Privacy Policy

We collect information in the following ways depending on how you interact with our App:

1.1 Information You Provide Directly

• Photos: You voluntarily provide photos from your device camera roll for the purpose of framing them. These photos are processed entirely on your device. We do not upload, store, or transmit your photos to our servers.
• Support Communications: If you contact us for support via email, we collect your name, email address, and the content of your message.
• Feedback: Any feedback, bug reports, or feature requests you submit to us voluntarily.

1.2 Information Collected Automatically

• Usage Analytics: We collect anonymized data about how you use the App (e.g., which features you use, session duration, screens visited, button taps). This data does not identify you personally.
• Crash Reports: When the App crashes, we may automatically collect a crash report including your device model, iOS version, App version, and the state of the App at the time of the crash.
• Device Information: We may collect your device type, operating system version, device language, and a randomized device identifier (not your IDFA or any unique hardware identifier).

1.3 Information We Do NOT Collect

We do not collect:

• Your name or email address unless you contact us
• Your location or GPS data
• Your contacts, calendar, or health data
• Your camera or microphone access beyond what you explicitly grant for photo selection
• Any biometric data
• IDFA (Apple's Identifier for Advertisers)

We use the information we collect to:

• Provide, operate, and maintain the App and its features
• Process photos you submit for framing, entirely on-device
• Analyze anonymous usage patterns to improve the App's usability, performance, and feature set
• Identify, diagnose, and fix bugs, crashes, and technical issues
• Respond to your support inquiries and provide customer service
• Comply with applicable legal obligations and enforce our Terms of Service
• Detect and prevent fraud, abuse, and security incidents

We do not use your data for advertising, profiling, or sell it to third parties for marketing purposes.

We do not sell, rent, or trade your personal information. We may share data in the following limited circumstances:

3.1 Service Providers

We engage trusted third-party service providers who act on our behalf and under our instructions. They may only use your data to provide the services we request and are contractually obligated to protect it. These include:

• Analytics: PostHog (see Section 5 below)
• In-App Purchases: RevenueCat (see Section 6 below)
• Crash Reporting: We may use Apple's native crash reporting infrastructure via TestFlight and the App Store

3.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to: (a) comply with legal obligations; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing; (d) protect the personal safety of users or the public.

3.3 Business Transfers

In the event that Indie Apps is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice in the App of any change in ownership and any choices you may have regarding your information.

FrameBox is designed with privacy-first architecture. All photo processing — including framing, cropping, border application, and export — occurs entirely on your device using Apple's Core Image framework. Your photos are never uploaded to our servers, stored in our databases, or transmitted to any third party.

When you save a framed photo to your camera roll, that file resides on your device and in any storage service you have configured (such as iCloud Photos), entirely under your control. We have no access to your saved photos.

We use PostHog, an open-source product analytics platform, to understand how users interact with FrameBox. PostHog helps us identify which features are most used, where users encounter friction, and how to prioritize improvements.

The data sent to PostHog is:

• Anonymous: Events are associated with a randomly-generated anonymous ID, not your real identity.
• Aggregated: We review aggregate trends, not individual user sessions.
• Non-advertising: PostHog data is used solely for product improvement and is never used for advertising targeting.

Event data we track includes: app opens, feature usage (e.g., “ratio_selected,” “border_changed,” “photo_saved”), screen views, and subscription events. We do not capture any photo content.

PostHog's privacy policy can be found at posthog.com/privacy.

We use RevenueCat to manage in-app subscriptions and purchases for FrameBox Pro. RevenueCat processes your subscription status information and communicates with Apple's App Store to verify and manage purchases.

RevenueCat may collect:

• An anonymized app user identifier
• Purchase history and subscription status
• Transaction identifiers provided by Apple

RevenueCat does not receive your payment card details or Apple ID. All payment processing is handled entirely by Apple. RevenueCat's privacy policy is available at revenuecat.com/privacy.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Support emails: Retained for up to 3 years to assist with follow-up inquiries and improve support quality.
• Analytics data: Anonymous event data is retained for up to 24 months, after which it is deleted or anonymized further.
• Crash reports: Retained for up to 12 months.
• Purchase records: Retained as required by applicable financial and tax regulations (typically 7 years).

You may request deletion of any personal data we hold about you at any time (see Section 8).

Depending on your location, you may have certain rights with respect to your personal data. We honor these rights regardless of where you reside.

8.1 Rights Under GDPR (EU/EEA Residents)

• Right of Access: Request a copy of the personal data we hold about you.
• Right of Rectification: Request correction of inaccurate or incomplete data.
• Right of Erasure (“Right to be Forgotten”): Request deletion of your personal data where we have no legitimate reason to continue processing it.
• Right to Restrict Processing: Request that we restrict processing of your data under certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used format.
• Right to Object: Object to our processing of your data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

8.2 Rights Under CCPA (California Residents)

California residents have the right to:

• Know what personal information we collect, use, disclose, and sell
• Request deletion of personal information we have collected
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at framebox143@gmail.com. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit using TLS 1.2+
• Encryption of data at rest using AES-256
• Access controls limiting who within Indie Apps can access data
• Regular security reviews of our infrastructure and third-party providers

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

FrameBox is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the App or provide any information to us.

If we discover that we have inadvertently collected personal information from a child under 13, we will delete such information from our records promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at framebox143@gmail.com.

Users between the ages of 13 and 17 may use FrameBox with the consent and supervision of a parent or legal guardian.

The App may contain links to third-party websites or services (including the Apple App Store). We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party service you interact with.

Indie Apps operates from and our service providers may be located in countries other than your own. If you are located in the European Economic Area (EEA), your data may be transferred to and processed in countries that may not have the same level of data protection as your home country.

When transferring data out of the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure your data is adequately protected.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last Updated” date at the top of this page
• Provide a notice within the App if the changes are significant
• Notify users who have contacted us via email, where feasible

Your continued use of FrameBox after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the updated policy, please stop using the App and contact us to delete your data.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 5 business days and to fulfil data subject requests within 30 calendar days.