Privacy Policy

Last updated: January 28, 2026

1. Introduction

This Privacy Policy explains how OUTERFRAME LABS (“Company”, “we”, “us”) collects, uses, stores, and protects personal data when users (“User”, “you”) access or use the ScreenWeaver platform (the “Service”).

OUTERFRAME LABS is committed to protecting personal data in accordance with:

  • the General Data Protection Regulation (EU) 2016/679 (GDPR),
  • applicable French and European data protection laws.

2. Data Controller

The data controller is:

OUTERFRAME LABS

SAS
91 route des Romains
67200 Strasbourg – France

Contact for data protection matters:
📧 privacy@screenweaver.app (recommended)

3. Categories of Personal Data Collected

We may collect the following categories of data:

3.1 Account Data

  • name or username,
  • email address,
  • authentication credentials (hashed),
  • subscription status and plan.

3.2 Usage Data

  • actions performed on the platform,
  • feature usage, timestamps, logs,
  • IP address, device type, browser, operating system (in aggregated or truncated form).

3.3 Payment Data

  • Payment information is never stored directly by OUTERFRAME LABS.
  • Payments are processed by third-party payment providers (e.g. Stripe), who act as independent data controllers.

4. Creative Content & AI Inputs

4.1 User Content

The Service allows Users to input creative content such as:

  • scripts, texts, prompts, story ideas,
  • visual references, documents, and project materials.

These contents may contain personal data, at the sole discretion and responsibility of the User.

4.2 Purpose of Processing Creative Content

User content is processed strictly for the purpose of providing the Service, including:

  • generating AI-assisted outputs,
  • enabling editing, visualization, export, and storage,
  • ensuring proper technical operation.

4.3 No Human Review

By default:

  • User content is not reviewed by humans,
  • except when strictly required for security, abuse prevention, legal compliance, or technical support.

5. AI Training Policy (Critical Clause)

Unless explicitly stated otherwise:

  • User content is NOT used to train proprietary AI models,
  • content may be used only in aggregated, anonymized, and non-identifiable form for:
    • service reliability,
    • performance monitoring,
    • safety and abuse prevention,
    • statistical improvement.

No User content is sold or licensed to third parties for AI training.

6. Legal Bases for Processing (GDPR Article 6)

Personal data is processed on the following legal bases:

  • Contractual necessity – to provide the Service,
  • Legitimate interest – security, fraud prevention, service improvement,
  • Legal obligation – accounting, compliance, law enforcement requests,
  • Consent – where required (cookies, optional communications).

7. Data Retention

We retain personal data:

  • only for as long as necessary to provide the Service,
  • or as required by applicable law.

User content may be deleted:

  • upon account deletion,
  • or after a reasonable retention period,
  • unless retention is required for legal or regulatory purposes.

8. Data Sharing & Subprocessors

We may share data with trusted subprocessors strictly necessary to operate the Service, including:

  • Vercel Inc. (hosting and infrastructure),
  • payment processors (e.g. Stripe),
  • analytics and monitoring providers,
  • customer support tools.

All subprocessors are bound by contractual data protection obligations.

9. International Data Transfers

Some data may be processed outside the European Union, including in the United States.

In such cases, we rely on:

  • adequacy decisions, or
  • Standard Contractual Clauses (SCCs), or
  • equivalent safeguards required by GDPR.

10. Data Security

We implement technical and organizational measures to protect personal data, including:

  • encryption in transit,
  • access controls,
  • infrastructure security best practices,
  • monitoring and logging.

However, no system can be guaranteed 100% secure.

11. User Rights (GDPR)

Users have the right to:

  • access their personal data,
  • rectify inaccurate data,
  • request erasure (“right to be forgotten”),
  • restrict or object to processing,
  • request data portability,
  • withdraw consent where applicable.

Requests can be sent to:
📧 privacy@screenweaver.app

We may request identity verification before processing requests.

12. User Responsibility for Content

The User acknowledges that:

  • they may input personal data of third parties,
  • they are solely responsible for ensuring they have lawful grounds to do so,
  • OUTERFRAME LABS acts only as a data processor for such content.

13. Cookies & Tracking

The Service may use:

  • essential cookies for authentication and security,
  • optional analytics cookies (subject to consent where required).

Details are provided in a separate Cookie Policy where applicable.

14. Children’s Data

The Service is not intended for individuals under 18 years of age.

We do not knowingly collect data from minors.

15. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time.

Changes become effective upon publication on the Service.

Continued use of the Service constitutes acceptance of the updated policy.

16. Supervisory Authority

Users have the right to lodge a complaint with the relevant data protection authority, including:

CNIL (France)
https://www.cnil.fr