Privacy Policy

Last updated: April 2026

1. What We Collect

When you use FramePhase, we collect:

  • Your Google account name, email, and profile image (via Google OAuth)
  • Videos you upload (stored temporarily on AWS S3 for transcription)
  • Subscription and payment data (processed by Stripe — we never store card numbers)
  • Basic usage data (videos processed count, plan type)

2. How We Use Your Data

Your data is used solely to provide the Service:

  • Videos are uploaded to AWS S3, transcribed via AWS Transcribe, then available for you to process
  • Caption rendering happens entirely in your browser (client-side via FFmpeg WASM)
  • We use your email for authentication and account management
  • We do not sell, share, or rent your data to third parties

3. Video Data & Processing

Uploaded videos are stored on AWS S3. The actual caption-burning process runs entirely in your browser using WebAssembly — the processed video with captions never leaves your device. We do not analyze, view, or share your video content.

4. Third-Party Services

We use the following third-party services:

  • Google OAuth — Authentication
  • AWS S3 & Transcribe — Video storage and transcription
  • Stripe — Payment processing

Each service has its own privacy policy governing their handling of your data.

5. Data Retention

Your account data is retained as long as your account is active. Uploaded videos are stored on S3 for processing purposes. You can request deletion of your data at any time by contacting us.

6. Cookies

We use essential session cookies for authentication (NextAuth.js). We do not use tracking cookies, analytics cookies, or advertising cookies.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request deletion of your account and data
  • Export your transcription data (SRT/VTT files)
  • Cancel your subscription at any time

8. Data Security

We use industry-standard encryption (TLS/SSL) for data in transit and at rest on AWS. Access to production systems is restricted and monitored. In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.

9. International Users (GDPR & CCPA)

If you are located in the EU/EEA, you have rights under the General Data Protection Regulation (GDPR) including the right to access, rectify, delete, and port your data. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) including the right to know, delete, and opt out of the sale of personal information. We do not sell your personal data. To exercise any of these rights, contact us at the email below.

10. Children's Privacy

FramePhase is not intended for children under 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete it promptly.

11. Contact

For privacy-related questions or data requests, contact us at madhvaniparth2@gmail.com.

← Back to Home