This Privacy Policy explains how Virtual Framer SAS handles personal data. It covers the data we decide how to use. Where we process personal data on behalf of our customers, such as the client records they keep inside the Service, we act only as a processor, and that is governed by our data processing terms.
01Who we are
The Service is provided by Virtual Framer SAS, registered in France under SIREN 890 113 608, with its registered office at 30 avenue Maréchal Foch, Bureau 3, 69006 Lyon, France. For the personal data described in this policy, we decide how and why it is used, which makes us the data controller.
You can reach us about privacy at info@virtualframer.com. We have not appointed a separate data protection officer, so please send any privacy question to that address.
02What this policy covers
We are based in France and we apply the standards of the GDPR, the EU data protection law, to everyone we serve, wherever they are. Every customer receives the same core protections, whether they are in Europe, the United Kingdom, the United States, Canada, Australia, New Zealand or elsewhere. Where the law of your own country, state or region gives you additional rights, those rights also apply to you, and you can exercise them by contacting us.
This policy covers personal data where we decide how and why it is used. That includes data about the framers and businesses who subscribe to the Service, people who contact us or ask us for information, and visitors to our website.
It does not cover the personal data that our customers hold about their own clients inside the Service. For that data we act only as a processor, on the customer's instructions, and it is governed by our data processing terms and by the customer's own privacy information.
03The personal data we collect
- Account and contact details, such as your name, business name, email, postal address, phone number and login details.
- Billing details, handled through our payment provider, along with the invoice and payment records we keep.
- Support and other communications, meaning the messages you send us and our replies.
- Marketing details, where you are a customer or have signed up, such as your contact details and preferences.
- Technical data needed to run the Service securely, such as the data tied to logging in and keeping your session safe.
04Why we use it, and our lawful bases
- To provide the Service and manage your account, on the basis of our contract with you.
- To take payment and keep proper accounts, on the basis of our contract and our legal obligations.
- To provide support and respond to you, on the basis of our contract and our legitimate interest in helping you.
- To send you service messages about your account, on the basis of our contract.
- To send marketing, on the basis of your consent where it is required, or our legitimate interest, and you can opt out at any time.
- To keep the Service secure and to meet our legal obligations, on the basis of our legitimate interests and those obligations.
05Who we share it with
We share personal data only with the providers we need to run the Service, who act for us under contract: Amazon Web Services, Infomaniak and Hetzner for hosting, Cloudflare for network delivery and security, Stripe for payment, and HubSpot for email, support and marketing. We may use other providers for the same purposes, and we keep this list current.
We do not sell your personal data, and we do not share it for any other party's own marketing. We may also disclose data where the law requires it.
06Payment processors you engage directly
The Service lets you collect payments from your own customers through a third party payment processor. You can choose which processor to use, currently Service First Processing or Stripe, and we may add further options over time. Before you can use one, you sign up directly with that processor.
Where you use this feature, the processor you choose handles the related personal data as an independent provider under your agreement with it, not on our instructions. Its use of personal data is governed by that agreement rather than by this policy. This is separate from our own use of Stripe to collect your subscription fee, which is described above.
07International transfers
Our servers and infrastructure are located in the European Union, Switzerland and the United States, and some of our providers process data outside the European Union, including in Switzerland and the United States.
Where personal data is transferred outside the European Union, it is protected by appropriate safeguards. Switzerland is recognized by the European Union as providing an adequate level of data protection. For transfers to the United States, we rely on safeguards such as standard contractual clauses or the EU to US Data Privacy Framework.
08How long we keep your data
We keep operational data only while you are a customer. When your account is canceled we delete it promptly, usually at once and rarely longer than one month, except for backups that age out over a limited time.
Payment and invoice records held through our payment provider are kept for as long as we need to meet our legal, accounting and tax obligations.
09Your rights
You have rights over your personal data under data protection law. These include the right to access your data, to correct it, to ask us to delete it, to object to or restrict certain uses, to withdraw consent where we rely on it, and to receive a copy in a portable form.
To exercise any of these, contact us at info@virtualframer.com. We will respond within the time the law allows.
10Your US state privacy rights
If you are a resident of California or another US state with its own privacy law, you have specific rights under that law, in addition to the protections described above. Depending on your state, these include the right to know what personal data we hold about you, to access a copy of it, to correct it, to delete it, and to opt out of the sale or sharing of personal data and of targeted advertising.
We do not sell your personal data, and we do not share it for targeted advertising. We do not use it to make decisions that produce legal or similarly significant effects about you. We will not discriminate against you for exercising any of these rights.
To exercise your state privacy rights, contact us at info@virtualframer.com. We will verify your request and respond within the time your state law allows. If your state allows you to use an authorized agent, they may make a request on your behalf with proof of authorization.
11Cookies
The Service uses only the strictly necessary cookies needed to log you in and keep your session secure. We do not use analytics, advertising or tracking cookies.
12How to complain
If you have a concern about how we handle your data that we cannot resolve, you can complain to a data protection authority. In France this is the Commission Nationale de l'Informatique et des Libertés (CNIL), at cnil.fr. If you are elsewhere, you can complain to the authority in your own country, such as the Information Commissioner's Office in the United Kingdom, the Office of the Privacy Commissioner of Canada, the Office of the Australian Information Commissioner, the Office of the Privacy Commissioner in New Zealand, or your local data protection authority in the European Union.
13Changes to this policy
We may update this policy from time to time. Where a change is significant, we will take reasonable steps to let you know. The version and date at the top of this page show when it was last updated.
14How to contact us
For any question about this policy or your personal data, contact us at info@virtualframer.com, or by post at Virtual Framer SAS, 30 avenue Maréchal Foch, Bureau 3, 69006 Lyon, France.