Privacy Policy

FrameOn Studio (“FrameOn,” “Studio,” “we,” “us”) is operated by Seazars, a sole proprietorship registered in India (GSTIN 32AOAPC5470Q1ZW), with its principal place of business at 1.2423 A, Pattalam Market Road, Fort Kochi, Kerala 682001, India. Proprietor: Basanio Savio Caesar.

Seazars operates several consumer brands including Pronatrix, The Booking Advisor, StaffLenz, and FrameOn. Our Meta Business Account is registered under the name Pronatrix (Meta Business ID 1453458572298589) for historical reasons; the underlying legal entity verified by Meta is Seazars (per the GST registration above).

You can reach us at support@frameon.tv.

This policy explains what personal data we collect when you use FrameOn Studio (the website at frameon.tv, the application dashboard, and any APIs we provide), why we collect it, how we store and share it, and the rights you have over it.

a. Account data

When you sign up, we collect your name, email address, password (hashed), business name, country, and (optionally) phone number and profile photo.

b. Connected social accounts

When you connect Facebook, Instagram, LinkedIn, or Pinterest, we receive — through the official OAuth flow of each platform — your user ID on that platform, the IDs and names of Pages or accounts you choose to grant access to, profile pictures, and access tokens scoped to publishing and reading engagement on those Pages or accounts. We do not receive your social account password and we cannot access any Pages, friends, posts, or messages you do not explicitly grant.

Specific Meta (Facebook + Instagram) permissions we request:

• pages_show_list — list the Facebook Pages you administer so you can choose which to connect.
• pages_read_engagement — read likes, comments, reach, and impressions on posts published through FrameOn so we can show you analytics.
• pages_manage_posts — publish, schedule, and delete posts on the Pages you connect, only at your explicit instruction.
• pages_manage_metadata — read basic Page metadata (name, category, profile picture) for display in the FrameOn dashboard.
• business_management — read the list of Meta Businesses you own so we can correctly map Pages and Instagram accounts to the right business.
• instagram_basic — read the basic profile of the Instagram Business accounts you connect.
• instagram_content_publish — publish images, videos, and reels to those Instagram Business accounts at your instruction.

We do not request, store, or use any other Meta permissions. We never message your followers, scrape your friends list, or take any action on Meta that you have not specifically initiated in the FrameOn dashboard.

YouTube OAuth scopes we request:

• youtube.upload — upload videos to channels you connect (auto-post Story Videos and Cast podcast episodes you create in FrameOn).
• youtube.readonly — read your channel ID, channel title, and a list of your uploads so you can pick the right channel to publish to.

We never auto-comment, auto-like, auto-subscribe, or fetch anyone else’s private YouTube data. Channel Clone reads only public YouTube channel data of channels you paste in — same data anyone can see on youtube.com.

c. Content you create

Posts, captions, hashtags, image prompts, scripts, voiceovers, videos, audience research, and any URLs or files you upload while using Studio.

d. Outreach data

If you use the Outreach Hub, we collect business names, emails, phone numbers, and addresses you import (e.g., from Google Maps or CSV uploads), plus the message templates and reply data tied to each contact.

e. Payment data

Payments are processed by Razorpay (for INR) and Stripe (for USD and other currencies). We never see or store your full card number — we only retain a customer ID, last-four digits, card brand, billing address, and invoice records.

f. Usage and device data

IP address, browser type, OS, pages viewed, actions taken in the app, error logs, and approximate location (country/region only). We use this for security, debugging, and product analytics.

g. Cookies

We use essential cookies for authentication and session management, and a small number of first-party analytics cookies to measure feature usage. We do not run third-party advertising cookies on frameon.tv.

• To create your account and authenticate you.
• To publish, schedule, and report on the content you create — on the social accounts you connect.
• To generate AI content (text, images, video, voice) on your behalf, using third-party AI providers.
• To process payments and send you invoices and receipts.
• To send transactional email (account, billing, security alerts) and product email if you opt in.
• To detect abuse, prevent fraud, and enforce our Terms of Service.
• To comply with legal obligations.

We do not sell your personal data, your content, or your social-account data to anyone. We do not use your content to train third-party AI models beyond the inference call required to fulfill your request.

FrameOn’s use of information received from Google APIs (including the YouTube Data API) adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:

• We use Google user data only to provide and improve the user-facing features you explicitly request (connecting your channel, uploading the videos you create, and letting you pick the channel to publish to).
• We do not transfer or sell Google user data to third parties, ad networks, data brokers, or for any advertising or resale purpose.
• We do not use Google user data to train, fine tune, or develop generalized AI/ML models.
• No humans read your Google user data except where you give explicit consent for specific support, where required for security or to comply with applicable law, or where the data is aggregated and anonymized.

By using FrameOn’s YouTube features you also agree to be bound by the YouTube Terms of Service. Google’s handling of your data is governed by the Google Privacy Policy. You can review and revoke FrameOn’s access to your Google account at any time at myaccount.google.com/permissions.

To generate content, FrameOn sends prompts (and the URLs, scripts, or images you provide) to the following providers, each governed by its own privacy policy:

• Anthropic (Claude) — text generation (scripts, captions, content plans) and image analysis (we send video thumbnails to Claude vision when you use Channel Clone to extract a Style Profile).
• Black Forest Labs (Flux) via Replicate — image generation for Story Video scenes, Content Factory post images, and Channel Clone outputs.
• ElevenLabs — voice synthesis and dubbing for Story Video narration and Cast audio podcasts.
• HeyGen — AI talking-head video and lip-sync for the video format of Cast podcast episodes. When you pick a host avatar + voice in Cast, we send the script text + chosen avatar/voice IDs to HeyGen; HeyGen renders the video and returns the MP4.
• OpenAI — selected text and embedding tasks.

We have signed data-processing agreements (DPAs) with these providers where available. We do not authorize any of them to use your content for training their models.

• Meta Platforms, Inc. — for posting to Facebook and Instagram. We exchange access tokens, Page metadata, and the posts you publish through us.
• Google (YouTube Data API v3)— used in two ways: (1) when you connect a YouTube channel for auto-post, we exchange OAuth tokens scoped to upload + read your own channel metadata; (2) when you use Channel Clone, we read public channel + video metadata (titles, thumbnails, view counts) of channels you paste in. We do not receive private analytics on channels you don’t own.
• youtube-transcript-api — used by Channel Clone to fetch public auto-captioned transcripts of YouTube videos for style analysis. Same captions any logged-out viewer can see.
• LinkedIn — same as Meta for LinkedIn personal profiles and Company Pages.
• Pinterest — same as Meta for Pinterest boards.
• Razorpay, Stripe — payment processing for subscriptions and Marketplace escrow.
• Resend — transactional and outreach email delivery.
• Railway — application hosting (web and API services) and managed PostgreSQL for your account, content, and analytics data.
• Vercel — Next.js frontend hosting AND blob storage (Vercel Blob) where we keep the generated images, videos, voiceovers, and podcast MP3s you create. Files are served from *.public.blob.vercel-storage.com URLs so the social platforms can fetch them at publish time.
• Cloudflare — CDN and edge delivery for the marketing site and static assets.
• Google Places API— used by Audience Finder when you search for local businesses (e.g., “gyms in Kochi”). We send only the search query and read public business listings; we don’t share any data about you.
• Apify — runs two scrapers on your behalf: (a) Outreach Hub research on public business listings, (b) Competitor Radar pulls of public Meta Ad Library creatives that competitors you choose are running.
• Pexels — stock imagery library (we send only your search query, no personal data).

When you use the FrameOn Marketplace to hire a creator, both sides’ data flows through us:

• If you’re a brand posting a gig: we store the gig brief, your offered rate, and your communication with the creator. When you fund the booking, we generate a Razorpay payment link; once you pay, Razorpay holds the funds in escrow under our merchant account until you approve the submission. Then we initiate a manual UPI payout to the creator (auto-payout via RazorpayX is on the roadmap).
• If you’re a creator listed on Marketplace:your profile (handle, bio, followers, niche, language, city) is visible to brands browsing. Your booking history with each brand and your payout details (UPI VPA or bank info you provide for payouts) are visible only to you and the brands you’ve worked with.
• Platform fee: we charge a percentage of the booking value (currently 8% on Free/Starter/Pro, 5% on Agency, 0% on founding creators). The fee is deducted before payout. We do not see or store your full Razorpay or bank credentials.

• Account data — for as long as your account is active. Deleted within 30 days of account closure.
• Connected social tokens — until you disconnect the integration or delete your account, then revoked immediately.
• Content you created — until you delete it, or within 30 days of account closure.
• Invoices and tax records — retained for the minimum period required by Indian tax law (currently 8 years under the Income Tax Act).
• Backups — encrypted backups roll off within 35 days.

Application servers (web and API) and the primary PostgreSQL database are hosted on Railway, with regions in Singapore and the United States. The marketing site is delivered via Vercel / Cloudflare CDN. By using FrameOn you consent to your data being transferred to and processed in these regions.

We use TLS 1.2+ for all data in transit, encrypt sensitive fields at rest, hash passwords with bcrypt, and store social-platform access tokens encrypted with per-tenant keys. Access to production systems is restricted to a small number of named individuals and requires hardware-key MFA.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you without undue delay and within the timeframes required by applicable law.

Depending on where you live, you may have the right to:

• Access the personal data we hold about you.
• Correct it if it is inaccurate.
• Export it in a portable format.
• Delete it (subject to the retention rules in section 7).
• Withdraw consent for non-essential processing.
• Object to certain types of processing.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@frameon.tv from the address on your FrameOn account, or use the in-app controls (Settings → Account → Export / Delete). We respond within 30 days.

For step-by-step instructions on deleting your account, revoking connected accounts, and removing your data from FrameOn (including via Meta’s automated revocation flow), see our Data Deletion page.

FrameOn is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has given us data, contact us and we will delete it.

We may update this policy as the product and the law evolve. If changes are material, we will email account holders at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

In compliance with India’s Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the following individual is the designated Grievance Officer for FrameOn:

• Name: Basanio Savio Caesar
• Designation: Proprietor, Seazars
• Address: 1.2423 A, Pattalam Market Road, Fort Kochi, Kerala 682001, India
• Email: support@frameon.tv

Grievances are acknowledged within 24 hours and resolved within 30 days, in line with the DPDP Act’s requirements.

Questions, complaints, or data requests:
Seazars (FrameOn Studio)
1.2423 A, Pattalam Market Road, Fort Kochi, Kerala 682001, India
GSTIN: 32AOAPC5470Q1ZW
support@frameon.tv