Privacy Policy

Last updated: 6 November 2025

Controller: Chelodo B.V. (KvK-nummer: 94820996)

Service: myframe at myframe.ai

Contact: contact@myframe.ai (privacy inquiries welcome)

Chelodo B.V. (“we”, “us”, “our”) provides myframe, a service that lets you upload photos and apply styles to generate new images. This Policy explains what personal data we collect, how we use it, how long we keep it, and your rights.

We operate from the Netherlands and follow the EU GDPR and applicable Dutch law.

1) The data we collect

1.1 Account & identity

  • Name (optional), email address, password (hashed), country/locale, language.
  • Workspace or company name if you add it.

1.2 Content you upload and generate

  • Uploads: photos/selfies and any text (prompts, style settings) you submit.
  • Outputs: images generated for you.
We keep uploads and outputs for 30 days to let you view, download, or re-use them, then we delete them from our active storage (see Retention).

1.3 Billing & transactions

  • Purchases, credit grants, invoices, VAT details.
  • Payment card data is processed by Stripe; we only receive limited billing metadata (last 4 digits, card brand, country), not full card numbers.

1.4 Device & usage

  • IP address, device/browser info, timestamps, cookies, pages/actions in the app, error logs, and basic performance metrics.

1.5 Support

  • Messages and attachments you send to support (including example outputs you choose to share).

1.6 Face Data (Biometric Information)

What we collect: When you upload photos to myframe, those photos may contain images of faces, including facial features and characteristics that can be used to identify individuals.

How we use face data: Face data is used solely to provide our AI-powered image generation service—specifically to:

  • Analyze facial features to generate styled headshots and images based on your selected styles
  • Process your photos through AI models to create personalized outputs
  • Deliver the image generation service you have requested

Disclosure and sharing: Face data from your uploaded photos is shared with:

  • Google Gemini (our AI model provider) to process images and generate styled outputs
  • Cloudflare (our infrastructure provider) for secure image storage and delivery during the processing period

These processors operate under strict data processing agreements and are prohibited from using face data for any purpose other than providing our service.

Retention: Your uploaded photos containing face data are retained for 30 days from upload to allow you to access and download your generated images. After 30 days, photos and outputs are automatically deleted from our active storage systems.

Important: We do NOT use face data to train AI models. We do NOT sell face data to third parties. We do NOT use face data for advertising or marketing purposes. Face data is used exclusively to provide the image generation service you request, and is deleted after 30 days.

2) Why we use your data (purposes) & legal bases

PurposeExamplesLegal basis (GDPR)
Provide the serviceAuthenticate, generate images, deliver outputs, credit accounting, refunds for failed jobsContract (Art. 6(1)(b))
Improve & secure the serviceDebug, prevent abuse/fraud, performance monitoring, feature usage analyticsLegitimate interests (Art. 6(1)(f)); we balance against your rights
Payments & invoicingProcess payments, detect fraud, comply with tax rulesContract and Legal obligation (Art. 6(1)(b),(c))
CommunicationsAccount emails, receipts, critical updatesContract / Legitimate interests
Marketing (optional)Product news, tipsConsent (Art. 6(1)(a)); opt-in and unsubscribe anytime
Cookies/analytics (where required)Usage analytics, A/B testsConsent via cookie banner where applicable

We do not train models on your uploads or outputs.

3) Model & infrastructure providers (processors)

To run myframe, we use trusted subprocessors:

  • Google Gemini (AI model provider) – process prompts and images to generate outputs.
  • Cloudflare – CDN, image storage/processing, security.
  • Stripe – payment processing and fraud prevention.
  • Google Analytics – web analytics (aggregated/consent-based).
  • Mixpanel – in-product analytics and event tracking.

We may update providers as the service evolves. Each acts under a data-processing agreement and appropriate safeguards.

4) International transfers

We aim to store data in the region closest to you. However, some providers may process data outside the EU/EEA (e.g., the US). Where that happens, we use GDPR-compliant safeguards such as Standard Contractual Clauses (SCCs) and additional measures. Details are available on request.

5) Retention

  • Uploads & outputs: kept for 30 days, then deleted from active storage.
  • Account data: kept while your account is active. If you delete your account, we remove or anonymize personal data within 30 days, except…
  • Transactions & invoices: retained for the period required by law (e.g., 7 years for Dutch tax records).
  • Backups & logs: rotate on fixed schedules (short, limited retention) and are purged automatically.

6) Your rights (EU/UK)

You can:

  • Access your data and get a copy
  • Correct inaccurate data
  • Delete your data (“right to be forgotten”)
  • Restrict or object to certain processing
  • Portability (get your data in a portable format)
  • Withdraw consent at any time (for things like marketing/cookies)

To exercise rights, email contact@myframe.ai from your account email. We respond within 30 days. You also have the right to complain to your local authority; in the Netherlands this is the Autoriteit Persoonsgegevens.

7) Cookies & tracking

We use:

  • Strictly necessary cookies – login/session, security.
  • Analytics cookies – usage and performance (subject to consent).
  • Preference cookies – save language and UI settings.

You can manage cookies in our banner and via your browser settings. Refusing analytics won't break essential features.

8) Children

myframe is for users 16+. We don't knowingly process children's data. If you believe a minor has used the service, contact us and we'll take appropriate action.

9) Security

We use industry-standard measures: encryption in transit, role-based access, least-privilege keys, audit logs, network isolation, and routine backups. No system is perfectly secure; if we detect a personal-data breach likely to risk your rights, we will notify you and, where required, regulators.

10) Sharing & disclosures

We don't sell your personal data. We share it only with:

  • Processors listed above, to provide the service;
  • Authorities when legally required;
  • Successors in case of a merger or acquisition (you'll be notified and can delete your account if you wish).

11) Content rules and misuse

Do not upload images of others without permission or submit disallowed content (e.g., sexual content, sexualized minors, illegal content). We may suspend accounts and remove credits for violations, and report illegal content to authorities. Credits used on disallowed content are not refundable (see Terms/Refund Policy).

12) Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects. Our models generate images based on your inputs to deliver the service you request.

13) Data access & deletion requests

  • Delete account/data: email contact@myframe.ai from your account email.
  • We may verify your identity before acting on a request.
  • Deleting your account does not automatically refund unused credits (see Refund Policy).

14) Changes to this Policy

We may update this Policy from time to time. If changes are material, we'll notify you (e.g., in-app or by email). Your continued use after the effective date means you accept the updated Policy.

15) How to contact us

Chelodo B.V. – myframe
Email: contact@myframe.ai
Registered office: Netherlands (KvK-nummer: 94820996)