Privacy Policy

Frameshift LLC ("we," "our," or "us") operates the Frameshift mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date and version number of this Privacy Policy. For material changes, we will prompt you to re-accept the updated policy within the App. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

1. INFORMATION WE COLLECT

1.1 Device Information

We automatically collect certain information when you use the App, including:

• Device identifier (a randomly generated UUID stored locally on your device)
• Device type, operating system, and version
• App version
• IP address (used transiently for rate limiting and security; not stored)
• Crash reports and performance data

1.2 Push Notification Tokens

If you enable push notifications, we collect:

• Your Expo Push Notification token
• Your device platform (iOS or Android)
• Your notification preferences (daily briefings, frameshift alerts, narrative resurrection alerts)

1.3 Usage Data

We collect information about how you interact with the App:

• Articles viewed and saved
• Narratives you pin or track
• Feed and timeline display preferences
• Subscription status and entitlement checks
• Timestamps of App usage

1.4 User-Submitted Content

Certain features require you to submit content:

• URL Analyzer (Premium): Article URLs you submit for analysis
• Vault Search: Search queries you enter to find narratives

These inputs are sent to our servers for processing and are not stored beyond the duration needed to return results.

1.5 On-Device Storage

The App stores data locally on your device using AsyncStorage, including:

• Your device identifier
• Push notification token
• Notification and display preferences
• Onboarding completion status
• Terms acceptance timestamp and version
• Cached article and narrative data (temporary, with short expiration)

This data remains on your device and is not transmitted to our servers except as specifically described in this Policy.

1.6 Information We Do NOT Collect

We do NOT collect:

• Your name, email address, or phone number
• Location data or GPS coordinates
• Contacts, photos, or other personal files
• Biometric data
• Social media account information
• Financial information (payments are processed entirely by Apple, Google, and RevenueCat)
• Advertising identifiers or cross-app tracking data

2. HOW WE USE YOUR INFORMATION

2.1 To Provide and Maintain the App

• Delivering news content, analysis, and narrative tracking
• Saving your preferences, pinned narratives, and saved articles
• Delivering push notifications you have opted into
• Managing your subscription status
• Processing URLs submitted for analysis (Premium feature)

2.2 To Improve the App

• Analyzing aggregate usage patterns to improve features
• Identifying and fixing bugs
• Developing new features

2.3 For Security and Fraud Prevention

• Detecting and preventing abuse
• Rate limiting to prevent service overload (using IP address transiently)
• Protecting against unauthorized access
• Validating device identifiers

2.4 For Legal Compliance

• Complying with applicable laws and regulations
• Responding to lawful legal requests and preventing harm

3. THIRD-PARTY SERVICES

We share data with the following third-party services only as necessary to operate the App:

3.1 RevenueCat (Subscription Management)

We use RevenueCat to manage subscriptions and in-app purchases. Your device UUID is used as your RevenueCat customer identifier, which means RevenueCat can associate your purchase history with your device. RevenueCat may collect:

• Purchase transaction data
• Subscription status and entitlement information
• Device identifier (your app-generated UUID)

RevenueCat's privacy policy: https://www.revenuecat.com/privacy

3.2 Apple App Store / Google Play Store

Payments are processed through Apple's App Store or Google Play. We do not have access to your payment card details, billing address, or other financial information. Please review:

• Apple's Privacy Policy: https://www.apple.com/legal/privacy/
• Google's Privacy Policy: https://policies.google.com/privacy

3.3 OpenAI (AI-Powered Analysis)

We use OpenAI's API on our servers to generate article analysis, narrative summaries, frameshift detection, and perspective simulations. Article content from third-party news sources (not your personal data) is sent to OpenAI for processing. We currently use models including GPT-4o-mini and GPT-5. OpenAI's privacy policy: https://openai.com/privacy

3.4 Serper API (Web Search)

We use Serper on our servers to discover and source news articles. Article metadata and search queries related to news topics may be processed by Serper. Your personal data is not sent to Serper.

3.5 Tavily (Web Search)

We use Tavily as an alternative web search provider on our servers. Tavily's privacy practices apply to news-related search queries processed server-side. Tavily's privacy policy: https://tavily.com/privacy

3.6 Expo Push Notification Service

When you enable push notifications, your Expo Push Token is sent to Expo's servers to deliver notifications to your device. Expo's privacy policy: https://expo.dev/privacy

3.7 Expo / React Native Framework

The App is built using Expo and React Native. These frameworks may collect anonymous crash reports and performance metrics as part of standard framework operation.

4. AUTOMATED DECISION-MAKING AND AI

4.1 AI-Generated Content

The App uses artificial intelligence to generate article analysis, narrative summaries, timeline nodes, frameshift detection, and partisan perspective simulations ("Democrat interpretation" / "Republican interpretation"). This processing occurs on our servers using third-party AI models (see Section 3.3).

4.2 No Automated Decisions Affecting You

We do not use AI or automated processing to make decisions that produce legal effects or similarly significant effects concerning you. AI is used solely to analyze and present news content. No profiling is performed on individual users.

4.3 AI Limitations

AI-generated content may contain errors, biases, hallucinations, or inaccuracies. It is provided for informational and educational purposes only and should not be relied upon for any decision-making. See our Terms of Service for additional disclaimers.

5. DATA RETENTION

5.1 Device Data

Your device identifier and associated server-side data (preferences, pinned narratives, notification preferences) are retained as long as you actively use the App.

5.2 Server Data

• User account data (device ID, preferences, pinned narratives): Retained until you delete your account via the App's Settings menu.
• Historical timeline nodes: Capped at one (1) year of history per timeline.
• Aggregated, de-identified content data (article analysis, narrative data): Retained indefinitely as it is not linked to individual users.
• Push notification tokens: Retained until you unregister or delete your account.

5.3 Subscription Data

Subscription and transaction data is retained by RevenueCat, Apple, and Google according to their respective retention policies.

5.4 Cached Data

Locally cached data on your device (API responses) expires automatically after five (5) minutes and is not transmitted to our servers.

6. ACCOUNT DELETION

6.1 What Gets Deleted

When you use the "Delete Account" feature in the App's Settings menu, the following data is permanently deleted from our servers:

• Your user record and device identifier association
• All pinned narratives
• All notification preferences and push tokens
• All analyzer usage history
• All user settings and preferences

6.2 What Is NOT Deleted

• Aggregated, de-identified content data (article analysis, narratives, timelines) that is not linked to your identity
• Data held by third parties (RevenueCat, Apple, Google) according to their own policies

6.3 Important Note About Uninstalling

Uninstalling the App removes only locally stored data from your device. It does NOT delete your server-side data. To fully delete your data, you must use the "Delete Account" feature before uninstalling.

7. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of all data in transit (HTTPS/TLS)
• Security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options)
• Rate limiting on all API endpoints
• Input validation and sanitization
• Access controls and administrative authentication
• Webhook signature verification (HMAC-SHA256)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. DATA BREACH NOTIFICATION

In the event of a data breach that affects your personal information, we will:

• Notify affected users within seventy-two (72) hours of becoming aware of the breach, or as required by applicable law
• Provide notification via push notification (if enabled) and/or in-app notice
• Describe the nature of the breach, the data affected, and steps we are taking to address it
• Provide guidance on steps you can take to protect yourself

9. YOUR RIGHTS AND CHOICES

9.1 Access and Portability

You may request a copy of the data we hold about your device by contacting us at the email address below.

9.2 Deletion

You may delete all your data at any time using the "Delete Account" feature in Settings (see Section 6 for details).

9.3 Push Notifications

You may opt out of push notifications at any time through the App's Settings menu or your device's system settings. You may also granularly control which types of notifications you receive (daily briefings, frameshift alerts, resurrection alerts).

9.4 Do Not Track

The App does not track users across third-party websites or apps. We do not respond to "Do Not Track" browser signals as there is no applicable industry standard for mobile applications.

9.5 Opt-Out of Data Collection

You may limit data collection by:

• Disabling push notifications
• Not using the URL Analyzer or Vault Search features
• Deleting your account

10. CHILDREN'S PRIVACY

The App is not intended for children under 13 years of age (or 16 in the EEA/UK). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will promptly delete such information.

11. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in the United States or other countries where our servers and third-party service providers operate. These countries may have different data protection laws than your country of residence.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: We rely on legal mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other applicable legal bases, to transfer your data to countries outside the EEA/UK.

12. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information (see Section 6).
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under the CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

Categories of personal information we collect: Device identifiers, usage data, push notification tokens (see Section 1 for complete details).

To exercise these rights, contact us at privacy@frameshift.app.

13. VIRGINIA, COLORADO, CONNECTICUT, AND UTAH PRIVACY RIGHTS

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Utah (UCPA), you may have additional rights including:

• Right to access your personal data
• Right to delete your personal data
• Right to obtain a portable copy of your data
• Right to opt out of targeted advertising (we do not engage in targeted advertising)
• Right to opt out of the sale of personal data (we do not sell personal data)
• Right to opt out of profiling (we do not profile individual users)

Virginia, Colorado, and Connecticut residents may appeal a denial of a privacy request by contacting us at privacy@frameshift.app.

To exercise these rights, contact us at privacy@frameshift.app.

14. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right not to be subject to solely automated decision-making (see Section 4.2)

Our legal bases for processing include:

• Contract performance: Providing the App service, processing your preferences and saved content
• Legitimate interests: Improving the App, ensuring security, preventing fraud
• Consent: Push notifications, terms acceptance (where required)

You may lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date and version number
• For material changes: Requiring you to re-accept the updated policy within the App
• Sending a push notification for material changes (if you have notifications enabled)

Your continued use of the App after any changes constitutes acceptance of the new Privacy Policy. If you do not agree to the updated policy, you should discontinue use and delete your account.

16. CONTACT US

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: privacy@frameshift.app Website: https://frameshift.app/support

For GDPR-related inquiries, you may also contact your local data protection authority.

For California privacy requests: privacy@frameshift.app

17. CONSENT

By using the App, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the App.