NewFrame

NewFrame Privacy Policy

Effective Date: May 7, 2025

1. Introduction and Effective Date

Welcome to NewFrame! This Privacy Policy explains how DreamBox Research Inc., doing business as NewFrame ("NewFrame," "we," "us," or "our"), collects, uses, shares, and protects information about you when you use our website (newframe.ai and app.newframe.ai), mobile applications (if any), and related services (collectively, the "Service"). This policy also describes your choices regarding your information.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Use. This Privacy Policy is effective as of the date stated above.

2. About NewFrame and This Privacy Policy

NewFrame, operated by DreamBox Research Inc., provides a generative-AI powered advertising studio designed to help brands and users create static and video advertising content. Our Service includes various tools and features, such as brand analysis, product training, mood board creation, in-browser editing, and an AI agent ("Madison") to assist in the creative pipeline.

This Privacy Policy applies to all information collected through your use of the Service. It does not apply to third-party websites, services, or applications that you may access through our Service. We encourage you to review the privacy policies of any third-party services before providing them with your information. Our goal is to be transparent about our data practices and to empower you to make informed decisions.

3. Information We Collect About You

We collect information about you in various ways when you use our Service. This information helps us provide and improve our Service, process your transactions, and communicate with you.

3.1 Information You Provide to Us:

  • Account Information: When you create a NewFrame account, we collect information such as your name, email address, and password. You may also choose to provide an optional profile photo.

  • Payment Information: To use our paid services, you will need to provide payment information, such as credit card details or other payment method information. This information is processed directly by our third-party payment processors (e.g., Stripe, PayPal). We do not store your full payment card details, though we may receive information like the last four digits of your card, card type, expiration date, and billing address from our payment processors for verification and record-keeping purposes.

  • Brand Assets and Product Information: To utilize the full capabilities of our AI ad generation tools, you may upload or provide brand-related content, including but not limited to logos, product photos, product descriptions, brand style documents, color palettes, fonts, and mood boards ("Brand Assets"). This information is used to train our AI models specifically for your account and to generate relevant ad creatives.

  • User-Generated Content and Prompts: We collect the text prompts, instructions, and any other inputs you provide when using our AI generation features. We also store the AI-generated images, videos, ad copy, and other creative content ("Generated Content") produced for you within your NewFrame workspace.

  • Communications: When you contact us for support, provide feedback, or communicate with us in any other way (e.g., via email to team@newframe.ai), we will collect the information you provide in your communications.

3.2 Information We Collect Automatically:

  • Device and Connection Information: When you access our Service, we automatically collect information about your device and network connection. This includes your IP address, browser type and version, operating system, device identifiers (such as MAC address or mobile ad ID), language settings, and general location information inferred from your IP address (such as city or region).

  • Usage Telemetry: We collect information about how you interact with our Service. This includes features you use, pages you visit, links you click, time spent on pages or features, prompt lengths, and other actions you take within the Service. This information is collected on an anonymized and aggregated basis to help us understand user behavior, improve our Service, and optimize performance.

  • Cookies and Similar Technologies: We use cookies (small text files stored on your device) and similar tracking technologies (like web beacons or pixels) to operate and provide our Service. These technologies help us recognize you, remember your preferences, secure your account, and analyze usage of our Service. We use essential cookies (for basic functionality and security) and analytics cookies (to understand service usage). For more details, please see Section 7 (Cookies and Similar Technologies).

3.3 Information We May Collect from Third Parties:

  • Payment Processors: As mentioned, our payment processors (e.g., Stripe, PayPal) provide us with transaction confirmations, subscription status, and limited payment information.

  • Third-Party Login Services (if applicable): If you choose to register or log in to NewFrame using a third-party account (e.g., Google, Discord), we will receive certain information from that service, such as your name and email address, as permitted by your privacy settings on that service.

  • Integrated Ad Platforms (Future Functionality): If you choose to connect your NewFrame account to third-party advertising platforms (e.g., Facebook Ads API, Google Ads API, TikTok Ads API) for publishing or analyzing ads, we may receive information from these platforms as authorized by you through their respective services. This could include campaign data or performance metrics.

4. How We Use Your Information

We use the information we collect for various purposes related to providing and improving our Service, as well as for business operations. These purposes include:

  • To Provide, Operate, and Improve the Service:

    • Creating and managing your NewFrame account and authenticating your access.

    • Processing your Brand Assets, prompts, and other inputs through our AI systems (which may involve our proprietary models and/or third-party AI model providers like OpenAI) to generate ad creatives, analyze your brand, create brand characters, and facilitate other AI-powered features exclusively for your account and benefit.

    • Storing your Brand Assets and Generated Content within your user workspace.

    • Enabling features such as "Analyze My Brand" (using URL scraping with permission or provided data), "Create Brand Character" (using data you provide or select), "Add Your Product," and "Rewrite / Repurpose" creatives.

    • Facilitating access to data from legitimate APIs (e.g., Facebook Marketplace for ad insights, if such features are implemented) as part of features like "Spy on Competitor Ads."

    • Maintaining and improving the functionality, performance, and security of our Service.

  • To Personalize Your Experience:

    • Remembering your preferences and settings.

    • Tailoring content and features to your interests and usage patterns.

  • For Research, Analytics, and Product Development:

    • Analyzing anonymized usage telemetry and trends to understand how our users interact with the Service.

    • Improving our existing features, AI models (for the NewFrame platform generally, without using your specific, identifiable Brand Assets or Generated Content to train models for other users), and user interface.

    • Developing new tools, features, and services.

  • To Process Transactions and Manage Subscriptions:

    • Processing your subscription payments through our third-party payment processors.

    • Managing your subscription, including renewals, cancellations, and billing inquiries.

    • Communicating with you about your account, billing, and transactions.

  • To Communicate With You:

    • Sending you service-related communications, such as account verification emails, important service updates, security alerts, and support responses.

    • Providing customer support and responding to your inquiries sent to team@newframe.ai.

    • Sending you marketing communications about NewFrame products, features, promotions, and events, where permitted by law and your preferences. You can opt-out of these communications at any time (see Section 6).

  • For Security, Compliance, and to Enforce Our Terms:

    • Protecting the security and integrity of our Service, our users, and our data.

    • Preventing fraud, unauthorized access, and other illegal or harmful activities.

    • Enforcing our Terms of Use and other policies.

    • Complying with applicable laws, regulations, legal processes, or governmental requests.

  • With Your Consent:

    • For any other purpose disclosed to you at the time we collect your information or for which we have your explicit consent.

5. How We Share and Disclose Your Information

We do not sell your personal information. We may share or disclose your information in the following circumstances and with the following types of third parties:

  • With Service Providers and Sub-processors: We engage third-party companies and individuals to perform services on our behalf to help us operate and provide the Service. These service providers have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. This includes:

    • Cloud Hosting Providers: Such as Amazon Web Services (AWS) or Google Cloud Platform (GCP) for data storage, database management, and computing infrastructure.

    • AI Model Providers: Such as OpenAI, to process your inputs (prompts and relevant Brand Assets) and generate outputs. Your data is shared with these providers solely for the purpose of providing the AI generation service to you for your specific request. We have contractual agreements (e.g., Data Processing Addenda, where applicable) with these providers to ensure your data is handled appropriately and not used to train their general models or for other NewFrame users.

    • Payment Processors: Such as Stripe or PayPal, to process your subscription payments securely.

    • Email Delivery Services: Such as Mailgun or Postmark, to send transactional and marketing emails.

    • Analytics Providers: Such as PostHog, Segment, or Google Analytics (if used), to help us analyze anonymized usage data and improve our Service.
      We ensure that our service providers are bound by contractual obligations to protect your personal information and comply with applicable data protection laws.

  • With Third-Party Integrations (At Your Direction):

    • If you choose to connect your NewFrame account with third-party applications or services, such as advertising platforms (e.g., Facebook Ads API, Google Ads API, TikTok Ads API – future functionality) for publishing or managing your ad creatives, we will share information with those services as directed by you and in accordance with your authorizations. The information shared will be limited to what is necessary for the integration to function. Your use of such third-party services is subject to their respective privacy policies and terms.

  • For Legal Reasons and Protection: We may disclose your information if we believe in good faith that such disclosure is necessary to:

    • Comply with a legal obligation, law, regulation, legal process (such as a subpoena or court order), or governmental request.

    • Protect and defend the rights, property, or safety of NewFrame, our users, or the public, including to prevent or stop activity that we consider to be, or to pose a risk of being, illegal, unethical, or legally actionable.

    • Investigate and prevent potential violations of our Terms of Use or other policies.

  • In Connection with Business Transfers: If DreamBox Research Inc. or NewFrame is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We will take steps to ensure the confidentiality of your personal information is maintained and, where appropriate, provide you with notice before your personal information is transferred and becomes subject to a different privacy policy.

  • Aggregated or De-identified Data: We may share aggregated or de-identified information, which cannot reasonably be used to identify you, with third parties for various purposes, including industry analysis, demographic profiling, marketing, analytics, or other legitimate business purposes.

  • With Your Explicit Consent or at Your Direction: We may share your information with other third parties when we have your explicit consent to do so, or when you direct us to share your information.

6. Your Rights and Choices

We believe in providing you with control over your personal information. Depending on your location and applicable laws, you may have certain rights regarding the personal information we hold about you. These may include:

  • Accessing, Updating, or Correcting Your Information:

    • You can review and update certain account information by logging into your NewFrame account and accessing your account settings or profile.

    • If you are unable to correct your information through your account settings, or for other personal information, you may contact us at team@newframe.ai to request access or correction.

  • Deleting Your Account and Data:

    • You may request the deletion of your NewFrame account and associated personal information by contacting us at team@newframe.ai or through designated account settings, if available.

    • Upon receiving a deletion request, we will take steps to delete your Brand Assets and Generated Content from our active systems. This process may involve a purge queue (e.g., data may be fully purged within 30-60 days) as outlined in our data retention practices (see Section 9).

    • Please note that some information may be retained for a longer period if required for legal, tax, billing, or legitimate business purposes (e.g., transaction records, anonymized usage data, or to comply with legal obligations), but such retention will be in accordance with applicable laws.

  • Opting Out of Marketing Communications:

    • You can opt-out of receiving promotional or marketing emails from us at any time by clicking the "unsubscribe" link provided in those emails or by changing your communication preferences in your account settings.

    • Please note that even if you opt-out of marketing communications, we may still send you important non-promotional, service-related communications regarding your account, transactions, or our ongoing business relations.

  • Cookie Management:

    • You can manage your cookie preferences through our cookie consent banner (where applicable, especially for users in regions like the EU/UK) or by adjusting your browser settings. Most browsers allow you to block or delete cookies. However, if you disable essential cookies, some parts of our Service may not function properly. For more details, see Section 7 (Cookies and Similar Technologies).

  • Data Portability:

    • In certain jurisdictions (e.g., under GDPR or CCPA), you may have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format, and to have it transferred to another controller where technically feasible.

  • Objecting to or Restricting Processing:

    • In certain jurisdictions (e.g., under GDPR), you may have the right to object to our processing of your personal information or request that we restrict certain processing, under specific conditions.

  • Withdrawing Consent:

    • Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

  • Exercising Your Rights: To exercise any of these rights, please contact us at team@newframe.ai. We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request to protect your personal information. If we are unable to verify your identity, we may deny your request.

7. Cookies and Similar Technologies

We and our third-party service providers (such as analytics providers) use cookies and similar tracking technologies to collect information about your browsing activities over time and across different websites following your use of our Service.

  • What are Cookies? Cookies are small text files that websites store on your device (computer, tablet, or mobile phone) when you visit them. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

  • How We Use Cookies:

    • Essential Cookies: These cookies are strictly necessary to provide you with the Service and to use some of its features, such as access to secure areas and maintaining your session (e.g., session JWT, CSRF token). Because these cookies are strictly necessary to deliver the Service, you cannot refuse them without impacting how our Service functions.

    • Analytics Cookies: These cookies help us understand how our Service is being used, how effective our marketing campaigns are (if any), and help us customize and improve our Service for you. We use first-party telemetry (e.g., through tools like PostHog or Segment) and may use third-party analytics services like Google Analytics (if implemented). The information collected is typically aggregated and anonymized.

    • Advertising/Retargeting Cookies: At launch, NewFrame does not use cookies for targeted advertising or retargeting purposes. If we introduce such cookies in the future, we will update this Privacy Policy and provide appropriate notice and choices.

  • Your Choices Regarding Cookies:

    • Cookie Consent Banner: For users in jurisdictions requiring consent for non-essential cookies (e.g., the European Union, UK), we will provide a cookie consent banner allowing you to manage your preferences.

    • Browser Settings: Most web browsers allow you to control cookies through their settings preferences. You can set your browser to accept or reject all cookies, or to notify you when a cookie is set. However, if you choose to block all cookies (including essential cookies), you may not be able to access all or parts of our Service.

    • To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

  • Do Not Track Signals: Some web browsers may transmit "Do Not Track" (DNT) signals to websites you visit. Currently, there is no universally accepted standard for how to respond to DNT signals. Therefore, like many other websites and online services, NewFrame does not currently alter its practices when it receives a DNT signal from a visitor’s browser.

8. Data Security

We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards designed to protect the information we collect from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption: We use encryption technologies such as Transport Layer Security (TLS 1.3) to protect data in transit and Advanced Encryption Standard (AES-256) for data at rest.

  • Secure Infrastructure: We utilize cloud service providers (e.g., AWS, GCP) that maintain high security standards, including SOC-2 compliance.

  • Access Controls: We implement role-based access controls to limit access to personal information to authorized personnel who need it to perform their job duties. We may also use Multi-Factor Authentication (MFA) for administrative dashboards.

  • Regular Assessments: We plan to conduct regular security assessments, such as annual penetration tests, and maintain a vulnerability disclosure program.

However, please be aware that no security measures are perfect or impenetrable. Despite our efforts, we cannot guarantee the absolute security of your personal information. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.

9. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. The criteria used to determine our retention periods include:

  • Account and Billing Information: We retain your account information for as long as your account is active. Billing and transaction information (e.g., stored by our payment processors and summary data we keep) will be retained for at least seven (7) years after your account is closed to comply with tax and financial record-keeping obligations.

  • Brand Assets and Generated Content: Your uploaded Brand Assets and AI-Generated Content are retained in your workspace while your subscription is active or until you choose to delete them. If you delete your account, these assets and outputs will enter a purge queue and are typically deleted from our active systems within approximately sixty (60) days, unless retention is required for legal reasons.

  • Usage Logs and Telemetry: Anonymized or aggregated usage logs and telemetry data used for analytics and product improvement are typically retained for a rolling period of twelve (12) months.

  • Legal Requirements: We may retain certain information for longer periods if required by law, regulation, or legal process, or to protect our rights or the rights of others.

Once retention of your personal information is no longer necessary for the purposes outlined in this Privacy Policy, we will securely delete or anonymize it.

10. International Data Transfers

DreamBox Research Inc. is a Delaware C-Corp with operational headquarters in Istanbul, Turkey. Our Service is accessible globally, and your personal information may be processed in and transferred to countries outside of your country of residence, including the United States, where our company is legally domiciled and where some of our service providers (e.g., cloud hosting, AI model providers) are located or operate.

These countries may have data protection laws that are different from the laws of your country. When we transfer your personal information to other countries, we will take appropriate safeguards to ensure that your information is protected in accordance with this Privacy Policy and applicable data protection laws. For individuals in the European Economic Area (EEA), the UK, or Switzerland, this may include relying on mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office, or other legally valid transfer mechanisms.

By using our Service or providing us with your information, you consent to the collection, transfer, storage, and processing of your information in countries outside of your country of residence.

11. Children's Privacy

Our Service is not directed to or intended for use by individuals under the age of 13 (or the equivalent minimum age in the relevant jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete such information from our records as soon as possible.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us at team@newframe.ai so that we can take appropriate action. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and other applicable laws regarding children's privacy.

12. Specific Regional Provisions

12.1 For Residents of the European Economic Area (EEA), United Kingdom (UK), and Switzerland:

If you are a resident of the EEA, UK, or Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR), the UK GDPR, or the Swiss Federal Act on Data Protection (FADP), respectively. DreamBox Research Inc. acts as the "data controller" for your personal data.

  • Legal Bases for Processing: We process your personal data on the following legal bases:

    • Contractual Necessity: To perform our contract with you (e.g., to provide the Service, process payments).

    • Legitimate Interests: For our legitimate business interests (e.g., to improve the Service, for security purposes, analytics), provided these are not overridden by your data protection interests or fundamental rights and freedoms.

    • Consent: Where we have obtained your explicit consent (e.g., for certain marketing communications or use of non-essential cookies).

    • Legal Obligation: To comply with our legal obligations.

  • Your Rights: You have the right to:

    • Request access to your personal data.

    • Request correction of inaccurate personal data.

    • Request erasure of your personal data ("right to be forgotten").

    • Request restriction of processing of your personal data.

    • Object to processing of your personal data (particularly where based on legitimate interests).

    • Request data portability.

    • Withdraw consent at any time (where processing is based on consent).

    • Lodge a complaint with a supervisory authority.

  • Data Protection Officer (DPO) / Representative: We will appoint a DPO and/or an EU/UK representative as required by applicable law in the future. In the meantime, for any inquiries related to your data protection rights, please contact us at team@newframe.ai.

  • International Transfers: When we transfer your personal data outside the EEA, UK, or Switzerland, we rely on appropriate safeguards as described in Section 10 (International Data Transfers).

12.2 For Residents of California:

This section applies to California residents and supplements the information contained in this Privacy Policy, in compliance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

  • Your Rights: You have the right to:

    • Know: Request to know the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collecting, selling, or sharing it, and the categories of third parties to whom we disclose it.

    • Delete: Request the deletion of your personal information, subject to certain exceptions.

    • Correct: Request the correction of inaccurate personal information.

    • Opt-Out of Sale/Sharing: NewFrame does not "sell" personal information in the traditional sense for monetary consideration. Under the CCPA/CPRA, "sharing" can refer to disclosures for cross-context behavioral advertising. At launch, NewFrame does not engage in such "sharing" with third-party ad tech providers. If this changes, we will update this policy and provide a "Do Not Sell or Share My Personal Information" link or mechanism.

    • Limit Use of Sensitive Personal Information: We do not collect "sensitive personal information" as defined by CCPA/CPRA beyond what is necessary to provide the service (e.g., account credentials, payment information processed by third parties). We do not use it for purposes that would require an opt-out right.

    • Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA/CPRA rights.

  • Exercising Your Rights: To exercise these rights, please contact us at team@newframe.ai or via our Delaware postal address. We will verify your request using the information associated with your account. You may also designate an authorized agent to make a request on your behalf.

  • Categories of Personal Information Collected, Disclosed, and Shared: Please refer to Section 3 for details on the categories of personal information we collect and Section 5 for how we share it. As stated, we do not "sell" personal information and do not "share" it for cross-context behavioral advertising at this time.

12.3 For Residents of Turkey:

If you are a resident of Turkey, your personal data is protected under the Law on Protection of Personal Data No. 6698 (KVKK). DreamBox Research Inc., with operational headquarters in Turkey, acts as the "data controller" (veri sorumlusu).

  • Your Rights: Your rights under KVKK largely mirror those under GDPR, including the right to:

    • Learn whether your personal data is processed.

    • Request information if your personal data has been processed.

    • Learn the purpose of processing and whether it's used accordingly.

    • Know the third parties to whom personal data is transferred domestically or abroad.

    • Request correction of incomplete or inaccurate data.

    • Request deletion or destruction of personal data.

    • Request notification of correction/deletion/destruction to third parties to whom data was transferred.

    • Object to a result against you arising from analysis of processed data exclusively by automated systems.

    • Claim compensation for damages due to unlawful processing of personal data.

  • Exercising Your Rights: To exercise these rights, please contact us at team@newframe.ai.

13. Third-Party AI Models and Your Content

To provide our generative AI services, NewFrame utilizes underlying AI models, some of which may be provided by third-party companies such as OpenAI.

  • Processing of Your Content: When you use features that involve AI generation (e.g., creating ads, analyzing your brand, developing brand characters), your inputs—which may include your Brand Assets, text prompts, and other data you provide—are sent to these third-party AI models for processing. This processing is essential to generate the outputs (e.g., images, videos, text) that form part of our Service to you.

  • Your Data is Not Used for General Model Training by NewFrame: As stated previously, NewFrame does not use your specific Brand Assets or the AI-Generated Content created for your account to train general AI models that would be used to provide services to other NewFrame users or third parties. The AI models are fine-tuned or prompted using your data solely for the purpose of enhancing the service and outputs for your specific account.

  • Third-Party Provider Policies: Our agreements with third-party AI model providers (like OpenAI) contractually stipulate that data sent to them for processing on your behalf is not to be used for training their general, publicly available models, or for the benefit of other customers, in line with their enterprise or API data usage policies. We encourage you to review the privacy and data usage policies of these providers (e.g., OpenAI's policies) for further information on how they handle data. The system is designed to reject prompts or inputs that violate the acceptable use policies of these underlying model providers.

  • Responsibility for Inputs: You are responsible for the content you provide as input to the AI models, including ensuring you have the necessary rights and that your inputs comply with our Terms of Use and applicable laws. You must not upload or input personal data of individuals (e.g., real persons' images for training a brand character) without their explicit consent or another valid legal basis.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. If we make material changes, we will notify you by updating the "Effective Date" at the top of this Privacy Policy and by posting the new Privacy Policy on our Service. We may also provide additional notice, such as by sending an email or displaying a prominent notice on our Service, prior to the change becoming effective, particularly for significant changes.

We encourage you to review this Privacy Policy periodically to stay informed about our information practices. Your continued use of the Service after any changes to this Privacy Policy become effective constitutes your acknowledgment and acceptance of the revised Privacy Policy.

15. How to Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us at:

Email: team@newframe.ai

Postal Address (Legal Domicile):
DreamBox Research Inc.
8 The Green, Suite B
Dover, DE 19901
USA