Legal
Privacy Policy
Last updated: March 2026
Note: These are placeholder terms. Have a lawyer review before significant user volume.
1. What We Collect
- Account data — email address, name, and OAuth profile photo (from Google or GitHub OAuth).
- Usage data — feature interactions and page views collected via PostHog, anonymized with no PII in event names.
- Payment data — billing address and subscription information. We never store card numbers — payments are handled by Stripe (PCI DSS Level 1 certified).
- Error reports — stack traces sent to Sentry for debugging purposes; stripped of user content.
- Design system data — the tokens, components, and configuration you create and store in your workspace.
2. How We Use It
- To operate and improve the ReframeUI service.
- To send transactional emails (invites, billing receipts, and notifications) via Resend.
- To process payments via Stripe.
- To monitor service health and fix bugs using Sentry.
We do not sell your data to third parties.
3. Third-Party Processors
We use the following third-party processors to operate the service:
| Processor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing address |
| Neon (PostgreSQL) | Primary database | All account & design system data |
| Upstash (Redis) | Session cache | Session tokens |
| Resend | Transactional email | Email address, name |
| PostHog | Product analytics | Anonymized usage events |
| Sentry | Error monitoring | Stack traces (no user content) |
| Cloudflare | CDN & DDoS protection | IP address, request data |
4. Cookies
- Session cookies — required for authentication. Cannot be disabled without breaking login.
- Analytics cookies — PostHog sets a persistent cookie to track unique visits. You can opt out via browser settings or by sending a Do Not Track header.
5. Data Retention
Account and design system data is retained while your account is active. Upon a deletion request, personal data is deleted within 30 days. Anonymized analytics data may be retained for longer periods.
6. Your Rights (GDPR)
If you are located in the EU or EEA, you have the right to: access your personal data, correct inaccuracies, request deletion of your account and data, export your data in a portable format, and restrict or object to certain processing activities.
Submit GDPR requests to privacy@reframeui.app. We will respond within 30 days.
7. Children's Privacy
ReframeUI is not directed at children under 16. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.
8. Changes to This Policy
We will notify you by email at least 14 days before any material changes to this policy take effect. Continued use of the service after changes take effect constitutes your acceptance of the updated policy.
9. Contact
Privacy questions? Email us at privacy@reframeui.app.
Also read our Terms of Service.