Legal
Privacy Policy
How we collect, process, and protect your personal data.
Last updated: March 18, 2026
Purpose
The purpose of this Privacy Policy is to establish a comprehensive framework for protecting the privacy of personal information collected, processed, and stored by Framecast. You may provide Personal Data through our Website and Platform.
This Policy ensures that Framecast respects individual privacy rights, and maintains the trust of customers, employees, and other data subjects through compliance with applicable privacy laws and regulations, including SOC 2, ISO 27001, and GDPR requirements for confidentiality and privacy.
Scope
This Policy applies to all employees, contractors, consultants, and third-party vendors of Framecast who handle personal information.
This Policy applies only to the processing of Personal Data by us and does not address the privacy practices of other parties for which we are not responsible.
We do not knowingly process or request Personal Data from persons under the age of 18. If you are such a person, please do not use the Platform or send us your data. We delete all the Personal Data about which we learn to have been provided by a person under the age of 18 without the consent of a parent or legal guardian.
What data do we process?
Personal Data
We may process Personal Data that you have provided to us voluntarily while using the Platform or Website. Personal Data encompasses all personal information collected, processed, stored, or transmitted by Framecast, including but not limited to: customer data, employee data, vendor data, and any other personally identifiable information, regardless of format or storage medium.
Technical Data
We and/or our authorized external service providers may automatically collect technical data when you visit or interact with our Website and Platform for statistical and analytical purposes. The technical data may include, in particular, the URL of the website you visited before using our service, the time and date of user visits, surfing habits, IP address, browser name, type of computer or device accessing our service, time spent on the website and more similar technical information. In certain cases, it would be possible to use the technical data and identify you as an individual, making them Personal Data in accordance with applicable law. However, we never use technical data to identify you as an individual.
Processing Purposes
We process your Personal Data for the purpose of performance of the contract concluded with you based on your decision to use the Platform. This purpose includes the following processing activities:
- Informing about updates and new functions to our services;
- Notification of updates to our Terms and Conditions and this Policy;
- Answering your queries about our services;
- Resolving any problems and disputes related to the contract between us.
Training our algorithmic models
For this purpose, we process your anonymised Personal Data that you have voluntarily provided to us when using the Platform for model training. The legal basis for such processing is the performance of the contract in accordance with relevant privacy frameworks. You may opt out at any time of your anonymised Personal Data being used to train our models.
Improving our services
For this purpose, we collect anonymised information about how you use the Platform, such as your clicks, the features you use, the time you spend on each screen, and other analytical data.
Marketing
We may offer services to you via e-mail if you have agreed to receive newsletters on our Website, thereby giving us your consent to the processing of your e-mail address for marketing purposes. In this case, we process your e-mail address on a legal basis, which is your consent in accordance with relevant privacy frameworks.
Third Parties
Your Personal Data is primarily processed by us. We do not share your Personal Data with any recipients unless one of the following circumstances occurs:
- It is necessary in order for us to fulfill our obligations to you. In the event that our subcontractors with whom we work to operate our Platform need access to your Personal Data, we have taken appropriate contractual and organizational measures to ensure that your Personal Data is processed in accordance with all applicable laws and regulations. We only use third-party providers that maintain the same or above levels of data protection and security.
- It is necessary for legal reasons. We may share your Personal Data with recipients outside of the Company if we believe in good faith that specific access to your Personal Data and the corresponding use is proportional and necessary to (i) comply with all applicable laws; (ii) detect, prevent and resolve fraud and security or technical problems; and/or (iii) protect the interests, property or safety of the Company, our users or the public, in accordance with the law. If possible, we will inform you of such processing.
Cross-Border Data Transfers
We may transfer your Personal Data to countries outside the European Union and the European Economic Area, where we cooperate with external subcontractors. We transfer your Personal Data only to a country that is considered to have an adequate level of Personal Data protection in accordance with the European Commission's decisions, or there are appropriate measures to protect your Personal Data, such as standard contractual clauses and/or binding internal company rules. Regardless of the country in which your Personal Data is processed, the Company will take appropriate technical, legal, and organizational measures to ensure that the level of protection is the same as in the European Union and the European Economic Area.
If you want to know more about the international transfer of your Personal Data and the relevant guarantees we have in place, you can contact us at security@framecast.ai. If we participate in a merger, acquisition, or other reorganization, your data may be transferred as part of this transaction. We will inform you about each such transaction (for example, via a message to the e-mail address associated with your account) and explain your options in this situation.
Data Security
We take proportional and appropriate security measures to protect us and our customers from unauthorized access or unauthorized alteration, disclosure, or destruction of Personal Data. Measures include, where appropriate, encryption, firewalls, secure devices, and access rights systems.
Privacy compliance activities will be regularly monitored and audited to ensure compliance with this Policy and applicable regulations. This includes annual reviews of processing activities, data subject rights fulfillment, and privacy impact assessments.
Should a data breach occur despite security measures that is likely to adversely affect your privacy, we will notify you as soon as reasonably possible. Privacy incidents and data breaches are handled according to established procedures:
- Immediate containment and assessment of privacy incidents;
- Notification to supervisory authorities within required timeframes;
- Communication to affected individuals when required;
- Documentation of incident response and remedial actions;
- Post-incident review and process improvement.
Data Retention
We retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected, provide our services, and comply with our legal obligations. Account and platform data is retained for the duration of your account or contract; if you close your account or your contract ends, we will delete or de-identify your Personal Data within 180 days, unless we are required to retain it for legal or regulatory reasons. Billing records are retained for up to 7 years to meet tax and financial reporting obligations. Support communications are retained for up to 3 years after resolution. Technical and analytics data is collected in anonymized form and is not considered Personal Data. When retention periods expire, your data is either securely deleted or irreversibly de-identified.
Data Subject Rights
Framecast will respect and facilitate data subject rights as required by applicable privacy laws:
- Right of access to your Personal Data — you may at any time ask us to confirm whether or not your Personal Data is being processed, and if so, for what purposes, to what extent, to whom it is made available, for how long we will process it, whether you have the right to correct, delete, or limit the processing or raise an objection, from where we obtained your Personal Data, and whether there is automatic decision-making based on the processing of your Personal Data, including possible profiling. You also have the right to obtain a copy of your Personal Data, the first provision being free of charge, and for the next provision, we may require a reasonable payment of administrative costs.
- Right to rectification — you may at any time request we correct or add to your Personal Data if it is inaccurate or incomplete.
- Right to erasure — you can also request the deletion of your Personal Data from our systems. We will comply with these requests unless we have a legitimate reason not to delete your Personal Data.
- Right to restrict processing — you can ask us to restrict certain processing of your Personal Data. If we restrict certain processing of your Personal Data, this may lead to limits on the use of our Platform and Website.
- Right to data portability — you have the right to receive your Personal Data from us in a structured, commonly used, and machine-readable format for the purpose of transferring Personal Data to another processor.
How to exercise your rights — you can exercise your rights listed above free of charge by e-mail to security@framecast.ai. Depending on your request, we may require verification of your identity.
Can you file a complaint?
If you believe that our processing of your Personal Data is not in accordance with applicable data protection laws, you may file a complaint with your local authorities.
Compliance
This Policy is designed to help Framecast comply with applicable regulatory standards and requirements, including SOC 2.
Framecast reserves the right to monitor and audit the use of its IT resources to ensure compliance with this Policy and applicable regulations. This includes but is not limited to network traffic analysis, system logs review, and periodic compliance assessments.
Enforcement
Any known violations of this Policy should be reported to the CTO. Violations of this Policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.
Policy Review
This Policy will be reviewed and updated at least annually, or more frequently as needed, to reflect changes in technology, regulations, or business practices. This document shall be stored in a secure and accessible location and made available to all employees of Framecast. It is to be referenced in conjunction with other established policies and procedures.
Underwrite the future, instantly.
See how Framecast turns your next data room into an institutional-grade model in a 20-minute live walkthrough.