Privacy Policy

Last updated: May 2026

1. Data Controller

Framiq ("we," "us," "our") is the data controller responsible for the processing of your personal data in connection with the Framiq platform accessible at framiq.ai. Contact our data protection team at: privacy@framiq.ai

2. Data We Collect

  • Account data: Name, email address, hashed password, account creation date, and role
  • Usage data: Generation history (prompts, model used, parameters, output URLs), credit balance, transaction history, feature usage patterns
  • Technical data: IP address, browser type and version, operating system, device identifiers, session tokens, and cookies
  • Payment data: Billing information processed exclusively by our payment processor (Stripe). We do not store or have access to your full card number, CVV, or banking credentials
  • Communications: Support requests and messages you send us
  • Third-party authentication: If you sign in via Google, GitHub, or Apple, we receive basic profile data (name, email, profile picture) as permitted by those services

3. How We Use Your Data

  • Delivering and operating the Service (account management, generation processing, credit management)
  • Processing payments and issuing invoices
  • Sending transactional emails (account confirmation, billing receipts, service notifications)
  • Detecting, investigating, and preventing fraud, abuse, and violations of our Terms of Service
  • Improving and developing the Service through aggregated, anonymized usage analytics
  • Complying with legal and regulatory obligations
  • Responding to your support requests

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your generated content, prompts, or outputs to train AI models.

4. Data Transmitted to Third-Party AI Providers

To process your generation requests, your prompts, uploaded images, and selected parameters are transmitted to the applicable third-party AI Model provider's API (e.g., ByteDance for Seedance, Google for Veo, etc.). This transmission is necessary to perform the Service. We select providers based on their data processing commitments, but we cannot control how each provider handles data on their infrastructure. By using the Service, you acknowledge and accept this data flow.

We recommend reviewing the privacy policies of the applicable AI Model providers if you have concerns about specific data handling practices.

5. Legal Basis for Processing (GDPR)

  • Contract performance (Art. 6(1)(b)): Account creation, delivering the Service, processing payments, managing credits
  • Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, service improvement, abuse detection
  • Legal obligation (Art. 6(1)(c)): Tax records, accounting requirements, responses to lawful requests from authorities
  • Consent (Art. 6(1)(a)): Optional marketing communications (you may withdraw at any time)

6. Data Retention

  • Account data: Retained for the duration of your account, and up to 3 years after account deletion or closure
  • Generation history: Retained as long as your account is active; you may delete individual generations from your account
  • Payment records: Retained for 10 years as required by French accounting law
  • Support communications: Retained for 3 years from the date of last communication
  • Technical logs: Retained for 12 months

7. Third-Party Processors

  • Cloudflare R2: Secure media storage for generated outputs
  • Turso / LibSQL: Database hosting
  • Stripe: Payment processing (PCI-DSS compliant)
  • AI Model providers: ByteDance (Seedance), Google DeepMind (Veo), Kuaishou (Kling), Runway, Black Forest Labs (Flux), and others — prompts and inputs are transmitted to process your generation requests
  • Authentication providers: Google, GitHub, and Apple (if you use social login)

All processors are required to process your data only on Framiq's instructions and in compliance with applicable data protection laws.

8. International Transfers

Some of our processors operate outside the European Economic Area (EEA). Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms.

9. Your Rights (GDPR)

As a data subject under the GDPR, you have the following rights:

  • Right of access: Obtain a copy of the personal data we hold about you
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restriction: Limit the processing of your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint: File a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés, France) at cnil.fr

To exercise any of these rights, contact us at: privacy@framiq.ai. We will respond within 30 days.

10. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Preference cookies: Remember your settings (language, theme). These can be cleared via your browser.

We do not use advertising cookies, behavioral tracking pixels, or third-party analytics trackers that share data with advertising networks.

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), hashed password storage, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will delete it promptly. If you believe a minor has created an account, please contact us at privacy@framiq.ai.

13. Changes to this Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or via a prominent notice on the platform at least 14 days before the changes take effect. The date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

14. Contact

Data protection inquiries: privacy@framiq.ai

General support: support@framiq.ai