Privacy Policy

1. Introduction

Konrath LLC dba Framework Software ("Company," "we," "us," or "our") operates Framework, an invoicing and project management platform for contractors and service professionals. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using Framework, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect information you provide directly and information we obtain automatically:

Information you provide: When you register, we collect your name, email address, password (stored in hashed form), company name, phone number (if provided), and timezone. When you use the Service, we store the data you create, such as client names and contact details, project and estimate information, invoice data, subcontractor information, time and material entries, daily logs, and similar business data. If you use payment features, we or our payment provider (Stripe) may collect payment method and billing information. If you contact us, we collect the content of your messages and contact details.

Information we obtain automatically: We collect technical and usage data such as IP address, browser type, device information, and how you use the Service (e.g., pages visited, actions taken). We use cookies and similar technologies as described in this policy.

3. How We Use Your Information

We use the information we collect to: provide, operate, and improve the Service; process transactions and send related communications; authenticate users and manage accounts; send service-related emails (e.g., password reset, confirmations); respond to your requests and support; detect and prevent fraud and abuse; comply with legal obligations; and as otherwise described in this policy or with your consent. We do not sell your personal information. We do not use your business data (clients, projects, invoices) for advertising or to train AI models.

4. Third-Party Services and Data Sharing

We use trusted third-party service providers to operate the Service:

Supabase: We use Supabase for authentication, database storage, and related infrastructure. Your account and business data are stored and processed by Supabase in accordance with their privacy and security practices. See supabase.com/privacy.

Stripe: When you or your clients use payment features, Stripe processes payment information. Stripe's collection and use of data is governed by their privacy policy at stripe.com/privacy.

Resend (or similar): We use an email delivery provider to send transactional emails (e.g., invoice links, password reset, notifications). These providers process email addresses and message content necessary to deliver emails.

We may share your information: (a) with your consent; (b) with service providers who assist us under contractual obligations to protect your data; (c) to comply with law, court order, or government request; (d) to protect our rights, safety, or property; or (e) in connection with a merger, acquisition, or sale of assets, with notice as required by law. We do not sell or rent your personal information to third parties for their marketing.

5. Data Retention

We retain your account and business data for as long as your account is active or as needed to provide the Service. If you close your account, we may retain certain information for a reasonable period for backup, audit, legal compliance, and dispute resolution, after which we will delete or anonymize it in accordance with our data retention practices. Some data may be retained longer where required by law (e.g., financial or tax records).

6. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit and at rest, access controls, and secure development practices. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

Access and portability: You may request access to or a copy of your personal data. You can view and export much of your data through the Service.

Correction: You may update your account and profile information in the Service. You may contact us to correct other data.

Deletion: You may request deletion of your personal information. We will comply subject to legal obligations and legitimate interests (e.g., resolving disputes).

Opt-out of marketing: We may send service-related and product communications; you can opt out of marketing emails via the unsubscribe link or by contacting us.

Do Not Sell / CCPA: We do not sell personal information. California residents have additional rights under the CCPA (see below).

GDPR (EEA/UK): If you are in the European Economic Area or the United Kingdom, you have the right to access, rectify, erase, restrict processing, data portability, object to processing, and lodge a complaint with a supervisory authority. Our legal basis for processing includes performance of our contract with you, legitimate interests, and compliance with law.

California (CCPA/CPRA): California residents may have the right to know what personal information we collect and how it is used, to delete personal information, to correct inaccuracies, to limit use of sensitive personal information, and to non-discrimination. We do not sell or share personal information for cross-context behavioral advertising. To exercise these rights, contact us at thomas@getframework.co.

To exercise any of the above rights, contact us at thomas@getframework.co. We will respond within the timeframes required by applicable law.

8. Cookies and Similar Technologies

We use cookies and similar technologies to maintain your session, remember preferences, and understand how the Service is used. You can control cookies through your browser settings. Disabling certain cookies may limit some functionality.

9. International Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards (e.g., standard contractual clauses, adequacy decisions) where required by law for such transfers.

10. Children

The Service is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on our website or in the Service and update the "Last updated" date. For material changes, we may provide additional notice (e.g., email or in-product notice). Your continued use after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, requests, or complaints, contact us at:

Email: thomas@getframework.co

Company: Konrath LLC dba Framework Software