Privacy Policy

Last updated: May 19, 2026

This Privacy Policy explains how NewaFrame (the Service available at NewaFrame.com) ("we", "us", "our") collects, uses, and processes personal data when you use the Service.

1. Data Controller

NewaFrame (the Service at NewaFrame.com) is the data controller for personal data processed through this Service. For privacy requests, use the contact email below.

2. Data We Collect

  • Account data: email and user ID.
  • Purchase data: payment and credit records (amount, currency, status, date, invoice/payment ID).
  • Guest purchase data (where applicable): email, checkout session/order identifiers, invoice references, and guest download token records (token metadata, expiry, and download counters).
  • Usage data: download history and technical logs (IP address, user-agent, request time).
  • Cookies and session data required for login, security, and core functionality.

3. Why We Use Data (Legal Bases)

  • To perform our contract with you (account, purchases, downloads).
  • For legitimate interests: security, fraud prevention, and improving the Service, where not overridden by your rights.
  • To comply with legal and accounting obligations.
  • Where required, your consent (for example, non-essential cookies — see our cookie notice).

4. Third-Party Services and Storage

We use providers required to operate the Service, including Supabase (authentication and database), Stripe (payments), Resend (transactional emails), and Cloudflare R2 (or compatible object storage) for media files. Data may be processed in regions where these providers operate, in line with their documentation and our agreements with them.

5. International Transfers

If personal data is transferred outside the European Economic Area, we rely on appropriate safeguards permitted by law (such as standard contractual clauses offered by our providers), where applicable.

6. Cookies

We use necessary cookies for authentication, security, and core website functionality. Optional cookies are not used unless you explicitly consent.

7. Retention

We keep personal data only as long as necessary for Service operations, legal compliance, and dispute handling.

  • Account and profile data: while your account is active, and for a limited period after closure where required.
  • Payment, invoice, and tax records: for the period required by accounting and tax laws.
  • Security and technical logs: for a limited period needed for fraud prevention, abuse detection, and diagnostics.
  • Guest download token records: until expiration/revocation and any required follow-up period for fraud/dispute handling.

When retention periods expire, data is deleted or anonymized unless further retention is legally required.

8. Your Rights

Depending on applicable law (including the GDPR where it applies), you may have the right to access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with a supervisory authority in your country of residence.

To exercise your rights, contact us at newaframe@gmail.com. We may request information to verify your identity before processing your request.

Where required by law, we respond within the applicable statutory timeframe.

9. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children.

10. Changes

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date and provide notice where required by applicable law.

11. Contact

For privacy requests, contact us at: newaframe@gmail.com