Framework

Privacy Policy

1. Introduction

Welcome to Framework, a cloud-based brand management Software-as-a-Service ("Platform") provided by Growth Alliance LLC, a Wyoming limited liability company ("Growth Alliance", "we", "us", "our").

We are committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we Process Personal Data of individuals ("You") who use the Platform, visit our websites, or interact with us in other ways.

This policy should be read in conjunction with our Terms of Service. By using the Platform, you agree to the collection and use of information in accordance with this policy.

2. Definitions

For the purpose of this Privacy Policy, the following definitions apply:

"Personal Data", "Data Subject", "Processor", "Controller", and "Processing" shall have the meaning given to them by the EU General Data Protection Regulation (GDPR).

Additional terms shall have the meaning provided in this Privacy Policy or our Terms of Service.

3. What is our role in processing your data?

It is important to understand our role regarding your data.

Growth Alliance as a Processor: When you upload your content (logos, images, text, etc., known as "Client Materials") to our Platform, you are the Controller of that data. We act as a Processor, handling that data on your behalf and according to your instructions to provide the Service.

Growth Alliance as a Controller: For other types of data, such as your account information, billing details, and data about how you use our Platform, we are the Controller. We determine the purposes and means of processing this data to manage our service and business.

4. What information do we collect and how do we use it?

This section details the different processing activities we perform.

a) Personal Information You Disclose to Us (We act as Controller)

We collect personal information that you voluntarily provide to us when you register on the Platform, express an interest in obtaining information about us, or when you contact us.

Information Collected:

  • Account Data: Name, email address, organisation name, password.
  • Billing Data: Payment card details and billing address (processed by our third-party payment processor, Stripe).
  • Communication Data: Information you provide when you contact us for support or other inquiries.

How We Use It:

  • To create and manage your account.
  • To process your payments.
  • To respond to your inquiries and provide customer support.
  • To send you administrative information, such as updates to our terms and policies.
  • To send you marketing and promotional communications (you can opt-out at any time).

Legal Basis (for GDPR): Contractual necessity, Legitimate interests, Consent (for marketing).

b) Client Materials You Upload (We act as Processor)

You may upload various materials to the Platform, including logos, images, brand guidelines, text, and other content ("Client Materials"). This content may contain Personal Data (e.g., images of people, names).

How We Use It:

  • Solely to provide you with the Platform's services, such as generating branded content.
  • We do not use your Client Materials for any other purpose, including training our own AI models.

Your Role: As the Controller of Client Materials, you are responsible for ensuring you have all necessary rights and consents to upload and process this data.

c) Information Collected Automatically (We act as Controller)

We automatically collect certain information when you visit, use, or navigate the Platform. This information does not reveal your specific identity but may include device and usage information.

Information Collected:

  • Log and Usage Data: IP address, browser type, operating system, access times, pages viewed, and how you interact with the Platform.
  • Device Data: Information about your device, such as your device type and operating system.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information. See our Cookie Policy (Section 6) for more details.

How We Use It:

  • To maintain the security and operation of our Platform.
  • To analyse usage trends and improve our services.
  • For internal analytics and reporting.

Legal Basis (for GDPR): Legitimate interests.

5. Use of Third-Party AI Services

To provide the AI-powered features of our Platform, we use third-party AI services, including OpenAI.

How Data is Processed:

  • When you use an AI feature (e.g., generating content or captions), we send the necessary text prompt to the third-party AI provider to generate the output.
  • We are configured to use OpenAI's "Zero Data Retention" API, which means OpenAI does not store or use your prompts or outputs to train their models.

Your Control:

  • You control what information is included in your prompts.
  • You are responsible for not including sensitive personal data in prompts unless necessary for the service.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information.

Types of Cookies We Use:

  • Strictly Necessary Cookies: Essential for the Platform to function (e.g., keeping you logged in). These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our Platform. We use services like Vercel Analytics. You can opt-out of these.

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect Platform functionality.

7. How do we share your information?

We may share your information in the following situations:

  • Service Providers: We share data with third-party vendors who perform services on our behalf (e.g., payment processing with Stripe, hosting with Vercel, AI services with OpenAI). These providers are bound by contract to protect your data.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred.
  • Legal Obligations: We may disclose your data if required by law or in response to a valid legal process.
  • With Your Consent: We may share your data for other purposes if you have given us explicit consent.

We do not sell your personal information.

8. International Data Transfers

Our servers and service providers are located in the United States. If you are accessing our Platform from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.

For users in the European Economic Area (EEA) or UK, we will ensure that any transfer of your personal data is done in compliance with applicable data protection laws, using mechanisms such as Standard Contractual Clauses (SCCs).

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

  • Account Data: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes.
  • Client Materials: Retained for the duration of your subscription. Upon termination, your Client Materials will be deleted in accordance with our Terms of Service (typically within 30 days, unless a longer period is required by law).
  • Usage Data: Typically retained in an aggregated, anonymised form for analytical purposes.

10. Data Security

We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. These include encryption in transit (TLS) and at rest, secure access controls, and regular security reviews.

However, no electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Platform at your own risk.

11. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data.

a) For Users in the EEA and UK (GDPR Rights)

You have the right to:

  • Access: Request access to your personal data.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Restriction: Request restriction of processing.
  • Portability: Request a copy of your data in a portable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time where we relied on consent.

You also have the right to lodge a complaint with your local data protection authority.

b) For Users in California (CCPA Rights)

You have the right to:

  • Know what personal information is collected.
  • Know if your personal information is sold or disclosed and to whom.
  • Say no to the sale of personal information (Note: We do not sell personal information).
  • Request deletion of your personal information.
  • Not be discriminated against for exercising your privacy rights.

c) For All Users

You can access and update most of your account information directly through your account settings. For other requests, please contact us using the details below.

12. Children's Privacy

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date. We encourage you to review this policy periodically. We will notify you of any material changes by posting the new policy on this page and, where appropriate, by email.

14. Contact Us

If you have questions or comments about this policy, or wish to exercise your privacy rights, you may contact us at:

Growth Alliance LLC
Email: privacy@getframework.app

Last updated: December 2024