framery

Privacy Policy

Effective date: 1 June 2026

This Privacy Policy explains what personal data Framery collects, why we collect it, and how we handle it. It applies to all users of framery.art and the Framery artist platform.

1. Who We Are

Framery is the data controller for information processed under this policy. You can reach us at admin@framery.space.

2. Data We Collect

Account information

When you register, we collect your name, email address, chosen artist handle, and (if you sign up via Google) your Google profile ID. Your password is stored as a hashed value — we never store it in plain text.

Profile & artwork content

Any content you voluntarily add to your profile — biography, profile photo, artwork images, titles, descriptions, and prices — is stored and displayed publicly on your portfolio page.

Billing information

If you subscribe to a paid plan, billing is handled by Lemon Squeezy, LLC (“Lemon Squeezy”), our payment processor and Merchant of Record. Lemon Squeezy collects and stores your payment card details and billing address directly. Framery receives only a transaction reference and your subscription status; we do not store full card numbers.

Usage data

We collect standard server logs including IP address, browser type, referring URL, and pages visited. These logs are used for security, debugging, and aggregate analytics. We do not use third-party analytics scripts that track individual users across sites.

Communications

When you contact us by email, we retain that correspondence to respond to your query and improve our support.

3. How We Use Your Data

  • To provide the service — create and maintain your account, display your portfolio, process subscription billing.
  • To communicate with you — send transactional emails (email verification, password reset, subscription receipts, important platform notices).
  • To keep the platform secure — detect and prevent abuse, fraud, and unauthorised access.
  • To comply with legal obligations — respond to lawful requests from competent authorities.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

4. Data Processors

We share your data with the following processors only to the extent necessary to operate the platform:

ProcessorPurposeLocation
Lemon Squeezy, LLC Payment processing & subscription management US (SCCs applied)
Transactional email provider (SMTP) Sending verification, password reset, and platform emails EU
Cloudflare, Inc. CDN, DDoS protection, Turnstile CAPTCHA US (SCCs applied)
Google LLC OAuth sign-in (if you use “Continue with Google”) US (SCCs applied)

All processors are bound by data processing agreements and are required to protect your data in accordance with applicable law.

5. Cookies

We use cookies to keep you logged in (session cookies) and to remember your cookie consent preference. We do not use advertising or cross-site tracking cookies. For full details see our Cookie Policy.

6. Data Retention

We retain account data for as long as your account is active. If you delete your account, your personal data is removed within 30 days, except where we are required to retain it for longer by law (e.g. financial records for tax purposes, typically 7 years).

7. Your Rights

Under the GDPR and CalOPPA you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data (“right to be forgotten”).
  • Restriction — ask us to limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email admin@framery.space. We will respond within 30 days. California residents may also designate an authorised agent to make requests on their behalf.

8. Data Security

We use HTTPS for all data transmission, store passwords using one-way hashing, and restrict access to personal data to authorised personnel only. No method of transmission or storage is 100% secure; if we become aware of a breach that affects your rights we will notify you as required by law.

9. Children

Framery is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy. We will notify you by email at least 14 days before material changes take effect. The “Effective date” at the top of this page shows when the current version was last revised.

11. Contact & Complaints

For privacy questions, contact us at admin@framery.space. If you are in the EEA and believe we have handled your data unlawfully, you have the right to lodge a complaint with your local supervisory authority (in Ireland, the Data Protection Commission at dataprotection.ie).