Privacy Policy
How FramesOnDemand collects, uses, and protects data — for the merchants who install our app and for the customers who order prints from those merchants.
Effective date: April 30, 2026 · Last updated: April 30, 2026
1. Who we are
FramesOnDemand ("FOD" or the "Service") is a service operated by CustomPictureFrames LLC, a New Jersey limited liability company located at 6 Shirley Ave, Somerset, NJ 08873, USA. In this policy, "we," "us," and "FramesOnDemand" refer to CustomPictureFrames LLC.
This policy covers the data flows for:
- Visitors to
framesondemand.appand recipients of marketing emails sent fromusefod.com,framesondemandhq.com,fodprints.com, andfodframing.com - Merchants ("Sellers") who install and use the FramesOnDemand app via the Shopify App Store, our future iOS app, or any other distribution channel
- End customers ("Buyers") whose orders flow through FramesOnDemand for production and fulfillment by CustomPictureFrames LLC
This policy does not cover:
- The data practices of Shopify itself, or the Seller's own Shopify store. Shopify's privacy practices are governed by Shopify's privacy policy.
- Third-party services we link to from our website or app. Their privacy policies govern your interactions with them.
2. Our roles under privacy law
Privacy laws like the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) distinguish between different roles in how data is handled:
- For Seller data (merchants who install our app), CustomPictureFrames LLC acts as a Data Controller (GDPR) / Business (CCPA). We determine the purposes and means of processing.
- For Buyer data (end customers whose orders flow through FOD), CustomPictureFrames LLC acts as a Data Processor (GDPR) / Service Provider (CCPA). We process this data on the Seller's behalf to fulfill orders.
If you are a Buyer with a privacy question or request (access, deletion, etc.), please contact the Seller you ordered from in the first instance. The Seller is the Controller for your purchase data and will route the request to us via Shopify's GDPR webhook system. We respond within the required timeframes.
3. What data we collect
3.1 Seller account data
| Data | Source | Purpose |
|---|---|---|
| Contact name, email, business name, phone number | Provided at install or in seller settings | Account login, billing notifications, support, dunning communication |
Shop domain (e.g. store.myshopify.com) | Shopify OAuth handshake | Identifying which storefront an order belongs to |
| Shopify access tokens | Shopify OAuth handshake (encrypted at rest) | Calling Shopify's Admin API to push variants and post fulfillment events |
| Etsy access and refresh tokens (when connected) | Etsy OAuth handshake (encrypted at rest) | Same as above for Etsy listings |
| Stripe customer ID | Stripe billing handshake | Charging weekly invoices on the payment method on file. We never see or store credit card numbers. Stripe stores the card; we hold a tokenized reference (the Stripe Customer ID). |
| Print files uploaded by the Seller | Direct upload via the seller portal | Producing framed and unframed prints from the Seller's artwork |
| Product configurations (frame, mat, glass, paper finish) | Seller portal entries | Generating SKUs and Shopify variants |
3.2 Buyer data we receive (processing on behalf of the Seller)
When a Buyer places an order on a Seller's storefront for a FOD-fulfilled variant, Shopify transmits an order webhook to us. We persist the following Buyer information in our database, on the Seller's behalf, to enable fulfillment and order support:
- Customer name
- Customer email
- Shipping address
- Phone number (when provided by the Buyer)
- Order notes and messages
- Order metadata: SKU, size, quantity, fulfillment status, Shopify order ID
We use this information solely to fulfill the order and respond to support or dispute requests routed from the Seller. The data is forwarded to ShipStation for label generation and shipment, then to CustomPictureFrames LLC's production facility for printing, framing (when applicable), and packing.
The composite mockup image attached to the variant — assembled from the Seller's print file plus a frame template (when applicable) — is held in our private Cloudflare R2 storage. If the Seller's print file embeds personal photography (a wedding photo, a family portrait), that personal content lives in our storage for the life of the Seller's account.
3.3 Operational data we generate
Order status events, billing line items, dunning notices, fulfillment timestamps, and audit-log entries — generated by our systems as part of running your account. Privacy webhook actions (data exports, redactions, shop deletions) are logged in a compliance audit trail that survives account deletion.
3.4 Data we collect automatically
- Log data: IP address, browser type, pages viewed, referring URL, timestamps
- Cookies and similar technologies (see Section 10)
- Device and connection information
4. Why we use it
- Fulfill framed and unframed orders. The whole reason the data exists in our systems is to print, frame (when applicable), and ship the artwork the Seller has configured.
- Bill the Seller. Weekly invoicing on charge-on-file Stripe; dunning emails when an invoice is unpaid.
- Support the Seller. Triaging questions, debugging held orders, processing damage claims.
- Meet legal obligations. Tax records, GDPR data-subject requests, fraud prevention, DMCA compliance.
- Improve the service. Aggregate operational metrics (order throughput, failure rates, frame-mix popularity) — never customer-identifying.
For Sellers in the EU, UK, or Switzerland, our legal bases for processing under GDPR are:
- Contract performance — to provide the Service you've signed up for
- Legitimate interests — for service operations, fraud prevention, security, and product improvement
- Legal obligations — tax retention, GDPR rights responses, DMCA compliance
- Consent — for non-essential cookies and marketing emails (where required by law)
We do not use Seller artwork or Buyer order data to train any AI model, sell to third parties, or run advertising lookalike audiences.
5. Who we share it with (sub-processors)
We rely on a small set of vetted vendors. Each receives only the data needed to perform its specific role, under a data processing agreement that limits use to what's necessary for the Service.
| Sub-processor | Role | Location |
|---|---|---|
| Cloudflare R2 | Storage for print files, mockup images, and exports (encrypted at rest) | Global |
| Stripe, Inc. | Payment processing and billing (Stripe stores card data; we hold a tokenized reference) | United States |
| Resend | Transactional and operational email delivery | United States |
| Shopify Inc. | Platform integration, OAuth, webhook delivery | Canada / United States |
| Vercel Inc. | Web application and marketing site hosting | United States |
| Neon | PostgreSQL database hosting | United States |
| ShipStation (Auctane) | Shipment management, label generation, tracking | United States |
| Google Analytics 4 | Anonymized marketing-site analytics | Global |
| Anthropic PBC | AI features (planned, not yet integrated) | United States |
We do not sell personal data to anyone. We do not share data with advertising networks or for cross-context behavioral advertising.
A current list of sub-processors is also published at framesondemand.app/sub-processors. We will provide notice of material changes.
6. How long we keep it
| Data | Retention |
|---|---|
| Order and tax records | 7 years from order date (US/EU tax retention) |
| Active Seller account data | For the duration of the account, plus 90 days after closure |
| Buyer PII (name, email, shipping address) post-redaction | Removed immediately upon a valid customers/redact request from Shopify |
| Print files and mockup images | For the life of the Seller's account, deleted within 30 days of uninstall |
| OAuth tokens (Shopify, Etsy) | Until revoked or the account uninstalls |
| Marketing email subscribers | Until unsubscribe, plus 30 days for technical removal |
| Web logs and webhook payloads | 90 days for debugging, then purged |
| Compliance audit logs | 7 years (independent of account deletion, denormalized to survive shop redaction) |
When a Seller uninstalls the app, Shopify's shop/redact webhook fires 48 hours later. We treat that as the trigger to begin a full purge of the Seller's data within Shopify's required 30-day window: print files, mockup images, frame configurations, and operational records linked to that shop are deleted. Tax-related order records are retained per the schedule above with Buyer PII redacted.
7. How we secure it
- OAuth tokens are encrypted at rest in our database.
- Print files and mockup images are stored in private Cloudflare R2 buckets with encryption at rest and access blocked from public reads.
- Production data is accessible only to a small set of named operators with multi-factor authentication.
- Webhook payloads from Shopify and Stripe are HMAC-verified before processing.
- All transit between client, server, and sub-processors uses TLS 1.2 or higher.
- We never see or store credit card numbers — Stripe handles all card data under their own PCI DSS Level 1 compliance.
No system is bulletproof. If we detect a breach affecting your personal information, we will notify affected users and applicable regulators within the timelines required by law.
8. Your rights
Depending on where you live, you have rights under laws such as the EU GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA), and similar regimes.
8.1 Rights under GDPR (EEA, UK, Switzerland)
- Right of access — request a copy of personal information we hold about you
- Right to rectification — correct inaccurate personal information
- Right to erasure ("right to be forgotten") — request deletion of your data
- Right to restriction of processing — limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent
- Right to lodge a complaint with a supervisory authority
8.2 How to exercise your rights
Sellers: email privacy@custompictureframes.com with your request. We respond within 30 days (45 days for complex requests, with notice of extension).
Buyers: please contact the Seller (the shop you purchased from). They will route the request to us via Shopify's GDPR webhook flow, and we respond within Shopify's required timeframes.
For verification, we may ask for additional information to confirm your identity before responding.
9. California-specific rights (CCPA / CPRA)
California residents have these rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to know what personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it
- Right to delete personal information we have collected
- Right to correct inaccurate personal information
- Right to opt-out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising, but the right exists)
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising these rights
Categories of personal information collected, per CCPA: identifiers (name, email, phone, IP address); commercial information (purchase history); internet activity (log data, cookies); geolocation (shipping address); inferences (none — we do not profile).
"Do Not Sell or Share My Personal Information": we do not sell or share personal information for cross-context behavioral advertising. No opt-out action is required.
"Shine the Light": California residents may request a list of personal information disclosed to third parties for those parties' direct marketing purposes in the preceding year. We do not disclose personal information for third-party direct marketing.
10. Cookies and tracking
The marketing site at framesondemand.app may use Google Analytics 4 cookies for anonymized aggregate analytics. The seller portal sets functional first-party cookies (session, OAuth state) required for authentication.
We do not run third-party advertising or behavioral tracking. We do not share visitor data with ad networks.
Some browsers transmit "Do Not Track" signals. There is no industry-accepted standard for responding to these, and we currently do not respond to them — but we do not track users across third-party websites for advertising purposes regardless.
11. International transfers
FramesOnDemand processes data primarily in the United States. If you are accessing the service from outside the US, your data will be transferred to and processed in the US.
For transfers from the European Economic Area, United Kingdom, or Switzerland to countries that have not received an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The EU-US Data Privacy Framework, where applicable
- Equivalent safeguards required under UK GDPR and Swiss FADP
Our sub-processors are bound by these protections through their data processing agreements with us.
12. Children
FramesOnDemand is a B2B service aimed at adult merchants. We do not knowingly collect personal information from children under 13 (or 16 in the EU). If you believe a child has provided data to us, contact privacy@custompictureframes.com and we will delete it.
13. Changes to this policy
We may update this policy as the service or applicable law changes. The effective date at the top of the page reflects the most recent change. Material changes — anything that meaningfully affects how we use Seller or Buyer data — will be communicated to active Sellers by email at least 14 days before they take effect.
14. Contact
Privacy questions, data-subject requests, or breach notifications:
- Email: privacy@custompictureframes.com
- Postal: CustomPictureFrames LLC, Attn: Privacy, 6 Shirley Ave, Somerset NJ 08873, USA
For DMCA notices and copyright takedown requests, see our Copyright Policy.