Privacy Policy

Last updated: April 20, 2026

This policy describes how FrameOasis ("we", "us", "our") handles information across our storefront at frameoasis.com and our internal scheduling tool ("the App") used by our team to manage our own social-media accounts.

1. CONTACT
FrameOasis
hello@frameoasis.com
frameoasis.com

2. STOREFRONT (frameoasis.com)
When you shop with us we collect the information you provide at checkout — name, email, shipping and billing address, and payment details — along with order history. Payment card data is handled by our payment processor (Shopify Payments / Stripe) and never stored on our servers. We use this information to fulfil orders, provide customer support, and comply with tax/legal obligations. We do not sell personal data.

3. INTERNAL SCHEDULING TOOL (the App)
The App is an internal, single-tenant utility used only by FrameOasis staff. It does not sign up end users and does not interact with anyone's accounts other than our own Instagram, Pinterest, and TikTok business accounts.

What the App stores, encrypted at rest on our server:
- OAuth access tokens for FrameOasis-owned Instagram, Pinterest, and TikTok business accounts
- Post content authored by our team (captions, media, scheduled times)
- Public comments on our own posts, retrieved via official platform APIs, so we can review and reply

What the App does NOT do:
- It does not collect personal data from followers beyond what the platforms already make public
- It does not share or sell data to third parties
- It does not use data for advertising, profiling, or training external models

Third-party services used by the App:
- Instagram Graph API, Pinterest API v5, TikTok Content Posting API — to publish posts and read comments on our own accounts
- OpenAI API — to classify comments and draft replies (comment text is transmitted for this purpose; OpenAI does not retain this data for training per their API terms)

4. COOKIES
Our storefront uses standard Shopify analytics cookies and, where enabled, first-party marketing pixels. You can disable cookies in your browser.

5. RETENTION
Order data is retained for 7 years to meet accounting requirements. App access tokens are retained while the account remains connected; disconnecting removes them immediately. Operational logs are retained for 90 days.

6. YOUR RIGHTS
You may request access to, correction of, or deletion of your personal data by emailing hello@frameoasis.com. We respond within 30 days. Residents of the EU, UK, and California have additional rights under the GDPR, UK GDPR, and CCPA respectively.

7. SECURITY
Traffic is served over HTTPS. API tokens are encrypted at rest. The App is protected by a pre-shared bearer key, and inbound webhooks are HMAC-verified.

8. CHANGES
We may update this policy; the "Last updated" date above reflects the current version.