Desktop
1200
Breakpoint
Privacy Policy
1. Controller
Zukunftsberatung
Owner: Tim Akihiro Heinrich
Miltenbergstr. 8, 86199 Augsburg, Germany
Email: hello@useframix.com
We, the controller above, decide how and why your personal data is processed when you use Framix (the "Service") at useframix.com and through the Framix plugin for Framer.
2. What we process, why, and on what legal basis
Email address. Collected at account login and plugin install. Used to identify your account and send one-time login codes. Legal basis: contract (Art. 6(1)(b) GDPR).
One-time login code (hashed). Created during email login to authenticate you. The plaintext code is never stored, only a hash, and it is deleted on successful login. Legal basis: contract.
Wix access token (encrypted). Created when you connect a Wix store. Used to read your product catalog and sync it into Framer. Stored encrypted (AES-256-GCM) and short-lived (approx. 4 hours). Legal basis: contract.
Wix store and product data. Read on each sync. Mirrors products, images, prices and variants into your Framer CMS. Legal basis: contract.
Subscription data. Polar customer and subscription IDs, plan tier, status and period end, recorded on purchase. Used to manage your plan and entitlements. Legal basis: contract.
IP address and user agent. Logged on each sync call. Used for security, abuse and fraud detection, and rate-limit enforcement. Legal basis: legitimate interest (Art. 6(1)(f)).
Marketing opt-in flag and email. Only if you opt in. Used for product news and expiry reminders. Legal basis: consent (Art. 6(1)(a)).
We do not receive or store payment card data. Payments are handled by Polar (see Section 3).
3. Payments via Polar (Merchant of Record)
Purchases are processed by Polar acting as Merchant of Record. Polar is the seller of record for your transaction, collects payment, handles VAT/tax and invoicing, and is an independent controller for the payment data you enter on its checkout. Framix only receives non-sensitive identifiers (customer ID, subscription ID, plan, status) to manage your entitlements. See Polar's own privacy policy for how it processes your payment data.
4. Recipients and processors
We use the following service providers. Where they process personal data on our behalf, we have data processing agreements in place.
Wix (Wix.com Ltd.) — source of your store and product data, and OAuth. Located in Israel / USA.
Polar — payments, Merchant of Record. USA.
Vercel (Vercel Inc.) — backend compute and hosting (api.useframix.com), server logs. USA.
Cloudflare (Cloudflare, Inc.) — CDN, DNS, DDoS protection and WAF; proxies traffic including IP addresses. USA.
GitHub (GitHub, Inc.) — source code and CI/CD (developer infrastructure; not used to process end-user personal data in normal operation). USA.
Resend — outbound transactional email (login codes, reminders). USA.
Migadu — email hosting and inbound mailbox (hello@useframix.com). Switzerland.
Framer (Framer B.V.) — hosting of the useframix.com website (frontend). Netherlands (EU).
Neon (Neon, Inc.) — PostgreSQL database hosting. EU region.
5. International data transfers
Some providers above are located outside the EU/EEA (USA, Israel). Where data is transferred there, we rely on EU Standard Contractual Clauses, adequacy decisions, or other safeguards under GDPR Chapter V. Switzerland (Migadu) and the EU (Framer) are covered by adequacy. You can request a copy of the relevant safeguards.
6. Retention
Login codes: deleted on successful login or on expiry.
Account and email: kept while your account exists; deleted on request (subject to legal retention duties).
Wix install and tokens: kept while a store is connected; removed after uninstall.
Subscription records: retained as required by tax and commercial law (generally up to 10 years in Germany).
Audit logs (IP, user agent): kept only as long as needed for security, then deleted.
7. Your rights
Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and objection (Art. 21). Where processing is based on consent, you may withdraw it at any time with effect for the future.
To exercise any right, contact: hello@useframix.com.
You also have the right to lodge a complaint with a supervisory authority. Our competent authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Ansbach, Germany.
8. Cookies and analytics
Framix currently uses no cookies and no third-party analytics (no PostHog, Plausible, or Google Analytics). The website is hosted on Framer; no cookies beyond strictly necessary ones are set.
9. Changes
We may update this policy. The current version is always available at useframix.com. Material changes will be communicated by email or in-product.