Privacy Policy

Last updated: 2026-05-01 • Free preview

Plain English: FrameIQ takes the video you upload, sends the audio to AI services for transcription, generates short clips, and delivers them to you. We don't sell your data, run ads, or build profiles. This page spells out exactly what data passes through which service, how long we keep it, and your rights under EU/UK data-protection law.

Legal basis for processing (EU/UK GDPR)

Under GDPR Articles 6 and 9, we rely on the following legal bases:

Performance of contract (Art. 6(1)(b)) — processing your video, audio, and transcripts is required to deliver the FrameIQ service you requested.
Legitimate interest (Art. 6(1)(f)) — processing your IP address for abuse prevention and daily-quota enforcement, and storing logs to debug and improve the service. We've assessed that this interest does not override your rights given the limited scope and short retention.
Consent (Art. 6(1)(a)) — where you explicitly opt in to optional features (e.g., creating an account, agreeing to a sample-clip preview).

What we collect

Video files or links you submit. When you upload a file, it's stored on our servers. When you paste a public link, we download the video on your behalf.
Your IP address. Used to enforce daily project limits and to detect abuse. Not used for advertising or sold to third parties.
Browser localStorage. We store your recent project list, your beta access key (if you have one), and your UI preferences (language, aspect ratio) on your own device. This data never leaves your browser unless you create a project.
Logs and usage records. We log API calls, transcription costs, and errors so we can run the service. These logs may include your IP, project IDs, and timing information.

We do not use cookies, ad networks, or third-party trackers.

International data transfers

Several of our subprocessors operate from the United States. Where personal data of EU/UK residents is transferred outside the European Economic Area or the UK, we rely on the European Commission's Standard Contractual Clauses (SCCs, 2021/914) and equivalent UK transfer mechanisms, supplemented by the contractual terms each subprocessor publishes for cross-border processing. The data we send is limited to what's necessary for transcription and analysis, and subprocessors are bound by their own published privacy and security commitments (linked below).

Where your data goes

To produce clips, parts of your video pass through these third-party services:

OpenAI (USA) — your audio is sent to OpenAI for transcription (Whisper, GPT-4o-transcribe) and content analysis (GPT-4 family). OpenAI's policy says they don't train on API data by default. See openai.com/policies/privacy-policy.
AssemblyAI (USA) — when configured, your audio is sent for an additional transcription pass. See assemblyai.com/legal/privacy-policy.
Cloudflare R2 — when configured, large uploads are temporarily stored here before processing. See cloudflare.com/privacypolicy.
Render (USA) — our application server and persistent storage. See render.com/privacy.
Webshare — used to fetch public videos from platforms like YouTube. The video request goes through their proxy network. See webshare.io/privacy.

How long we keep things

Generated clip exports: deleted after 30 days.
Source uploads / downloaded videos: deleted after 7 days.
Temporary processing files: deleted within 6 hours.
Project metadata (titles, clip records, transcripts): kept while the project file exists; deleted when you delete the project.
Logs: currently kept indefinitely while we tune the service. We may rotate or shorten this in future updates.

Your rights

If you're an EU/UK resident, you have the following rights under GDPR Articles 15-22:

Access (Art. 15) — request a copy of the data we hold about you.
Rectification (Art. 16) — ask us to correct inaccurate data.
Erasure / "right to be forgotten" (Art. 17) — request deletion of your data. Delete a project by visiting it in the app and using the delete option, or email us with the project ID. For full-account erasure, email the address below; we'll confirm within 7 days.
Restriction (Art. 18) — ask us to pause processing while a dispute is resolved.
Portability (Art. 20) — request a machine-readable export of your data.
Objection (Art. 21) — object to processing based on legitimate interest.
Withdraw consent — for any processing based on consent, you may withdraw it at any time without affecting prior lawful processing.
Lodge a complaint — you have the right to file a complaint with your national data-protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl); other EU/UK residents should contact their local supervisory authority.

To exercise any of these rights, email support@getframeiq.com. We aim to respond within 30 days as required by GDPR Art. 12(3).

Children

FrameIQ is not directed at children. We do not knowingly collect data from anyone under 16 years of age (the GDPR default for digital services consent; some EU member states set a lower age — see your country's implementation). If you believe a child has used the service, please contact us and we'll delete the relevant data promptly.

Changes to this policy

We may update this policy as the product evolves. The "Last updated" date at the top reflects the current version. Material changes will be communicated to active beta users where possible.

Contact

Questions, deletion requests, or concerns: support@getframeiq.com

Disclosure: FrameIQ is in free preview and our policies will continue to evolve as the product matures. This policy is provided in good faith but is not legal advice. If you operate under specific compliance requirements (HIPAA, PCI, regulated data, etc.), do not use FrameIQ for that data. EU/UK clients with formal Data Processing Agreement (DPA) requirements: please contact us directly to set one up before processing personal data through the service.