Privacy Policy
Effective Date: May 1st, 2026
1. Who We Are
Frame is operated by Why Bee? Studios, ("we," "us," "App Owner"). This Privacy Policy explains what personal data we collect when you use the App, how we use it, who we share it with, and what rights you have over it.
2. Data We Collect
Account Data
Your email address, collected at sign-in for authentication.
Photos and Media
Photos you capture and upload are stored securely on our servers. We also generate compressed variants of your photos to optimize loading performance.
Photo Metadata
Photos may contain metadata including capture timestamp and device model. If you have granted location permission, GPS coordinates from your device may also be included. This metadata is stored with your photo and used solely for organizational and display purposes (e.g., day deduplication, timeline ordering). You can revoke location permission in your device settings at any time.
Usage Analytics
We use PostHog to collect anonymized usage events — such as which features are accessed and how often. We explicitly exclude from analytics: photo content, photo URIs, GPS coordinates, EXIF data, email addresses, and any other sensitive fields. Session replay is disabled.
Push Notification Tokens
If you grant notification permission, your device's push token is stored on our servers to deliver reminders you configure.
Subscription Data
Subscription status and plan type are managed via RevenueCat. We receive your subscription state (active plan, renewal status) but do not store payment card details.
3. How We Use Your Data
| Data | Purpose |
|---|---|
| Authentication; transactional emails; marketing (with opt-out) | |
| Photos | Core Service: display, playback, GIF generation, sharing |
| Photo metadata | Timeline organization; day deduplication |
| Location metadata | Stored with photo if provided by device; never used for targeting |
| Analytics events | Understanding feature usage; improving the Service |
| Push tokens | Delivering reminders per your configured schedule |
| Subscription data | Granting and managing Pro access |
4. Marketing Communications
We may send you emails about Frame features, updates, and offers. Every marketing email includes an unsubscribe link. You may also contact us directly to opt out at any time. Push notifications are fully configurable in-app and can be disabled at any time.
5. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with the following service providers, strictly for operating the Service:
| Provider | Role | Data shared |
|---|---|---|
| Supabase | Database and file storage | Photos, account data, metadata |
| PostHog | Product analytics | Anonymized usage events |
| RevenueCat | Subscription management | User ID, subscription state |
| Apple / Google | In-app purchase processing | Transaction data per their own policies |
All providers are contractually bound to protect your data and use it only for the purposes described.
6. Your Content Is Yours
You own your photos. We license them from you solely to provide the Service. We do not use your photos, progress data, or any User Content for advertising, model training, or any commercial purpose without your explicit, affirmative, in-app consent.
7. Data Retention and Deletion
- Account deletion: Your photos are permanently deleted from our storage immediately upon account deletion. Account data is purged within 30 days.
- Analytics events: Retained per PostHog's standard data retention settings.
- Push tokens: Deleted upon account deletion or when notification permission is revoked.
8. Your Rights
Regardless of where you are located, you may:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your data via in-app account deletion or by contacting us
- Object to or restrict certain processing
- Withdraw consent for marketing communications at any time, without affecting prior processing
To exercise any of these rights, contact us at support@the-frame.app. We will respond within 30 days.
9. Security
Your photos are stored in a private, access-controlled storage bucket. All access is gated by authenticated, time-limited signed URLs. All data in transit is encrypted via TLS. We apply industry-standard security practices. In the event of a data breach materially affecting your personal data, we will notify you as required by applicable law.
10. International Data Transfers
We are based in Israel, which the European Commission has recognized as providing an adequate level of data protection. Our infrastructure providers (Supabase, PostHog) may process data in the United States or other jurisdictions. Where required, appropriate safeguards — including standard contractual clauses — are in place.
11. Children
Frame is intended for users 18 and older. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided data to us, contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. Continued use of the App after the effective date of any update constitutes acceptance of the revised Policy.
13. Contact
Why Bee? Studios
support@the-frame.app