Privacy Policy

Effective date: 2025-10-16

This Privacy Policy explains how Ziframe ("we", "us", "our") collects, uses, and shares information when you use our website, After Effects extension, APIs, and related services (collectively, the "Services"). We are committed to processing your data responsibly and transparently, in accordance with applicable laws including GDPR and CCPA where relevant.

Information We Collect

  • Account information: name, email address, authentication identifiers, and plan/credit balance.
  • Request data: prompts, model identifiers/versions, settings/parameters, and request metadata.
  • User-uploaded assets: images, videos, audio, or other files you provide to run a request.
  • Outputs generated: images, videos, audio, or other files produced by model providers.
  • Transactional data: purchase details and subscription status (processed by our payment processor).
  • Technical data: device/browser information, IP address, and basic diagnostic logs for security and reliability.

How We Use Your Information

  • Provide, operate, and improve the Services.
  • Process your requests by interacting with third‑party model providers.
  • Authenticate users, secure accounts, and prevent abuse.
  • Manage credits, purchases, and subscriptions.
  • Provide support and communicate service updates.
  • Comply with legal obligations and enforce our terms.

Data Retention

We retain personal data only as long as necessary for the purposes described above or as required by law.

  • Request data (prompt, model, settings) and basic account information are stored in our database.
  • User‑uploaded assets used to run a request are sent to our model provider and stored in our storage system temporarily. We delete user‑uploaded assets within 24 hours of processing completion.
  • Generated outputs are stored on our servers for up to 7 days to facilitate downloads and reliability, after which we delete them.

Access to stored outputs is delivered via time‑limited, presigned links. Links expire automatically after a short period to reduce exposure if shared unintentionally.

Third‑Party Processing

We work with trusted third parties to deliver the Services:

  • Model processing: We send request inputs to Replicate to run predictions and receive outputs.
  • Payments: We use Stripe to process payments and subscriptions; we do not store full payment card numbers.
  • Storage: We use an S3‑compatible object storage provider to host uploads and outputs with restricted, time‑limited access.
  • Email: We may use providers such as Postmark or Resend to send transactional emails.
  • Authentication: If you sign in with Google, we receive your email and profile basics as permitted by you.

These providers act as processors on our behalf or as independent controllers for specific activities (e.g., payment processing). Their use of your data is governed by their respective privacy policies in addition to this policy.

Legal Bases

Where required (e.g., under GDPR), we process personal data on the following legal bases:

  • Contract: To provide the Services you request.
  • Legitimate interests: To secure and improve the Services, prevent fraud, and support users.
  • Consent: Where you grant permissions (e.g., OAuth), which you may revoke.
  • Legal obligation: To comply with law, tax, and accounting requirements.

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal data, object to or restrict certain processing, and withdraw consent. You may also request deletion of your account and associated data.

To exercise these rights, contact us at [email protected]. We may need to verify your identity to protect your account.

Security

We implement technical and organizational measures appropriate to the risk, including encrypted transport, access controls, and time‑limited access URLs for stored assets. No method of transmission or storage is 100% secure, but we continuously work to safeguard your data.

Children

The Services are not directed to children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal information from children.

Cookies

We use essential cookies for authentication and session management. We do not use third‑party ads. If we add analytics in the future, we will update this policy accordingly.

International Transfers

We may process and store information in countries other than your own. Where required, we rely on appropriate safeguards for cross‑border data transfers.

Changes to This Policy

We may update this policy to reflect changes to the Services or legal requirements. We will post the updated policy with a new effective date. If changes are material, we will provide additional notice.

Contact

If you have questions or concerns about this policy, contact us at [email protected].