FreshFrame
How it worksPricingFAQ

Privacy Policy

What we do with your data.

Last updated: 2026-04-29 · Effective: 2026-04-29

TL;DR

  • Your selfies are deleted 30 days after your most recent purchase (Club extends this each billing cycle).
  • Your finished photos are kept in your gallery forever — download them anytime.
  • We do not train a general-purpose AI model on your face.
  • We don't sell your data. Third parties we use (Lemon Squeezy, Google Gemini, Anthropic Claude, Cloudflare R2, Firebase, Neon, Upstash, Resend, PostHog, Sentry, Vercel) are listed in §4.
  • You can delete your account and everything in it at any time by emailing alex.c@freshframe.co.

1. What we collect

When you use FreshFrame we collect:

  • Account information: email address and display name (via Firebase sign-in).
  • The selfies you upload. Stored in Cloudflare R2 object storage, encrypted at rest.
  • Generated output: the photos our pipeline produces for you, also in R2.
  • Order and payment metadata: order id, amount, status, and a reference to the Lemon Squeezy checkout. Lemon Squeezy is our merchant of record; they handle the card transaction. We never see or store your card number.
  • Technical logs: timestamps, IP hashes (salted), progress/status events from the pipeline. Used only for debugging and abuse prevention.

2. How we use it

Your selfiesare used only to: (a) build a structured model of your face that anchors the generator; (b) score generated photos against that model; (c) deliver your gallery. They are not used to train a general-purpose AI. They are not shared with advertisers. They are not reused on other customers' shoots.

Your email is used to send transactional notifications (your gallery is ready, refund issued, etc.) and, if you opt in, occasional product updates.

Payment metadata is used to process the transaction, issue refunds, and meet tax and accounting requirements.

3. Retention

  • Uploaded selfies: deleted 30 days after your most recent purchase. Each new purchase (Standard, Pro, Top-up, or Club renewal) resets that 30-day window.
  • The face-model and intermediate candidate images we generate from your selfies: follow the same 30-day rule. Club subscribers keep these as long as their subscription is active, with a 30-day grace window after cancellation before deletion.
  • Delivered photos (your gallery): kept forever in your account. You can download them at any time. They are never auto-deleted, even if you cancel Club or stop buying credits.
  • Demo page uploads: automatically deleted 24 hours after upload.
  • Payment records: retained for 7 years, or as required by local tax law.

4. Service providers we use

We use a small set of third-party services to run FreshFrame. Each gets only the data it needs and is contractually bound to use that data only to provide its service to us.

  • Lemon Squeezy — payment processing (merchant of record). Sees your email and payment details; we do not store your card.
  • Firebase (Google) — authentication. Stores your email and Google sign-in identifiers.
  • Cloudflare R2 — image storage. Stores your selfies and generated photos encrypted.
  • Google Gemini API — image generation and face-match scoring. Sees your selfies during generation; Google commits not to use Gemini API inputs to improve their general models.
  • Anthropic Claude API — secondary scoring for some pipeline stages. Sees your selfies and generated photos during scoring; Anthropic commits not to use API inputs to improve their general models.
  • Neon — database. Stores order, user, and job metadata (no image data).
  • Upstash Redis — job queue. Stores transient job references (no image data).
  • Resend — transactional email.
  • Fly.io — background worker hosting.
  • Vercel — website + API hosting.
  • Sentry — error monitoring. Receives technical exception data, request URLs, and salted user IDs (no biometric or selfie data).
  • PostHog — product analytics. Receives page views, button clicks, and salted user IDs for funnel analysis (no biometric or selfie data).

5. Your rights

You can at any time:

  • Access all data we hold about you — email alex.c@freshframe.co.
  • Delete everything — visit your account page and use the “Delete my account” section, or email alex.c@freshframe.co. We will delete all personal data within 14 days, excepting payment records which we are legally required to retain.
  • Correct inaccurate information.
  • Export your photos at any time from the dashboard.
  • Object to any processing you disagree with.

If you're in the EU, UK, or California, you have additional rights under GDPR / CCPA; these apply to you by default under the list above.

6. Biometric data — U.S. state-law notices

The selfies you upload contain your facial geometry, which qualifies as biometric information under certain U.S. state laws — notably the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington Biometric Privacy Act (RCW 19.375), and the New York Stop Hacks and Improve Electronic Data Security Act (NY-SHIELD).

Purpose of collection. We collect, store, and process your facial geometry solely to (a) build a per-session model of your face that anchors the image generator, (b) score generated photos against that model for identity match, and (c) deliver your gallery. We do not use it for identification, surveillance, employment screening, or any other purpose.

Retention schedule.Your uploaded selfies and the intermediate face-model data derived from them are permanently deleted no later than 30 days after your most recent purchase, or 30 days after Club cancellation — whichever is later. This satisfies BIPA's requirement that biometric data be destroyed when its initial purpose has been satisfied or within 3 years of last interaction, whichever first occurs. We meet a far shorter window.

Disclosure. We do not sell, lease, trade, or otherwise profit from your biometric data. We share it only with the sub-processors listed in §4, each of which is contractually bound to use it solely to provide its service to us, and only with your consent (given when you upload selfies).

AI-training opt-in. Your ratings on the photos we deliver to you (thumbs / Likert score / use-case tags) are stored separately from your biometric data. We use your ratings only to improve the in-product pipeline unless you have explicitly opted in to broader use via the consent toggle in your account settings. The opt-in is granular, revocable at any time, and never gates any product feature.

Your written release.By checking the consent box at upload time, you provide written informed consent to FreshFrame's collection, storage, processing, and 30-day retention of your facial geometry solely for the purposes described above. You may withdraw consent at any time by emailing alex.c@freshframe.co — we will delete your biometric data within 14 days of receipt.

If you are a resident of Illinois, Texas, Washington, or another U.S. state with a private right of action under biometric-privacy law, you may have additional rights and remedies. The full list of your statutory rights is available on the relevant state attorney general's website. We do not waive any such rights through these terms.

6A. Demo flow — biometric-data handling

The free demo at /demo accepts a single selfie and generates one preview photo. Like the full product, the demo collects facial geometry — the same regulated biometric information under BIPA, CUBI, Washington HB 1493, and the NY SHIELD Act's biometric provisions.

Written consent. Before the demo will accept your selfie, you must check the consent box on the /demo page. We persist a session-scoped consent record (a client-generated session id, the consent timestamp, the Terms-of-Service version you accepted, and a hashed IP) and refuse the upload until that record exists. No account is required.

Retention. The uploaded selfie is deleted from object storage within 24 hours; any derived face-model data and the consent record itself are deleted within 30 days. You can request immediate deletion at any time by emailing alex.c@freshframe.co.

Geo-restriction.The demo is currently not available to visitors located in Illinois, Texas, Washington, or New York. Visitors from those states are directed to the paid product, which carries the same written-consent record plus the full statutory notices in §6 above. We detect state via Vercel's edge geolocation headers; this is best-effort and may be wrong. If you believe you're seeing the restriction in error, email alex.c@freshframe.co.

7. Security

We encrypt data at rest (R2) and in transit (TLS everywhere). Presigned upload/download URLs expire within hours. We salt and hash IP addresses rather than storing them plain. No system is 100% secure; we'll notify you promptly if a breach occurs.

8. Children

FreshFrame is not for anyone under 18. We don't knowingly collect data from minors. If you believe we have data from a minor, email us and we'll delete it.

9. International transfers

FreshFrame is operated from Israel and our service providers are primarily US-based. By using the service you consent to your data being processed in those jurisdictions.

10. Changes

Material changes will be emailed to registered users. The “Last updated” date above always reflects the current version.

11. Contact

Questions, data-access requests, deletions, complaints:
alex.c@freshframe.co

FreshFramealex.c@freshframe.co
PrivacyTermsQuality commitmentContact

© 2026 FreshFrame