Privacy Policy

Last updated: June 2026

What data FrameVault stores

We store only what is necessary to provide the backup service:

  • Your account email address. Used to send you a magic link when you sign in. We do not use it for marketing without your consent.
  • Framer API keys — encrypted. Your API keys are encrypted with AES-256-GCM before being written to the database. The encryption key is stored only in server environment variables, never in the database. Your keys are never sent back to the browser.
  • CMS snapshot data. When a backup runs, FrameVault reads your Framer CMS collections via the Server API and stores the result as a JSON blob in encrypted cloud storage (Supabase Storage). This data includes all field values of all items in all collections — exactly what you would need to restore from a backup.
  • Billing information. Processed by Stripe. FrameVault stores only a Stripe customer ID and your current plan name — we do not store card numbers or payment details.
  • Usage metadata. When backups run, when restores are triggered, and snapshot status (complete, failed, running). Used for your dashboard and for retention enforcement.

What we do not store

  • Framer canvas data, pages, or design assets — only CMS content
  • Passwords — authentication is magic link only (no password to store)
  • Decrypted API keys outside of active request processing

How we protect your data

All data in transit is encrypted via HTTPS/TLS. API keys are encrypted at rest with AES-256-GCM. Snapshot blobs are stored in Supabase Storage, which applies its own storage-level encryption. Row-level security on the database ensures that each user can only access their own sites, snapshots, and restore logs.

Data retention

Snapshots are automatically deleted after their retention period: 7 days on the Free plan, 90 days on Pro. The most recent complete snapshot for each site is always preserved regardless of age.

If you close your account, all of your data — sites, snapshots, API keys, restore logs — is deleted. To close your account, email us at the address below.

Third-party services

FrameVault uses the following third-party services:

  • Supabase — database, authentication, and file storage. Data is hosted in the EU or US depending on project configuration. See Supabase's privacy policy for details.
  • Stripe — payment processing. Stripe's privacy policy applies to billing data.
  • Vercel — hosting. Vercel processes request logs. See Vercel's privacy policy.
  • Framer Server API — FrameVault reads and writes your Framer CMS data on your behalf when you initiate a backup or restore. Framer's terms and privacy policy govern your use of the Framer platform.

We do not sell your data

FrameVault does not sell, rent, or share your personal data or your CMS content with third parties for advertising or analytics purposes.

Contact

Questions, data deletion requests, or anything else: michaelpersson060@gmail.com

← Back to FrameVault|Terms of Service