Privacy Policy

Framebit ("we", "us", or "our") operates the Framebit platform, including the web application and all associated free and premium tools. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using Framebit, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.

1. Data Controller

The data controller responsible for your personal data is:

2. What Data We Collect

Account Information

When you create an account, we collect and store the following via our authentication provider (Supabase):

• Email address
• Display name (if provided)
• Authentication tokens and session data
• Account creation and last sign-in timestamps

Usage Analytics

If you accept analytics cookies, we use PostHog EU Cloud to collect product and website analytics, including:

• Pages visited, referral sources, and features used
• Session duration and interaction patterns
• Browser type, operating system, and screen resolution
• Approximate geographic location (country/region level)

Media Files (Free Browser-Based Tools)

When you use our free tools (video trimmer, converter, compressor, audio extractor, and similar), your video and media files are processed entirely in your browser and are never uploaded to our servers. We have no access to the content of these files.

Media Files (Premium Rendering)

When you use premium rendering features, media assets (videos, images, audio) may be temporarily uploaded and processed via AWS Lambda for server-side rendering. These files are stored temporarily in Cloudflare R2 and are associated with your account.

Error and Crash Reports

We use Sentry to collect error reports when something goes wrong. These reports may include technical information about the error context but do not contain your media files or personal content.

3. How We Use Your Data

We use the data we collect for the following purposes:

• Provide and maintain the service: Authenticate your account, save your projects, and deliver rendering results.
• Improve the platform: Analyze usage patterns to understand which features are most valuable and identify areas for improvement.
• Fix bugs and ensure stability: Use error reports to diagnose and resolve technical issues.
• Communicate with you: Send essential service-related notifications (e.g., account security, policy changes). We do not send marketing emails unless you opt in.
• Legal compliance: Meet our obligations under applicable laws and regulations.

4. Cookies and Tracking

We use a minimal set of cookies and similar technologies:

• Essential cookies: Required for authentication and session management. These cannot be disabled as the service would not function without them.
• Analytics cookies (PostHog): Optional cookies used after consent to collect usage data and improve the platform.

We do not use advertising cookies or share data with advertising networks. You can change your analytics cookie choice at any time on our Cookie Policy.

5. Data Storage

Your data is stored across the following infrastructure:

• Supabase: Account information, authentication data, and project metadata are stored in our Supabase database.
• Cloudflare R2: User-uploaded media files for premium features are stored in Cloudflare R2 object storage.
• AWS Lambda: Premium rendering jobs are processed on AWS infrastructure. Temporary rendering data is deleted after processing is complete.

All data transfers are encrypted in transit using TLS. Data at rest is encrypted according to each provider's security standards.

6. Data Retention and Deletion

• Account data: Retained for as long as your account is active. When you delete your account, all associated personal data is permanently removed within 30 days.
• Media files: Premium rendering outputs and uploaded assets are retained while your account is active. You can delete individual files at any time. Temporary rendering files are automatically purged within 24 hours of job completion.
• Analytics data: Anonymized analytics data is retained for up to 12 months, after which it is aggregated or deleted.
• Error reports: Sentry error data is automatically deleted after 90 days.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

• Right of access: You can request a copy of all personal data we hold about you.
• Right to rectification: You can request correction of any inaccurate or incomplete personal data.
• Right to erasure: You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
• Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
• Right to object: You can object to the processing of your personal data for certain purposes, including direct marketing and profiling.
• Right to restrict processing: You can request that we limit how we use your data while a complaint or request is being resolved.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at contact@framebit.app. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Third-Party Services

We rely on the following third-party services to operate the platform. Each processes data according to their own privacy policies:

• Supabase — Authentication and database services.
• Cloudflare — CDN, R2 object storage, and DDoS protection.
• Amazon Web Services (AWS) — Server-side video rendering via Lambda.
• PostHog EU Cloud — Product analytics, web analytics, and usage tracking.
• Sentry — Error monitoring and crash reporting.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

9. Children's Privacy

Framebit is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at contact@framebit.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or an in-app notification.

We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us: