This Privacy Policy explains how Preframe Inc. ("Preframe," "we," "us," or "our") collects, uses, shares, and retains information when you use our website, application, and related services (collectively, the "Service"). By using the Service you agree to this Policy and to our Terms of Service.
Contact:
Email: support@preframe.io
Website: https://www.preframe.io
When you sign up we collect your email address, name, and a password (stored hashed by our authentication provider, Supabase). If you sign in with Google or GitHub, we receive your email address, name, and profile photo only. We never receive or store your Google or GitHub password.
Payments are processed by Stripe, Inc. Card numbers, security codes, and bank account details are submitted directly to Stripe and never touch Preframe's servers. We retain your email, organization identifier, subscription tier, billing status, and Stripe customer reference.
We store the account lists, contacts, research questions, ICP and scoring preferences, sequences, email templates, and message content you upload or create inside Preframe.
When you connect a Gmail, Outlook, or SMTP mailbox to Preframe to send sequences, we read and store message metadata (sender, recipient, subject, timestamps, thread identifiers) and the body content of messages sent or received through Preframe-managed campaigns. We use this information to send your sequences, detect replies, classify out-of-office and bounce notifications, and route replies to the address you designate. We do not read or index personal email outside of Preframe-related threads. See Section 5 for Google API Limited Use details.
When you use Lead Search, we query third-party enrichment providers (currently Hunter.io) to look up professional contact information such as business email address, job title, seniority, department, and public social profile URLs. Returned contact records are cached in your workspace to power future searches and to power campaigns you choose to send. We do not enrich consumer-personal data.
Research sends your research question, the target account name, and snippets of publicly available web content to our AI providers (currently Alibaba Qwen and Google Gemini) so they can extract an answer. We store the extracted answer, a confidence grade, and the source URLs in your workspace. We instruct Qwen, via theX-DashScope-DataInspectionheader, not to log inputs or outputs for inspection.
We do not currently load third-party advertising or marketing cookies.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
We share information only as needed to operate the Service, with the following categories of recipients:
Each subprocessor is bound by contract to use the information only to provide their service to Preframe and to protect it consistent with this Policy. A current list of subprocessors is available on request at support@preframe.io.
Preframe's use and transfer of information received from Google APIs adheres to theGoogle API Services User Data Policy, including the Limited Use requirements.
When you connect a Gmail account, you grant Preframe the minimum OAuth scopes needed to send your campaigns, detect replies, and keep the sender name you configure in Preframe aligned with Gmail's Send Mail As display name. We do not request Gmail message-modification access.
gmail.send: to send the messages you compose and schedule in Preframe, only from the mailbox you connect and only after you grant consent. We never send from an account that has not authorized access.gmail.readonly: to detect replies to your own sent mail so we can thread conversations and automatically stop scheduled follow-ups once a recipient responds. We do not read, index, or store messages unrelated to your campaigns.gmail.settings.basic: to update only the Gmail Send Mail As display name for the same connected mailbox when you edit the sender name in Preframe. We do not use this scope to create or delete aliases, change forwarding, filters, delegates, vacation settings, signatures, SMTP relay settings, or any other Gmail settings.We do not request gmail.modify, and we do not use the Gmail API to modify message labels, read/unread state, or trash/delete state.
We use Google user data exclusively to provide and improve the user-facing features of Preframe. Specifically, we do not:
Gmail credentials are encrypted at rest using application-layer encryption. You may revoke Preframe's access at any time from your Google account permissions page or by disconnecting the mailbox in the Preframe app.
When you connect a Microsoft 365 or Outlook mailbox, Preframe uses the Microsoft Graph API to send your sequences and to read messages in Preframe-related threads in order to detect replies, bounces, and out-of-office notifications. Microsoft credentials are encrypted at rest using application-layer encryption. You can revoke Preframe's access from your Microsoft account at any time.
We implement administrative, technical, and physical safeguards designed to protect information against loss, misuse, and unauthorized access. These include encryption in transit (TLS), encryption at rest for credentials and tokens, role-based access controls, audit logging, secure software development practices, and regular review of third-party subprocessors. No system is perfectly secure, and we cannot guarantee absolute security.
Depending on where you live, you may have the right to:
To exercise any of these rights, email support@preframe.io from the address on file with your account. We will respond within the timeframe required by applicable law.
California residents have specific rights under the CCPA and CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of sale or sharing of personal information. Preframe does not sell personal information and does not share it for cross-context behavioral advertising.
Preframe and several of our subprocessors operate in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms approved by the relevant supervisory authorities to lawfully transfer personal data from the European Economic Area, the United Kingdom, and Switzerland.
Preframe is intended for use by businesses and professionals. The Service is not directed to children under 16 and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at support@preframe.io and we will delete it.
We may update this Policy from time to time. If we make material changes, we will notify you by email or by an in-product notice. The "Last updated" date at the top reflects the latest revision. Continued use of the Service after a change takes effect constitutes acceptance of the updated Policy.
Questions about this Policy or our privacy practices may be sent to support@preframe.io.