online Privacy Protection Act (COPPA) and does not direct any part of our service to children under 13.

Security

We take security seriously and implement industry-standard measures to protect your data:

  • All data transmitted between your browser and Framd is encrypted via TLS/HTTPS.
  • Passwords are never stored in plain text — they are hashed using bcrypt via Supabase Auth.
  • Database access is protected by row-level security (RLS) policies in Supabase.
  • Cloudflare R2 storage uses server-side encryption at rest.
  • API keys and service credentials are stored as environment variables, never in code.
  • Payment data never touches our servers — handled entirely by Stripe's PCI-compliant infrastructure.

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to support@framd.io before disclosing it publicly.

International Users

Framd is operated in the United States. If you access Framd from outside the U.S., your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from your country.

By using Framd, you consent to the transfer of your information to the United States. Where required by law (such as for users in the European Economic Area), we rely on appropriate transfer mechanisms including standard contractual clauses.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the “Last updated” date at the top of this page. Continued use of Framd after changes take effect constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

Questions, requests, or concerns about this Privacy Policy or how we handle your data? We're a small team and we actually respond.

Framd Privacy

support@framd.io

For data deletion requests, data export requests, or any privacy concern, email us and we will respond within 5 business days.

Also read our Terms of Service

Framd, Inc. · support@framd.io