Privacy Policy — ScreenFramed

1. Who we are

ScreenFramed operates the ScreenFramed web app and API at screenframed.com. We act as a data controller for account data and a data processor for the URLs and assets you submit for rendering.

Account data — email address, display name, password hash (if you use email/password), and OAuth identifiers and tokens if you sign in with a third-party provider.
Render history — the URLs and parameters you submit, timestamps, generated image URLs, billing dimensions (credits, bytes), and the source IP that initiated the render.
Payment metadata — plan, invoice IDs, subscription status, and the last four digits and brand of your card. Full card numbers are processed by Stripe and never touch our servers.
Telemetry — basic device, browser, and visitor fingerprint signals used to prevent abuse and measure usage.
Support correspondence — messages you send to us via email or the support form.

Operate the service, render images, deliver them to you; authenticate you and keep your account secure; bill you accurately, prevent fraud, and enforce rate limits; debug, improve, and develop new features; communicate about your account.
We do not sell your personal data, and we do not use your inputs to train generative-AI models for other customers.

We use a small number of cookies and localStorage entries that are strictly necessary to keep you signed in, remember UI preferences, and prevent abuse. We do not load third-party advertising cookies. Analytics is performed in aggregate using Cloudflare Analytics Engine without third-party trackers.

Cloudflare — hosting, edge compute, storage (R2, KV, D1), image delivery, DDoS protection, and analytics.
Stripe — payments, subscriptions, and invoices.
Better Auth providers — when you sign in with Google, GitHub, or another OAuth provider.
Resend — transactional email delivery (verification, receipts, security alerts) where applicable.

Account and billing records are retained for the life of your account plus seven years to satisfy tax and accounting obligations.
Render history and generated images are retained for as long as your account is active so you can re-download them; you may delete individual renders at any time from Dashboard → History.
Server-side logs are retained for up to 90 days. When you delete your account, we delete or anonymize personal data within 30 days, except where retention is required by law.

You may have the right to access, correct, delete, export, object to or restrict processing of your data, and to opt out of the sale or sharing of personal data — note that we do not sell personal data.
To exercise any of these rights, email support@screenframed.com. We will respond within 30 days.

ScreenFramed is operated globally on Cloudflare's edge network. Your data may be processed in countries outside your own, including the United States.

ScreenFramed is not intended for children under 13 (or under 16 in the EEA and UK). We do not knowingly collect data from children.

We may update this Policy from time to time. Material changes will be announced by email or in-product notice at least 14 days before they take effect.