StoreFramerBack to Home

Privacy Policy

GDPR Compliant

Last updated: December 13, 2025

No Image Storage

Your screenshots are processed in memory and never stored on our servers.

Minimal Data Collection

We only collect data necessary to provide our service.

Data Portability

Request a copy of your data at any time.

Right to Deletion

Delete your account and all associated data.

1. Introduction

StoreFramer ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

StoreFramer is the data controller responsible for your personal data. For any privacy-related inquiries, please contact our Data Protection Officer at: privacy@storeframer.app

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address - For account authentication and communication
  • Name - For personalization (optional)
  • Password - Securely hashed, never stored in plain text
  • OAuth data - If you sign in with Google or Apple

3.2 Usage Data

We automatically collect:

  • IP address - For security and rate limiting (not stored permanently)
  • Browser type and version - For compatibility
  • Pages visited - To improve our service
  • Credit usage - To track your account balance

3.3 Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. We only receive confirmation of successful payments and transaction IDs.

3.4 Uploaded Images

Important: We do NOT store your uploaded screenshots.

Images are processed entirely in memory and immediately discarded after processing. We never retain, analyze, or share your image content.

4. Consent and Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract performance - To provide our services to you
  • Legitimate interests - To improve and secure our services
  • Consent - For marketing communications (opt-in only)
  • Legal obligations - To comply with applicable laws

4.1 Consent Recording

When you create an account, we record your explicit consent to:

  • Terms of Service - Including our no refund policy
  • Privacy Policy - This document, covering data processing
  • End User License Agreement (EULA) - Software usage terms

We record the timestamp of your consent along with your account information. This consent is required to create an account and use our services. You may withdraw consent at any time by deleting your account, though this will terminate your access to the Service.

5. How We Use Your Data

  • Provide and maintain our Service
  • Process your transactions and manage your credits
  • Send transactional emails (account verification, password reset)
  • Respond to your inquiries and support requests
  • Detect and prevent fraud or abuse
  • Improve our Service through analytics
  • Send marketing communications (with your consent)

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Stripe - Payment processing (PCI-DSS compliant)
  • Email providers - Transactional email delivery
  • Authentication providers - Google, Apple (if you use OAuth)
  • Legal authorities - When required by law

All third-party processors are GDPR compliant and bound by data processing agreements.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

Right of Access

Request a copy of your personal data.

Right to Rectification

Request correction of inaccurate data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data.

Right to Restrict Processing

Request limitation of data processing.

Right to Data Portability

Receive your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Right to Withdraw Consent

Withdraw consent for marketing at any time.

To exercise these rights, contact us at privacy@storeframer.app. We will respond within 30 days.

8. Data Retention

  • Account data - Retained until you delete your account
  • Transaction records - Retained for 7 years (legal requirement)
  • Uploaded images - Not retained (processed in memory only)
  • IP addresses - Retained for 24 hours for rate limiting

9. Data Security

We implement appropriate security measures including:

  • HTTPS encryption for all data transmission
  • Bcrypt password hashing with salt
  • Regular security audits
  • Access controls and authentication
  • Secure cloud infrastructure

10. International Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

11. Cookies

We use essential cookies for:

  • Authentication - To keep you logged in
  • Security - CSRF protection tokens
  • Preferences - Your settings

We do not use tracking or advertising cookies.

12. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Supervisory Authority

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL).

15. Contact Us

Data Protection Inquiries

For any questions about this Privacy Policy or to exercise your rights:

privacy@storeframer.app
© 2025 StoreFramer. All rights reserved.
Terms of ServiceEULA