Legal
Privacy Policy
Last updated: 14 May 2026
Your privacy matters to us. This policy explains how we collect, use, protect, and share your personal information when you use FlashFrame.
1. Information We Collect
Information You Provide Directly
When you create an account and use FlashFrame, you provide us with information including:
- Account details: Name, email address, password, and profile information
- User content: Ideas, comments, notes, files, and any other content you create or upload
- Space information: Space names, member invitations, and configuration settings
- Communications: Messages sent to us for support or feedback
- Payment information: If you subscribe to paid features (processed securely by our payment providers)
Information from Authentication Providers
When you sign up or sign in, we collect your name, email address, and password (stored securely as a hash). We only collect the minimum information necessary for authentication.
Automatically Collected Information
When you use FlashFrame, we automatically collect certain technical and usage information:
- Device and browser data: IP address, device type, browser type and version, operating system
- Usage data: Pages viewed, features used, time spent, click patterns
- Performance data: Error logs, crash reports, response times
- Referral information: How you found FlashFrame (e.g., search engine, referring website)
2. How We Use Data
We use the information we collect to:
- Provide core functionality: Authentication, space management, idea creation, collaboration features, and notifications
- Enhance your experience: Personalize content, provide AI-powered suggestions, and remember your preferences
- Improve the service: Analyze usage patterns, identify bugs, optimize performance, and develop new features
- Ensure security: Detect and prevent fraud, abuse, unauthorized access, and other harmful activities
- Communicate with you: Send important updates, respond to support requests, and (with your consent) share product news
- Comply with legal obligations: Respond to legal requests, enforce our terms, and protect our rights
We process your data based on legitimate business interests, contractual necessity (to provide the service you signed up for), legal obligations, and your consent where required.
4. Data Retention
We retain your information for as long as necessary to provide the service and fulfill the purposes outlined in this policy:
- Active accounts: Your account data and content remain active while you have an account or active invites to spaces
- Deleted content: Ideas and comments you delete are soft-deleted for 30 days (allowing restoration) before being permanently removed
- Closed accounts: After account closure, we delete your personal data within 90 days, except where retention is required by law
- Backups: Backup copies are retained for disaster recovery and removed on a rolling 90-day schedule
- Logs and analytics: Aggregated, anonymized usage data may be retained indefinitely for product improvement
We may retain certain information longer if required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes.
5. Security
We take the security of your data seriously and implement industry-standard security measures:
- Encryption: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- Database security: Data at rest is encrypted using industry-standard encryption
- Access controls: Strict access controls limit who can access your data internally
- Authentication: Secure JWT-based authentication with bcrypt password hashing
- Monitoring: Continuous monitoring for security threats and vulnerabilities
- Regular audits: Periodic security assessments and updates
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. Please use strong passwords and keep your login credentials confidential.
If you become aware of any security vulnerability or unauthorized access, please contact us immediately at privacy@flashframe.app.
6. Your Rights and Choices
You have control over your personal information. Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Update or correct inaccurate information (you can do this directly in your account settings)
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to certain processing activities
- Restriction: Request limitation of how we process your data
- Withdraw consent: Where we rely on consent, you can withdraw it at any time
To exercise these rights, contact us at privacy@flashframe.app. We will respond to your request within 30 days after verifying your identity.
You also have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have not handled your data appropriately.
8. International Users
FlashFrame is operated from Australia. If you are located outside Australia, please be aware that information we collect may be transferred to, stored, and processed in Australia and other countries where our service providers operate.
These countries may have data protection laws that differ from your country. By using FlashFrame, you consent to the transfer of your information to Australia and other countries, and the collection, storage, and processing of your information in accordance with this Privacy Policy and applicable law.
We ensure that such transfers comply with applicable data protection laws and take appropriate safeguards to protect your data.
9. Children's Privacy
FlashFrame is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@flashframe.app and we will delete such information from our systems.
10. Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make material changes, we will notify you by:
- Updating the "Last updated" date at the top of this policy
- Sending you an email notification (if you have an account)
- Displaying a prominent notice in the app
We encourage you to review this Privacy Policy periodically. Your continued use of FlashFrame after changes are posted constitutes your acceptance of the revised policy.
11. Contact
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
We take privacy seriously and will respond to all legitimate requests within 30 days.