Your data, our discipline.

• Account: name, email, hashed password, locale.
• Orders: billing address, VAT number, purchased items. Payment data is held by PayPal, never by us.
• Usage: page views, downloads, device type. Aggregated for product decisions.
• Communications: any email or message you send the studio.

To deliver the service: process orders, host downloads, prevent fraud, send transactional emails, and improve the product. No targeted advertising, no third-party trackers, no resale.

We use first-party cookies for authentication and locale. We also use a single privacy-respecting analytics provider (Plausible, EU) that sets no tracking cookies and does not fingerprint visitors.

All personal data is hosted in the European Union (Hetzner Frankfurt, OVH Roubaix). Backups are encrypted at rest and retained for 30 days. PayPal holds payment data under its own terms.

Under GDPR you have the right to access, rectify, port, or delete your data. Submit any request via studio/contact; we respond within 30 days, no questions asked.

• Right of access · article 15
• Right to rectification · article 16
• Right to erasure · article 17
• Right to portability · article 20
• Right to object · article 21

Account data is retained while your account is active. Orders are retained for 10 years (French commercial law). Logs are rotated every 90 days.

Data protection officer: dpo@frame-station.com. You may also lodge a complaint with the CNIL (France) or your local supervisory authority.