Privacy Policy

Overview

Framous is a daily photo lottery. Once per day at noon Eastern Time, one user is chosen at random to take a single photo, which is then shared with everyone else in the app. This Privacy Policy explains, in plain language, what information Framous (“we,” “us”) collects when you use the app, why we collect it, who we share it with, and what rights you have.

Framous is operated as a sole proprietorship by Brian Moore. If you have any questions, you can reach us at brian@brianmoore.com.

Information we collect

Identity information

• Apple user identifier. When you sign in with Apple, we receive a stable identifier scoped to our developer team. We use it to authenticate you on subsequent visits.
• Phone number. We require a verified phone number (stored in E.164 international format) to prevent abuse and to keep accounts unique. We verify it via a one-time SMS code sent through Twilio.
• Display name. A short name you choose, shown on your posts when you have not opted into anonymity.
• Age. An integer age you provide. You must be at least 13 to use Framous; we enforce this on the server.
• Profile photo (“userpic”). Optional. Shown next to your posts unless you have anonymity enabled.

Content

• Photos you post.When you are chosen as the day’s photographer, the photo you take is uploaded and shown to other users. We strip EXIF metadata (including any embedded GPS) on the server before storing the image.
• Reactions.Emoji reactions you send to others’ photos. Reactions are stored as a tuple of (post, user, emoji slot). We never expose individual reactor identities to the post owner or other users — only counts.

Device and usage information

• IP address and basic request metadata, which our infrastructure provider (Cloudflare) sees on every request and retains briefly for abuse prevention and operational logging.
• Device model, OS version, and app version sent with API requests so we can debug issues and gate features.
• Push notification tokensissued by Apple, used to send you notifications about being chosen, time-remaining warnings, and the day’s posted photo.
• Crash and error reports sent through Sentry. By default we configure Sentry to omit personally identifying information (we set sendDefaultPii = false on iOS). Stack traces may incidentally contain log strings.

Location

When you are chosen and posting a photo, the iOS app may reverse-geocode your device’s last-known location into generalized strings (city, region, country) using Apple’s CoreLocation framework. Only those generalized strings are sent to our servers. Precise GPS coordinates are never transmitted or stored. You can disable location entirely on a per-post basis using the toggle in the camera flow.

Why we collect this information

• Authentication and account security: Apple identifier and phone number.
• Identity within the app: display name and userpic.
• Eligibility: age (to comply with our 13+ minimum).
• Core product functionality: photos, reactions, and reverse-geocoded city strings power the daily feed.
• Notifications: push tokens deliver the time-sensitive notifications that make the lottery work.
• Reliability and safety: IP, device metadata, crash reports, and content moderation results help us keep the service running and prevent abuse.

Who we share information with

We do not sell your personal information. We share data only with service providers we need to operate Framous:

• Apple — Sign in with Apple, the Apple Push Notification service (APNs), and App Store distribution. Apple Privacy Policy.
• Twilio — sends the one-time SMS code that verifies your phone number (Twilio Verify). Twilio Privacy Notice.
• Cloudflare — hosts our API (Workers), stores photos (R2), and connects to our database (Hyperdrive). All API traffic and stored photos pass through Cloudflare. Cloudflare Privacy Policy.
• Neon — provides our managed PostgreSQL database (US-hosted), where account records, posts metadata, and reactions are stored. Neon Privacy Policy.
• Hive — receives photo bytes for content moderation (we use it to detect prohibited content before a photo is broadcast or a userpic is shown). Hive Privacy Policy.
• Google (Gemini API) — receives photo bytes so the model can suggest four contextually relevant emoji reactions. Photos are sent solely for that purpose. Google Privacy Policy.
• Sentry — receives crash stacks and unhandled exceptions for error monitoring. By default, no user identifiers are sent. Sentry Privacy Policy.

We may also disclose information when required by law, to enforce our Terms of Service, or to protect the rights, safety, and property of users or the public.

How long we keep data

• Photos: kept indefinitely until you delete your account.
• Account records: when you request deletion, we soft-delete your account immediately and remove you from the eligible lottery pool. After 30 days the underlying records are hard-deleted from our database.
• Operational logs:short-lived, per Cloudflare’s default retention.
• Crash reports:retained per Sentry’s default retention window.
• Phone number records (Twilio):retained per Twilio’s policies for the duration of verification and fraud-prevention windows.

Your rights

You can exercise any of the rights below by emailing brian@brianmoore.com from the address associated with your account, or by using the in-app controls where available.

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate information (you can also edit your display name and userpic in-app).
• Deletion: delete your account at any time from within the app.
• Export: we are building a self-service export endpoint that emails you a zip of your data; until it is live, email us and we will fulfill the request manually.
• Opt out of communications: turn off push notifications in iOS Settings or within the app.

EU/EEA/UK users (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have additional rights under the GDPR/UK GDPR, including the rights to portability, restriction of processing, objection to processing, and to lodge a complaint with your local supervisory authority. Our legal bases for processing are: performance of our contract with you (running the app), your consent (for optional data such as location and profile photo), and our legitimate interests (security, abuse prevention, and improving the service).

California residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, to delete it, to correct it, to limit the use of sensitive personal information, and to not be discriminated against for exercising these rights. We do not sell or “share” personal information for cross-context behavioral advertising as those terms are defined under the CCPA.

Children

Framous is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If we learn that an account belongs to someone under 13, we terminate the account and delete the associated data within 30 days. If you believe a child under 13 has provided us with personal information, please contact brian@brianmoore.com.

Data security

All API traffic is encrypted in transit using TLS. Photos and database records are encrypted at rest by Cloudflare R2 and Neon respectively. We strip EXIF metadata from uploaded images before storage so embedded GPS coordinates are discarded, and we never transmit or store precise GPS coordinates from your device. No system is ever perfectly secure, however, and we cannot guarantee the absolute security of your information.

International transfers

Framous is operated from the United States, and the service providers we rely on (Cloudflare, Neon, Sentry, Hive, Google, Twilio, Apple) primarily process data in the United States. If you access Framous from outside the United States, your information will be transferred to and processed in the United States. Where applicable, we rely on Standard Contractual Clauses or other lawful transfer mechanisms offered by our processors.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, for significant changes, notify users in-app or by push notification before the changes take effect. Your continued use of Framous after the update means you accept the revised policy.

Contact

Questions or requests about this Privacy Policy or your data can be sent to brian@brianmoore.com.