Privacy Policy
Effective: 2026-05-17 · Last updated: 2026-05-17
Short version: we collect the minimum we need to run the service. We don't sell your data, ever. We don't train AI models on your prompts. You can delete your account and everything we know about you by emailing hello@infoframe.tech.
1. What we collect
- Your email address. Stored when you sign in via magic link. Used to authenticate you and to send transactional emails (sign-in links, purchase receipts, important service announcements).
- Your generated prompts. When signed in, every prompt you generate (wizard or craft) is auto-saved to your "My prompts" history. Stored privately and only visible to you.
- Your inputs. The form values or brief you enter to generate a prompt are sent to our LLM provider (see Section 3) but not retained by us long-term — only the resulting polished prompt is saved.
- Usage counters. We track how many prompts each user (or anonymous IP) has generated so we can enforce the free-tier limit. No content of those generations is in the counter — just a number.
- Basic technical data. Your IP address (used for rate limiting and abuse prevention) and standard HTTP server logs. Not used for tracking or profiling.
- Payment data. Processed entirely by LemonSqueezy (our merchant of record). We see your email and an order ID; we never see your card or bank details.
2. What we don't collect
- We don't use third-party advertising trackers.
- We don't sell, rent, or share your data with marketers or data brokers — ever, for any price.
- We don't train AI models on your prompts or saved content. Your prompts are yours; they're stored for your convenience, not for our model training.
- We don't store your physical location, phone number, or government-ID data.
3. Who we share data with (third-party processors)
To run the service, we send specific data to specific third parties:
- LemonSqueezy (merchant of record): your email + order details, when you make a purchase. They handle payment processing and tax compliance.
- Resend (email delivery): your email + the magic-link message, when you sign in. They deliver the sign-in email to your inbox.
- Ollama Cloud (LLM provider): your form inputs or free-form brief, when you generate a prompt. They run the AI model that produces the polished prompt. Per their terms, they do not retain inputs beyond the response and do not train on user data.
- Hostinger (server hosting): the encrypted disk on which our database, application code, and server logs live.
- Cloudflare (CDN / DDoS protection): proxies traffic between you and our server. Sees your IP and standard HTTP headers.
4. Cookies and local storage
We use one cookie: if_session, an httpOnly secure session cookie that keeps you signed in after you click the magic link. It expires in 30 days. We don't use tracking cookies, advertising cookies, or third-party cookies on the marketing pages.
5. How long we keep your data
- Your account and saved prompts: for as long as you keep your account. Delete any time by emailing us.
- Magic-link tokens: 15 minutes (then auto-expired).
- Server logs: 30 days, then rotated/deleted.
- Payment records: 7 years (US tax requirement). Stored at LemonSqueezy, not us.
- Refund window: 14 days. After a refund, we delete your account within 30 days unless you ask us to keep it.
6. Your rights
You have the right to:
- Export a copy of all your data (account info, saved prompts, purchase history).
- Delete your account and all associated data permanently.
- Correct inaccurate data.
- Object to specific processing (e.g. ask us to stop sending non-transactional emails).
To exercise any of these, email hello@infoframe.tech. We respond within 7 days.
If you're in the EU/UK, you also have rights under GDPR. If you're in California, you have rights under CCPA. We honor those rights for all users regardless of where they live.
7. Security
We use TLS (HTTPS) for all traffic. Sessions are httpOnly + secure cookies. Magic-link tokens are one-time-use and expire in 15 minutes. The database is encrypted at rest on Hostinger infrastructure. We use the principle of least privilege for internal access. No system is perfectly secure, but we take this seriously and update promptly when issues are reported.
If you spot a security issue, please email hello@infoframe.tech with details. We respond within 48 hours.
8. Children
InfoFrame is not directed at children under 16. We don't knowingly collect data from anyone under 16. If you believe we have such data, please email us and we'll delete it.
9. International transfers
Our servers are in the United States. If you're outside the US, your data is transferred to the US when you use InfoFrame. We rely on standard contractual clauses (SCCs) for EU/UK data transfers via our third-party processors.
10. Changes to this policy
If we make material changes, we'll email signed-in users at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.
11. Contact
Questions, requests, or concerns: hello@infoframe.tech.
Operator: InfoFrame, a sole proprietorship based in the State of Washington, United States.