Framelance
Log inGet started

Privacy Policy

Last updated: 28 February 2026

Privacy at a glance

  • You own your content. We don’t sell personal data and we don’t run ads based on your private workspace.
  • We minimise data. We collect only what we need to run the product, secure accounts, and process payments.
  • AI is a processor step. Your input is sent to AI systems to generate output. We don’t use your content for our advertising.
  • AI outputs require review. Generated content may not always be accurate and should be reviewed before use.
  • You can delete your account. You can request deletion at any time (some limited records may remain for legal/financial compliance).

1. Who we are (Data Controller)

Framelance is operated by Officia Ltd (England & Wales). We act as the Data Controller for personal data collected when you use Framelance.

Contact: support@framelance.com

Controller vs Processor: Framelance is the Data Controller for account administration, billing, and platform usage/security data. For business customers’ workspace content (such as deal details, proposal inputs, and saved outputs), the customer acts as the Data Controller and Framelance acts as a Data Processor as described in our Data Processing Addendum.

2. Scope

This policy applies to Framelance websites, apps, and customer support. The service is intended for professional use (B2B).

3. Data we collect

The exact data depends on how you use Framelance. Typically we collect:

  • Account data: email, auth identifiers, session and security info.
  • Workspace data you provide: deal / pipeline info, proposal inputs, notes, and generated outputs (if you choose to save them).
  • Usage & technical data: device/browser info, approximate location (from IP), logs, and abuse-prevention signals.
  • Billing metadata: subscription status, invoices/receipts identifiers, and Stripe customer/subscription IDs.
  • Free tool inputs (unauthenticated): when you use the Free Proposal Checker without an account, the proposal text you submit is processed to generate a score and feedback. We do not store this text after the response is returned. We do collect your IP address for rate-limiting purposes only.

We do not store full payment card details. Payments are processed securely by Stripe.

Please don’t submit sensitive data (e.g. health data, government ID numbers, passwords) into free-text fields unless you strictly need to.

4. How we use your data

  • Provide, operate, and maintain the service
  • Authenticate users and protect accounts
  • Process subscriptions, billing, and invoices
  • Generate AI-assisted outputs you request

    • When you use AI-powered features, relevant input data is processed to generate the requested output. These outputs are provided as assistive content and do not replace your own professional review or judgment.

  • Detect, prevent, and investigate fraud/abuse
  • Comply with legal obligations and enforce our Terms

5. Legal bases (UK GDPR)

We process personal data under one or more of the following:

  • Contract: to deliver the service you requested
  • Legitimate interests: product improvement, security, abuse prevention, and business operations
  • Legal obligation: accounting, tax, or lawful requests
  • Consent (where required): optional cookies or certain marketing communications

6. AI processing (important)

When you use features such as proposal generation, optimisation, reply drafting, lead analysis (Client Finder), or the free Proposal Checker, your inputs are processed by AI systems in order to generate outputs. This processing is automated.

  • Purpose limitation:your content is processed solely to provide the functionality you requested.
  • AI provider:to generate outputs, relevant input data may be transmitted to our AI service provider (OpenAI) acting as a data processor under contractual safeguards.
  • No advertising use:we do not sell personal data and we do not use your private workspace content for advertising purposes.
  • No independent training by us:Framelance does not use your private workspace content to train its own AI models.
  • Automated outputs:outputs are generated without human review by us. Framelance does not make decisions that produce legal or similarly significant effects about you solely through automated processing — you remain responsible for reviewing and deciding how to use any generated content.
  • Accuracy notice:AI-generated content may contain inaccuracies, incomplete reasoning, or outputs that are not suitable for every context. You are responsible for reviewing, validating, and deciding how to use outputs before sharing them with clients or third parties.

7. Sharing & Sub-Processors

We share personal data only when needed to run Framelance, comply with law, or protect the platform. We use the following trusted sub-processors:

  • Supabase – authentication and database infrastructure
  • Stripe – payment processing and subscription management
  • OpenAI – AI processing for content generation
  • Hosting provider – secure cloud hosting and delivery

Each sub-processor is contractually required to implement appropriate technical and organisational safeguards and is restricted to processing data solely to provide services to us.

Business customers may review our Data Processing Addendum for further details on how we handle customer data as a processor.

8. International transfers

Depending on the provider locations, data may be processed outside the UK/EEA. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK IDTA / UK Addendum, or other lawful transfer mechanisms.

9. Data retention

We retain personal data only as long as necessary for account operation, security, and legal compliance.

  • Account data: kept while your account is active
  • Saved workspace content: kept until you delete it or close your account (subject to backups and legal limits)
  • Billing records: may be retained longer for tax and accounting obligations
  • Security logs: retained for a limited period to detect and prevent abuse

When you request deletion, we delete or anonymise data where possible, and keep only what we must keep by law (e.g., financial records).

If you schedule account deletion, we may keep data in a limited recovery state for a short period to prevent accidental loss, after which deletion becomes permanent (subject to legal retention requirements).

10. Cookies & tracking

We may use essential cookies for login/session functionality and security. If we use analytics or marketing cookies, you will be able to control them via cookie settings where required by law.

11. Your rights (UK GDPR)

Depending on your location, you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (with legal limitations)
  • Object to certain processing
  • Restrict processing
  • Data portability

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO).

12. Security

We use reasonable technical and organisational measures designed to protect personal data (access controls, encryption in transit, least-privilege, and monitoring).

No system is 100% secure, but we work to prevent unauthorised access, disclosure, and abuse.

13. Children

Framelance is intended for professional use and is not directed to children. We do not knowingly collect personal data from children.

14. Changes

We may update this policy from time to time. Continued use of Framelance means you accept the updated policy.