Privacy policy

Frameboard Limited ("Frameboard", "we", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and the rights you have over it. We comply with the UK GDPR and the Data Protection Act 2018.

1. Who we are

Frameboard Limited is a company registered in England and Wales, company number 17154107. You can contact us about any privacy matter at privacy@myframeboard.app.

2. What we collect

Account data

• Name and email address (required to create an account)
• Company name, role and team size (optional, for personalisation)
• Authentication credentials (passwords are hashed; we never store them in clear text)

Product data

• Proposals, briefs, catalogue items and project content you create or upload
• Client contact details you add to proposals (you are the data controller for these)
• Usage telemetry - page views, feature usage, error logs - for product improvement

Billing data

• Billing name, address and VAT status
• Payment card data is processed by Stripe and never stored on our servers

3. How we use your data

• To provide and operate the Frameboard service
• To process payments and manage your subscription
• To send transactional email (approvals, receipts, password resets)
• To send product update email (you can opt out at any time)
• To detect fraud, abuse and security incidents
• To comply with legal obligations

4. AI processing

Frameboard uses third-party large language models (currently Anthropic Claude) to generate proposal copy from briefs you submit. Your briefs are sent to the model provider under a zero-retention API agreement. We do not permit your content to be used for model training.

5. Who we share data with

• Stripe - payment processing
• Netlify - hosting and functions
• Airtable - primary data store
• Resend - transactional email delivery
• Anthropic - AI inference for proposal generation

We never sell your data. We only share it with the sub-processors listed above, each under a data processing agreement.

6. Data retention

Account and product data is retained for the lifetime of your account plus 90 days. If you delete your account, we permanently delete your personal data within 90 days, except where we must retain records for legal or accounting reasons (typically 6 years for invoices).

7. Your rights

Under UK GDPR you have the right to access, correct, delete, port or restrict processing of your personal data. To exercise any of these rights, email privacy@myframeboard.app. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use a small number of first-party cookies for authentication and session management. We do not use advertising or cross-site tracking cookies.

9. International transfers

Some of our sub-processors are based outside the UK. All transfers are protected by Standard Contractual Clauses or equivalent safeguards.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email. The "Last updated" date at the top of this page reflects the latest version.