Legal

Privacy Policy

Last updated: May 2026 · GDPR compliant · Controller: Framr, the Netherlands

1. Who We Are

Framr is an AI video generation service operated from the Netherlands. We act as the data controller for personal data collected through this website. Questions? Email privacy@framr.app

2. What We Collect & Why

Email address & transaction details

Collected via Stripe at checkout. We use your email to send your download link, order confirmation, and video-ready notification.

Legal basis Performance of contract (Art. 6(1)(b) GDPR)
Uploaded reference image

Your image is sent to Higgsfield AI (our generation partner) solely to create your video. We do not store your image beyond the processing period. Your image is not used for model training.

Legal basis Performance of contract (Art. 6(1)(b) GDPR)
Payment data

Card details are handled entirely by Stripe and never reach our servers. We retain transaction records (amount, date, Stripe transaction ID) for accounting compliance.

Legal basis Legal obligation — Dutch tax law requires 7-year retention (Art. 6(1)(c) GDPR)
Server logs

Standard server logs (IP address, request timestamps, HTTP status codes) are kept for 30 days for security monitoring and debugging.

Legal basis Legitimate interest — fraud prevention and service security (Art. 6(1)(f) GDPR)

3. Third-Party Processors

We share data with the following processors under data processing agreements:

  • Stripe, Inc. — payment processing · stripe.com/privacy
  • Higgsfield AI — video generation · your image and generation parameters are sent to their API
  • Resend — transactional email · your email address is used to deliver order notifications
  • Vercel, Inc. — cloud hosting and infrastructure

We do not sell your data, use it for advertising, or share it with any other third parties.

4. Your GDPR Rights

As a data subject you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data where there is no overriding legal obligation to retain it
  • Restriction — ask us to pause processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interest

To exercise any right, email privacy@framr.app. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

5. Data Retention

  • Email addresses — retained for 1 year for transactional purposes, then deleted
  • Generated videos — hosted by Higgsfield AI and accessible via your private link for 48 hours
  • Transaction records — retained for 7 years as required by Dutch tax law
  • Server logs — deleted after 30 days

6. Cookies

Framr does not use tracking or advertising cookies. Stripe may set strictly necessary cookies during the checkout process for fraud prevention and session integrity. No consent banner is shown because we do not set non-essential cookies.

7. International Transfers

Stripe and Vercel may process data in the United States. Both companies participate in EU–US Data Privacy Framework mechanisms and maintain Standard Contractual Clauses (SCCs) ensuring adequate protection under GDPR Chapter V.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be announced on this page. Continued use of the service after changes constitutes acceptance.

9. Contact

Privacy questions or data requests: privacy@framr.app