FrameOS (“we”, “our”, or “us”) is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights under applicable data protection laws including the General Data Protection Regulation (GDPR). By using FrameOS at https://frameos.kartikdev.me, you agree to the terms of this policy.
1. Information We Collect
We collect the following categories of data:
a) Account Data
When you sign in using Google OAuth (via NextAuth.js), we receive your name, email address, and profile picture from Google. We store this in our database solely to provide account functionality.
b) Usage Data
We collect anonymised usage data such as pages visited, features used, and session duration via Google Analytics 4. This data is used to improve our product. No personally identifiable information is shared with Google Analytics.
c) Payment Data
We do not collect or store any credit card or payment details. All payment processing is handled entirely by Paddle, our Merchant of Record. Paddle handles PCI compliance, billing, and tax on our behalf. Please refer to Paddle’s Privacy Policy for details on how they handle payment data.
d) Technical Data
We may collect IP addresses, browser type, device type, and operating system for security and diagnostic purposes. This data is not linked to your personal identity.
2. How We Use Your Information
- To provide, maintain, and improve the FrameOS service.
- To authenticate your identity and manage your account.
- To process subscription payments via Paddle.
- To send transactional emails (e.g., billing confirmations — via Paddle).
- To analyse product usage and improve user experience (Google Analytics).
- To detect and prevent fraud, abuse, or security incidents.
- To comply with legal obligations.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Payment Processing (Paddle as Merchant of Record)
FrameOS uses Paddle as its Merchant of Record. This means Paddle is responsible for processing payments, handling tax compliance, and issuing invoices on our behalf. When you subscribe to FrameOS Pro, you enter into a transaction with Paddle, not directly with FrameOS. Paddle’s use of your payment information is governed by their own privacy policy available at paddle.com/legal/privacy.
4. Cookies & Analytics
We use the following cookies and tracking technologies:
| Cookie / Service | Purpose | Type |
|---|---|---|
| next-auth.session-token | Maintains your login session | Essential |
| __Secure-next-auth.session-token | Secure session cookie | Essential |
| Google Analytics (GA4) | Anonymised usage analytics | Analytics |
| Paddle | Checkout and fraud prevention | Essential |
Google Analytics is loaded only in production and uses anonymised data. You can opt out via the Google Analytics opt-out browser add-on.
5. Data Retention
- Account data is retained for as long as your account is active.
- Upon account deletion request, we will delete your personal data within 30 days, except where we are required to retain it for legal or tax compliance purposes.
- Anonymised analytics data may be retained indefinitely as it cannot identify you.
- Payment records are retained by Paddle in accordance with their policies and applicable tax law.
6. Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or UK, you have the following rights under GDPR:
- Right of access — request a copy of your personal data.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — request deletion of your personal data.
- Right to restrict processing — request we limit how we use your data.
- Right to data portability — receive your data in a machine-readable format.
- Right to object — object to processing based on legitimate interests.
To exercise any of these rights, email us at sweatandcode@gmail.com. We will respond within 30 days.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted database connections (TLS), secure authentication tokens, and restricted access to production systems. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
8. Third-Party Services
We use the following third-party services:
Google OAuth — Authentication
Google Analytics 4 — Usage analytics
Paddle — Payment processing & billing
Neon — Database hosting
Vercel — Application hosting
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. For significant changes, we will notify registered users via email. Your continued use of FrameOS after changes are posted constitutes acceptance of the updated policy.
10. Contact Information
Legal Owner: Kartik Singh
Product: FrameOS
Website: https://frameos.kartikdev.me
Email: sweatandcode@gmail.com