Privacy Policy

Last updated: December 22, 2022

The Frame.io Privacy Policy describes the privacy practices of Frame.io’s Services and anywhere we display or reference this policy. Your use of Frame.io’s Services is subject to our Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Service.

Frame.io is an Adobe Company. Frame.io discloses personal information with other entities in the Adobe family of companies in order to enhance and improve Adobe products and services, as well as for other legitimate business purposes. Your personal information will also be used to send you information about other Adobe products and services that may be of interest to you, consistent with your choices on how we disclose your data (as detailed more below). A list of these entities and their respective privacy policies can be found here.

Privacy Policy Table of Contents

What does this Privacy Policy cover?
What information does Frame.io collect about me?
How We Disclose Your Personal information
Cookies, Tracking Tools, and Advertising
Information about Interest-based Advertisements
What rights do I have regarding my personal information?
Withdrawing consent or otherwise objecting to direct marketing
Data Security and Retention
Personal information of Children
Additional US State Privacy Rights
Information for European Union Data Subjects
Changes to this Privacy Policy
Contact Information

What this Privacy Policy Covers

This Privacy Policy covers how we treat personal information that we gather when you access or use our Services. “Personal information” means any information that identifies or relates to a particular individual or when combined with other information could be used to identify a specific individual and also includes information referred to as “personally identifiable information” or similar terms used in applicable data privacy laws, rules, or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.
This Privacy Policy covers how Frame.io (also referred to as “we,” “us,” or “our) will make use of your personal information in the context of:

What information does Frame.io collect about me?

Categories of personal information

When you purchase, register, or use our Services, or contact us for support or other offerings, Frame.io collects information that identifies you. This includes identifiers and contact information, such as:

Name;
Email address;
Telephone number;
Postal or physical address;
Country;

Commercial and transaction information, such as:

Payment/billing information (payment card type, last 4 digits of payment card, billing address, and contact information);
Purchase history;
Consumer profiles;
Content (e.g., documents, photos, videos, activity logs, direct feedback from you, and metadata about your content) which is sent or received using any online features which is stored on servers belonging to Frame.io or its parent company;
Content of and information provided through customer support communications;

Professional, education, or other demographic information, such as:

Date of birth;
Company or school name;
Title or occupation;
Job function or expertise;
Company details, such as the size, industry, and other information about the company where a user may work (when the user has provided the company name);

Analytics or other electronic network activity, such as:

IP address, browser, domain server, mobile device ID, and non-identifiable request IDs:
Use and navigation of Services (collected through cookies and similar technologies), referring webpage or source through which you accessed the Services.

Inferred information

To help keep our databases current and to provide you the most relevant content and experiences, we may infer or generate information based on the information we collect or combine information provided by you with information from third party sources, in accordance with applicable law. For example, we may profile user attributes or create profiles reflecting user behavior. We may also infer, generate, or collect and receive information from third parties, including partners, and from publicly accessible sources, for purposes that include to detect, prevent, or otherwise address fraudulent, deceptive, or illegal activity, misuse of our Services and Software, security or technical issues, as well as to protect against harm to the rights, property or safety of Frame.io and Adobe employees, uses, children, or the public.

Categories of Sources of personal information

We collect Personal information about you from the following categories of sources:

Personal information you provide directly to us, such as on a form, via a browser or mobile-based chat session, via email or telephone, etc. or create an account and use our interactive tools and services.
Personal information we automatically or programmatically collect or generate from your access to and use of Frame.io websites, products, or services including our mobile application and any software we make available to you.
Personal information we infer or generate from your access to and use of our websites, products, or services, such as your approximate location (such as your IP address), likely preferences or other characteristics
Personal information we obtain or receive from other sources including:

Our Business or Commercial Purposes for Collecting Personal Information

Providing, Customizing and Improving the Services
Marketing the Services
Corresponding with You
Meeting Legal Requirements and Enforcing Legal Terms

How We Disclose Your Personal Information

We disclose your personal information to the categories of service providers and other parties listed in this section.

Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:
Advertising Partners. These parties help us market our services and provide you with other offers that may be of interest to you. They include:
Business Partners. These parties partner with us in offering various services and include businesses that you have a relationship with.
Parties You Authorize, Access, or Authenticate

Legal Obligations

We may disclose any personal information that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal information” section above.

Business Transfers

All of your personal information that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Deidentified and Aggregated Data

We may create aggregated, de-identified, or anonymized data from the personal information we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified, or anonymized data and disclose it to third parties for our lawful business purposes, including to analyze, build, and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you.

Cookies, Tracking Tools, and Advertising

The Services use cookies and similar technologies to collect usage information to provide you with a more personalized experience, improve our products and services, and in some cases, to tailor ads to your likely interests. To change your collection settings, click on

Cookies are small text files stored by your web browser when you use websites. You can control how websites use cookies by configuring your browser’s privacy settings (please refer to your browser’s help function to learn more about cookie controls). Note that if you disable cookies entirely, our website may not function properly.

Frame and the companies that help us run our business use cookies in several ways, such as:

Authenticating and identifying you on our websites so we can provide you the services you requested
Keeping track of any information you have provided to us
Providing you the Frame websites that you use
Remembering your preferences or where you left off in your use of a Frame website
Measuring your use of Frame websites so that we can improve them, tailor our websites to your likely interests, and conduct market research
Understanding your likely interests so we can provide you more relevant ads and content on non-Frame websites and in non-Frame apps

Web beacons and embedded scripts are other technologies that we use in our websites, as well as in some of our emails and ads. Web beacons (or “tags”) are bits of programming code included in web pages, emails, and ads that notify Frame (or the companies that help us run our business) when those web pages, emails, or ads have been viewed or clicked on.

Embedded scripts are bits of programming code included within some of our web pages that measure how you use those web pages, such as which links you click. We use this information to improve our websites, tailor our websites to your likely interests, conduct market research, and for anti-fraud monitoring purposes. You may be able to turn off scripting functionality, such as JavaScript, within your browser (please refer to your browser’s help function). Note that if you disable scripting functionality, some Frame websites may not function properly.

Your browser may also offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services that you do not wish such operators to track certain of your online activities over time and across different websites. Currently, there is not an accepted standard on how companies should respond to web browsers’ “Do Not Track” signals. Accordingly, our Services do not currently recognize or respond to “Do Not Track” browser signals.

Information about Interest-Based Advertisements

We may serve advertisements, and allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including personal information) may be provided to us by you, or derived from the usage patterns of particular users on the Services and/or services of third parties.

We comply with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. Through the DAA and Network Advertising Initiative (“NAI”), several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of, and greater control over, ads that are customized based a consumer’s online behavior across different websites and properties.

To make choices about Interest-Based Ads from participating third parties, including to opt-out for all companies who are members of those groups, please see:

Digital Advertising Alliance
Network Advertising Initiative
European Interactive Digital Advertising Alliance (“EDAA”)

To opt out of advertising solutions that tailor ads shown within mobile apps based on your likely interests please either:

Set the preference on your mobile device to limit ad tracking, or
Download the DAA’s AppChoices app

Please also review the privacy policies on the website and mobile apps that you use because they may offer additional privacy choices.

What rights do I have regarding my personal information?

Under the law of some jurisdictions, you have certain rights with respect to your personal information. You may have the right to ask for a copy of your personal information; to correct, delete, or restrict (stop any active) processing of your personal information; and to obtain the personal information you provide to us for a contract or with your consent in a structured, machine-readable format, and to ask us to port this information to another controller. You may be entitled to additional rights based on applicable data privacy laws in your jurisdiction.

These rights may be limited, for example, if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law to keep or which we need to defend claims against us. In some cases, we may also need you to provide us with additional information, which may include personal information, if necessary to verify your identity and the nature of your request. To exercise any of these rights, you can get in touch with us using the details set out below. You may also be able to access, correct, or delete some of your personal information by logging into your account.

In addition to these rights, see the “Additional US State Privacy Rights” section and the “EU Data Subject Rights” section further below for more information about rights you may be entitled to.

Withdrawing consent or otherwise objecting to direct marketing

Frame.io and companies we hire to help market our Services on our behalf may use your information to provide you with information and offers related to Frame.io.

Where we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your information for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt out of direct marketing, or profiling we carry out for direct marketing, at any time by:

updating your preferences in your specific website or app accounts;
clicking on the unsubscribe link in the email footer;
connecting with us through our online support chat; or
contacting us using the details provided at the end of this privacy policy.

Data Security and Retention

We seek to protect your personal information from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of personal information and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanisms; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

We retain personal information about you for as long as you have an open account with us or as otherwise necessary to provide you with our Services. When you close your account, we begin deleting certain personal information that we no longer have a business reason to retain. In some cases, we retain personal information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation.

Personal information of Children

As noted in the Terms of Service, we do not knowingly collect or solicit personal information about children under 13 years of age and our Services are not intended for minors under the age of 13. If you are a child under the age of 13, please do not attempt to register for or otherwise use the Services or send us any personal information. If we learn we have collected personal information from a child under 13 years of age, we will delete that information as quickly as possible. If you believe that a child under 13 years of age may have provided personal information to us, please contact us at support@frame.io.

Additional US State Privacy Rights

Some states in the US have passed state-specific privacy laws. This section supplements our privacy policy by explaining your privacy rights if you are a resident in one of these states, provides certain mandated disclosures about our treatment of personal information, and includes:

Colorado, Connecticut, Utah and Virginia specific disclosures and rights
California specific disclosures and rights
Opt-outs for sale or sharing of personal information
Metrics on consumers exercising their rights

Colorado, Connecticut, Utah, and Virginia:

If you are a resident of Colorado, Connecticut, Utah, or Virginia, we have certain obligations, and you have certain rights with respect to your personal information, including:

Right to confirm whether the controller is processing the consumer’s personal information and the right to access such information;
Right to correct inaccuracies in personal information;
Right to delete personal information;
Right of data portability;
Right to opt out from targeted advertising; and
Right to opt out from the sale of personal information.

In certain states, you also have the right to opt out from profiling in furtherance of decisions that produce legal or similarly significant effects on the consumer (such as Virginia, Colorado, and Connecticut) and appeal a decision regarding a request to exercise your rights.

If you wish to exercise one or more of these rights, please review the “What rights do I have regarding my personal information?” section above. If you would like to opt out of targeted advertising or the selling or sharing of personal information, please see the instructions below.

California

The California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2021) (“CCPA”) requires us to provide California consumers with some additional information related to how Frame.io collects, uses, retains, and discloses personal information as well as describe additional rights, which are summarized below.

California Privacy Policy Disclosures

We collect, use, disclose, sell, share, and retain personal information as further described in this Privacy Policy and summarized below.

Personal information We Collect:

In the preceding 12 months, we have collected the categories of personal information described above in the section “Categories of Personal information.”

Sources of Personal information We Collect

The “Categories of Sources of Personal information” section above details the sources of personal information that we collect from you.

Business or Commercial Purposes for Collecting Personal information

The “Our Business or Commercial Purposes for Collecting Personal information” section above details the business or commercial purposes for collecting personal information from you.

Categories of Personal information Sold or Shared in the Preceding 12 Months:

Categories of Personal information Sold or Shared	Categories of Third-Party Recipients	Purpose for Disclosure
- Identifiers and contact information	Social media platforms advertisers; ad agencies; advertising networks and platforms; advertising related technology providers	Cross-context behavioral advertising
- Commercial and transactional information
- Analytics or other electronic network activity
- Inferred information

Retention and Deletion

The “Data Security and Retention” section above details how long Frame retains personal information.

California Privacy Rights

California consumers have certain rights with respect to their personal information. These rights include the following:

1. Right to opt out of “selling” or “sharing” certain personal information

You have a right to opt out from future “sales” or “sharing” of personal information. CCPA requires us to describe the categories of personal information we sell to or share with third parties and how to opt out of future sales or sharing. The CCPA defines personal information to include internet or other electronic network activity information which includes identifiers, such as IP addresses, cookies IDs, and mobile IDs. The law also defines a “sale” or “share” broadly to include simply making data available to third parties in some cases.

To opt out of selling or sharing for purposes of cross-context behavioral advertising you can:

Click on “” to review your preferences and opt out of advertising cookies and other technologies used for browser based cross-context behavioral advertising. Note you will need to opt out from each browser that you use to access Frame.
To opt out of the selling or sharing of customer record information for cross-context behavioral advertising and partner marketing click here.

Further, using these choices will not stop all interest-based advertising, such as contextual-based ads.

2. Right to Know or Request Categories of Personal information

You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information such as a list of the categories of personal information collected about you, and other related information such as the source of the information, categories of information shared or sold to third parties, and the purpose for such sharing. Frame has provided this information in this Privacy Policy.

3. Right to Correct.

You have a right to request correction of inaccurate personal information.

4. Right to Request Deletion

You have the right to request that we delete the personal information that we have collected about you, subject to certain exceptions.

5. Right to Designate an Authorized Agent

You may designate an authorized agent to exercise some of your rights, however, in order to help protect the security of your personal information, the authorized agent must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We will only use personal information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

6. Right against Discrimination

We will not discriminate against you for exercising your rights under the CCPA.

7. Right to Notice

You have a right to receive notice of our practices at or before collection of personal information

Additional information on exercising your rights

You have right to exercise the rights listed in our Privacy Policy free or charge or penalty, but we may limit the number of requests you make or charge reasonable fees as legally permitted. You may exercise many of these rights yourself by adjusting your preferences as outlined in this Privacy Policy, filling out a request at https://preferences.frame.io/privacy-management/, or by reaching out to us via the contact information provided at the end of this Privacy Policy.

Consumer request metrics for calendar year 2022

Frame believes transparency is critical to maintaining a trusted relationship with our consumers. To that end, Frame is further enhancing our transparency with respect to the choices our consumers make regarding personal information. In this privacy transparency disclosure, we are providing metrics on certain requests we received from consumers across the United States during the 2022 calendar year, in compliance with the California Consumer Privacy Act.

Requests to know: Frame received 72 consumer requests to know personal information collected about them, complied with 72 of those requests in whole or in part, and denied 0 of those requests.

Requests to delete: Frame received 1,896 consumer requests to delete, complied with 1,838 of those requests in whole or in part, and denied 10 of those requests while the remaining requests are pending.

Information for European Union Data Subjects

If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your personal information, as outlined below.

For this section, we use the terms “personal information” and “processing” as they are defined in the GDPR, but “personal information” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, and disclosure. Frame.io will be the controller with regard to personal information we collect.

If there are any conflicts between this section and any other provision of this Privacy Policy, the policy or portion that is more protective of personal information shall control to the extent of such conflict. If you have any questions about this section or whether any of the following applies to you, please contact us at support@frame.io. Note that we may also process personal information of our customers’ end users or employees in connection with our provision of certain services to customers, in which case we are the processor of personal information. If we are the processor of your personal information (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.

Personal information We Collect

The “Categories of Personal information We Collect” section above details the personal information that we collect from you.

Personal information Use and Processing Grounds

The “Our Commercial or Business Purposes for Collecting Personal information” section above explains how we use your personal information.

We will only process your personal information if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

Contractual Necessity: We process the following categories of personal information as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such personal information will result in your inability to use some or all portions of the Services that require such data.
Legitimate Interest:
Consent: In some cases, we process personal information based on the consent you expressly grant to us at the time we collect such data. When we process personal information based on your consent, it will be expressly indicated to you at the point and time of collection.
Other Processing Grounds: From time to time, we may also need to process personal information to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

Disclosing Personal information

The “How We Disclose Your Personal information” section above details how we disclose your personal information to third parties.

EU Data Subject Rights

In addition to the rights discussed above, you may have certain rights set forth below. For more information about these rights, or to submit a request, please email us at support@frame.io.

Portability: You can ask for a copy of your personal information in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Objection: You can contact us to let us know that you object to the further use or disclosure of your personal information for certain purposes, such as for direct marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your personal information.
Right to File Complaint: If you have unresolved concerns, you have the right to report them to your local privacy regulator or data protection authority and, where applicable, you also have the right to lodge a complaint with Adobe Ireland's lead supervisory authority, the Irish Data Protection Commission.

Transfers of Personal information

The Services are hosted and operated in the United States (“U.S.”) through Frame.io and its service providers, but we also transfer personal information to all other countries in the world where our Services are available. We carry out these transfers in compliance with applicable laws – for example, by putting data transfer agreements in place to help protect your personal information. Where Frame.io transfers your personal information to a country that is not within the EEA and is not subject to a European Commission adequacy decision, we rely on one or more of the following legal mechanisms: European Commission approved Standard Contractual Clauses, and/or your consent in certain circumstances.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to account for new technologies, industry practices, regulatory requirements or for other purposes. If we do, we will change the “last updated” date at the top of this policy and the revised policy will be posted to this page so that you are aware of the information we collect, how we use it, and under what circumstances we may disclose it. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices. Under certain circumstances (for example, with certain material changes or where it is required by applicable privacy laws), we will provide notice to you of these changes, and where required by applicable law, we will obtain your consent. Notice may be by email to you, by posting a notice of such changes on our Services, or by other means consistent with applicable law.
If you have a privacy question, concern, or request, contact us at: