Legal

Data Usage Statement

Last updated: 14 May 2026

This statement provides detailed information about how FlashFrame processes, stores, and manages your ideas, content, and usage data.

Your Content, Your Rights

1. Idea Content and Ownership

You own your ideas. Everything you and your team members post in a FlashFrame space—including ideas, comments, builder updates, files, attachments, and any other content—belongs to you and your organization.

Privacy by design: Your content stays within your chosen spaces. We do not:

  • Use your ideas for marketing, promotional materials, or public showcases without explicit consent
  • Share your content with other FlashFrame users outside your spaces
  • Mine your ideas to train AI models for other customers
  • Sell or monetize your content in any way

The only exception is when you explicitly choose to share content publicly (e.g., using a future public sharing feature) or when required by law.

2. How We Process Your Data

We process your data to provide FlashFrame's core functionality and features:

Storage and Hosting

Your ideas and content are stored securely in our database with encryption at rest. Files and attachments are stored using secure cloud storage with access controls.

Search and Indexing

We index your content to enable fast search within your spaces. Search indices are scoped to individual spaces, ensuring your content is only searchable by authorized space members.

AI Processing

When you use AI-powered features (like idea enhancement or smart suggestions), your content is processed by our AI systems. This processing happens in real-time and we do not store AI training data derived from your specific ideas unless you explicitly opt in to help improve the feature.

Notifications and Emails

We process your content to generate relevant notifications and email digests. Email content is processed by our email service provider (see Third-Party Services below) only to deliver the messages.

Collaboration Features

We synchronize your content across devices and space members in real-time, process mentions and notifications, and track activity within spaces to show you relevant updates.

3. Analytics and Telemetry

We collect anonymized, aggregated usage data to understand how FlashFrame is used and to improve the product. This data never includes the content of your ideas or personal messages.

What We Track

  • Feature usage: Which features you use, how often, and for how long (e.g., "User created 5 ideas this week")
  • Page views: Which pages you visit within FlashFrame
  • Performance metrics: Page load times, API response times, error rates
  • Device information: Browser type, operating system, screen size (for responsive design)
  • Error events: JavaScript errors, failed API calls, crashes (to fix bugs)

What We Don't Track

  • The actual content of your ideas, comments, or messages
  • Specific titles or descriptions of your ideas
  • Private conversations or sensitive content
  • Keystroke-level activity or screen recordings

How We Use Analytics

Analytics help us:

  • Understand which features are valuable and which need improvement
  • Identify and fix bugs and performance issues
  • Make data-driven decisions about product development
  • Optimize the user experience across different devices and browsers

4. Data Retention and Deletion

We retain your data only as long as necessary to provide the service. Here's our detailed retention policy:

Active Content

  • Ideas, comments, and space content: Retained while you have an active account or active membership in a space
  • Account data: Retained while your account is active
  • Session data: Active session tokens expire after 30 days of inactivity

Deleted Content (Soft Delete)

When you delete an idea or comment, it enters a 30-day soft-delete period:

  • Content is hidden from the interface but remains in the database
  • You or a space admin can restore it during this period
  • After 30 days, the content is permanently purged from primary storage

Closed Accounts

When you close your account:

  • Your profile and personal data are deleted within 90 days
  • Content in spaces you created may be transferred to another space admin or deleted
  • Comments and contributions in spaces you didn't own may be anonymized rather than deleted to preserve conversation context

Backups

  • Database backups are retained for 90 days for disaster recovery
  • Backups are stored encrypted and access-controlled
  • Deleted content may persist in backups until the backup expires

Aggregated Analytics

  • Anonymized, aggregated analytics data may be retained indefinitely
  • This data cannot be linked back to individual users or accounts
  • Used for long-term product analysis and improvement

Legal Retention

We may retain certain data longer if required by law, to comply with legal obligations, resolve disputes, enforce our agreements, or for legitimate business purposes (e.g., fraud prevention, security investigations).

5. Third-Party Services

We rely on vetted infrastructure and service providers to operate FlashFrame. Each provider only receives the minimum data necessary to perform their specific function:

Hosting Provider

Hosting

Hosts our application. Receives request logs, performance metrics, and deployment data. Does not access your idea content.

Database Provider

Database

Stores all application data including ideas, comments, and user profiles. Data is encrypted at rest and in transit. Our database provider cannot access the content of your data.

Authentication Provider

Authentication

Manages user authentication and sessions. Receives and stores authentication credentials, profile data, and login history. Does not have access to your ideas or space content.

Email Provider

Communications

Sends transactional emails (password resets, notifications, etc.). Receives email addresses and message content only for delivery purposes. Does not retain or use data for other purposes.

Analytics Provider

Analytics

Collects anonymized usage data, page views, and performance metrics. Does not receive personally identifiable information or idea content. Data is aggregated and anonymized.

Data Processing Agreements: All third-party providers are bound by data processing agreements that prohibit them from using your data for their own purposes or sharing it with others.

6. Backups and Disaster Recovery

To protect against data loss from hardware failures, software bugs, or security incidents, we maintain automated backups:

Backup Schedule

  • Continuous backups: Database changes are backed up continuously (point-in-time recovery)
  • Daily snapshots: Full database snapshots taken daily
  • Weekly archives: Weekly full backups retained for longer-term recovery

Backup Retention

  • Daily backups: Retained for 30 days
  • Weekly backups: Retained for 90 days
  • Continuous backups: Rolling 7-day window for point-in-time recovery

Backup Security

All backups are:

  • Encrypted at rest using industry-standard encryption (AES-256)
  • Stored in geographically separate locations from production systems
  • Access-controlled and monitored for security
  • Tested regularly to ensure recoverability

Note: When you delete content, it may persist in backups until those backups expire. This is necessary to maintain backup integrity and disaster recovery capabilities.

7. Data Export and Portability

You have the right to export your data from FlashFrame at any time:

What You Can Export

  • All ideas you've created (including archived and deleted ideas still in soft-delete period)
  • Comments and updates you've posted
  • Space information and membership data
  • Files and attachments you've uploaded
  • Your profile information and settings

Export Format

Data exports are provided in machine-readable formats:

  • JSON: Structured data with full metadata
  • Markdown: Ideas and comments in portable markdown format
  • CSV: Tabular data like idea lists
  • Original files: Attachments in their original format

How to Export

Self-service: Space owners can export space data through the space settings. Individual users can export their personal data from account settings.

Request assistance: Contact us at data@flashframe.app for help with exports or if you need data in a specific format.

8. Access and Deletion Requests

You have the right to access, correct, or delete your data. Here's how to exercise these rights:

📥 Access Your Data

Request a copy of all personal data we hold about you. We'll provide a comprehensive export within 30 days.

✏️ Correct Your Data

Update inaccurate information directly in your account settings, or contact us for assistance with corrections.

🗑️ Delete Your Data

Request deletion of your personal data. We'll process your request within 30 days, subject to legal retention requirements.

Note: Some data may be retained in backups for up to 90 days, and anonymized data may be retained for analytics.

⏸️ Restrict Processing

Request that we limit how we process your data while you contest accuracy or object to processing.

How to Make a Request

  1. Email us at data@flashframe.app
  2. Include your account email and describe your request
  3. We'll verify your identity (to protect your privacy)
  4. We'll process your request within 30 days
  5. You'll receive confirmation when complete

9. Contact

Questions about how we handle your data? Need help with an export or deletion request? We're here to help.

Data inquiries:data@flashframe.app
Privacy inquiries:privacy@flashframe.app
General contact:hello@flashframe.app

We respond to all data-related inquiries within 30 days and will work with you to address your concerns.