Legal

Privacy Policy

Effective Date: April 1, 2026 · Operated by Ink & Code Labs

This Privacy Policy describes how Ink & Code Labs ("we," "us," or "our") collects, uses, and shares information about you when you use FrameOps ("Service"). We are committed to protecting your privacy and handling your data responsibly.

1. Information We Collect

1.1 Information You Provide

  • Account information (name, email, password, studio details)
  • Business data (client records, projects, financials, contracts, proposals)
  • Uploaded files (photos, PDFs, documents)
  • Payment information (processed via payment processor; we do not store card numbers)
  • Communications (in-app support or email)

1.2 Information Collected Automatically

  • Usage data (features used, pages visited, session duration, interaction patterns)
  • Device information (browser type, OS, IP address)
  • Log data (server logs, access times, error reports)

1.3 Third-Party Integrations

When you connect Google services (Calendar, Sheets, Drive), we access only the data required for the integration. We do not access, store, or process Google data beyond what is necessary for the stated integration purpose.

2. How We Use Your Information

  • Provide, operate, and maintain the Service
  • Process transactions and send billing communications
  • Personalize AI outputs using Business Brain documents
  • Send service-related notifications and support communications
  • Analyze aggregate usage patterns and improve the Service
  • Comply with legal obligations and enforce our Terms of Service

Important: We do NOT use your business data, client information, or uploaded documents to train AI models. Your Business Brain documents are read at inference time only.

3. Data Storage and Security

Your data is stored on secure servers with encryption in transit (TLS), access controls, and regular security reviews. Photo galleries are stored locally in your browser's IndexedDB by default and are not uploaded to our servers unless you explicitly use cloud delivery features.

No system is completely secure; we cannot guarantee absolute security.

4. Data Sharing

We do not sell your personal data. We may share with:

  • Service providers (hosting, payment, analytics) bound by confidentiality agreements
  • Google APIs when you enable integrations
  • Legal authorities when required by law
  • In the event of a business transfer (merger/acquisition) with notice to you

5. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access — request a copy of your personal data
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and data
  • Portability — request your data in a portable format
  • Opt-out — opt out of non-essential communications

To exercise any of these rights, contact us at support@frameops.app.

6. Data Retention

Account data is retained for the duration of your subscription plus 30 days post-termination to allow for data export. Financial records may be retained longer as required by law.

7. Google API Services — Limited Use Disclosure

FrameOps's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when you connect Google services (such as Google Calendar or Google Drive) to FrameOps, we operate under the following restrictions:

  • Limited use: We only use Google user data to provide and improve the features that are visible to users within FrameOps. We do not use Google data for any other purpose.
  • No transfer: We do not transfer Google user data to third parties, except as necessary to provide the FrameOps service (e.g., to our hosting infrastructure), or as required by law.
  • No advertising: We do not use Google data to serve advertisements. We do not allow humans to read Google user data unless you have given explicit permission, it is necessary for security or legal compliance, or it has been aggregated and anonymized.
  • No AI training: We do not use data obtained via Google APIs to train AI or machine learning models.

Google integration features (Calendar sync, Drive sync) are optional and require your explicit authorization via Google's OAuth consent flow. You may revoke access at any time from your Google Account security settings or from within FrameOps.

8. Cookies & Local Storage

FrameOps uses cookies and browser local storage to operate the Service and improve your experience. We do not use advertising or tracking cookies.

8.1 Essential Cookies

These are required for the Service to function and cannot be disabled:

  • Session cookies — keep you logged in during your browser session
  • Authentication tokens — securely identify your account
  • CSRF tokens — protect against cross-site request forgery

8.2 Functional Local Storage

FrameOps uses your browser's IndexedDB and localStorage to store gallery data and app preferences locally on your device. This data never leaves your device unless you explicitly use cloud delivery features.

8.3 Analytics

We may use privacy-respecting, aggregate analytics to understand how the Service is used (e.g., which features are most used, general performance metrics). We do not use Google Analytics or any behavioral ad-targeting cookies. No personal data is sent to analytics providers.

8.4 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in and using the Service. Clearing localStorage will remove locally cached gallery data from your device.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

9.1 We Do Not Sell Your Personal Information

FrameOps does not sell, rent, or trade your personal information to any third party for money or other valuable consideration. This applies to all users, regardless of state of residence.

9.2 Your CCPA Rights

As a California resident, you have the right to:

  • Know — request disclosure of the categories and specific pieces of personal information we have collected about you
  • Delete — request deletion of personal information we have collected, subject to certain exceptions
  • Opt-out of sale — opt out of the sale of your personal information (though we do not sell personal information)
  • Non-discrimination — we will not discriminate against you for exercising any of these rights

9.3 How to Exercise CCPA Rights

To submit a verifiable consumer request, contact us at support@frameops.app with the subject line "CCPA Request." We will respond within 45 days.

10. Children's Privacy

FrameOps is not directed at children under 13. If you believe a child has provided personal information through our Service, please contact us so we can delete it.

11. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email or in-app notice at least 14 days before they take effect.

12. Contact

Questions about this policy? Contact us at support@frameops.app

Ink & Code Labs · Republic, Missouri