Legal

Privacy Policy

Last updated: 14 May 2026

Your privacy matters to us. This policy explains how we collect, use, protect, and share your personal information when you use FlashFrame.

1. Information We Collect

Information You Provide Directly

When you create an account and use FlashFrame, you provide us with information including:

  • Account details: Name, email address, password, and profile information
  • User content: Ideas, comments, notes, files, and any other content you create or upload
  • Space information: Space names, member invitations, and configuration settings
  • Communications: Messages sent to us for support or feedback
  • Payment information: If you subscribe to paid features (processed securely by our payment providers)

Information from Authentication Providers

When you sign up or sign in, we collect your name, email address, and password (stored securely as a hash). We only collect the minimum information necessary for authentication.

Automatically Collected Information

When you use FlashFrame, we automatically collect certain technical and usage information:

  • Device and browser data: IP address, device type, browser type and version, operating system
  • Usage data: Pages viewed, features used, time spent, click patterns
  • Performance data: Error logs, crash reports, response times
  • Referral information: How you found FlashFrame (e.g., search engine, referring website)

2. How We Use Data

We use the information we collect to:

  • Provide core functionality: Authentication, space management, idea creation, collaboration features, and notifications
  • Enhance your experience: Personalize content, provide AI-powered suggestions, and remember your preferences
  • Improve the service: Analyze usage patterns, identify bugs, optimize performance, and develop new features
  • Ensure security: Detect and prevent fraud, abuse, unauthorized access, and other harmful activities
  • Communicate with you: Send important updates, respond to support requests, and (with your consent) share product news
  • Comply with legal obligations: Respond to legal requests, enforce our terms, and protect our rights

We process your data based on legitimate business interests, contractual necessity (to provide the service you signed up for), legal obligations, and your consent where required.

Important

3. Sharing and Disclosure

We never sell your personal data. We only share your information in limited circumstances:

Within FlashFrame Spaces

Content you post in a space is visible to other members of that space. Space owners can see member activity within their spaces. You control what you share and which spaces you join.

Service Providers

We work with trusted third-party service providers who process data on our behalf, including:

  • Vercel: Hosting and deployment infrastructure
  • PostgreSQL: Database hosting
  • Email providers: Transactional emails and notifications
  • Analytics tools: Usage analytics and error tracking

These providers are contractually bound to protect your data and only use it to provide their services to us. They cannot use your data for their own purposes.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal processes or enforceable governmental requests
  • Enforce our Terms & Conditions and investigate violations
  • Detect, prevent, or address fraud, security, or technical issues
  • Protect against harm to the rights, property, or safety of FlashFrame, our users, or the public

Business Transfers

If FlashFrame is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our service before your data becomes subject to a different privacy policy.

4. Data Retention

We retain your information for as long as necessary to provide the service and fulfill the purposes outlined in this policy:

  • Active accounts: Your account data and content remain active while you have an account or active invites to spaces
  • Deleted content: Ideas and comments you delete are soft-deleted for 30 days (allowing restoration) before being permanently removed
  • Closed accounts: After account closure, we delete your personal data within 90 days, except where retention is required by law
  • Backups: Backup copies are retained for disaster recovery and removed on a rolling 90-day schedule
  • Logs and analytics: Aggregated, anonymized usage data may be retained indefinitely for product improvement

We may retain certain information longer if required by law, to resolve disputes, enforce our agreements, or for legitimate business purposes.

5. Security

We take the security of your data seriously and implement industry-standard security measures:

  • Encryption: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
  • Database security: Data at rest is encrypted using industry-standard encryption
  • Access controls: Strict access controls limit who can access your data internally
  • Authentication: Secure JWT-based authentication with bcrypt password hashing
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Regular audits: Periodic security assessments and updates

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. Please use strong passwords and keep your login credentials confidential.

If you become aware of any security vulnerability or unauthorized access, please contact us immediately at privacy@flashframe.app.

6. Your Rights and Choices

You have control over your personal information. Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information (you can do this directly in your account settings)
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing activities
  • Restriction: Request limitation of how we process your data
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time

To exercise these rights, contact us at privacy@flashframe.app. We will respond to your request within 30 days after verifying your identity.

You also have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have not handled your data appropriately.

7. Cookies and Tracking

We use cookies and similar tracking technologies to provide functionality and improve your experience:

Essential Cookies

Required for authentication, security, and basic functionality. These cannot be disabled without breaking the service.

Analytics Cookies

Help us understand how you use FlashFrame so we can improve it. These collect anonymized data about page views, feature usage, and performance metrics.

Preference Cookies

Remember your settings and preferences (theme, language, etc.) to provide a personalized experience.

Most browsers allow you to control cookies through their settings. However, disabling cookies may limit your ability to use certain features of FlashFrame.

8. International Users

FlashFrame is operated from Australia. If you are located outside Australia, please be aware that information we collect may be transferred to, stored, and processed in Australia and other countries where our service providers operate.

These countries may have data protection laws that differ from your country. By using FlashFrame, you consent to the transfer of your information to Australia and other countries, and the collection, storage, and processing of your information in accordance with this Privacy Policy and applicable law.

We ensure that such transfers comply with applicable data protection laws and take appropriate safeguards to protect your data.

9. Children's Privacy

FlashFrame is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@flashframe.app and we will delete such information from our systems.

10. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will notify you by:

  • Updating the "Last updated" date at the top of this policy
  • Sending you an email notification (if you have an account)
  • Displaying a prominent notice in the app

We encourage you to review this Privacy Policy periodically. Your continued use of FlashFrame after changes are posted constitutes your acceptance of the revised policy.

11. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Privacy inquiries:privacy@flashframe.app
General contact:hello@flashframe.app

We take privacy seriously and will respond to all legitimate requests within 30 days.