Privacy Policy
How Frame handles personal information across accounts, purchases, saved reports, and support.
This page explains the personal information Frame uses to run accounts, process purchases, save reports, support customers, and keep the platform working.
Who controls the data
Shift The Story controls the personal information processed through Frame. Frame is the premium product platform within the Shift The Story ecosystem.
What we collect
Account data: name, email address, login and verification details, password hashes, and profile settings.
Purchase and payment data: product selected, purchase status, provider references, gift-recipient details where applicable, and payment confirmations. Card details are handled by the payment processor, not stored directly in Frame.
Assessment and report data: answers, session progress, generated reports, private notes, PDFs, archive history, and related experience access records.
Support and contact data: emails, support notes, refund discussions, and operational records needed to resolve problems.
Website and service-use data: security logs, operational analytics, cookie preferences, and limited event data used to understand product performance. Where non-essential cookies or similar technologies are used, consent should be gathered before they are activated.
Marketing and interest data: quiet-list, waitlist, or future-experience signups where a user chooses to hear about new releases. These are separate from essential account and purchase emails.
Why we use it
To create and maintain accounts, process purchases, deliver access, save progress, generate reports, and keep archive access working.
To provide support, answer questions, investigate payment or access issues, and handle refunds or privacy requests.
To secure the platform, prevent misuse, understand failures, and improve the quality of the experiences over time.
To send essential service communications such as account verification, purchase confirmations, gifted-access emails, and report-ready notifications.
To send optional future-experience or product updates only where the user has clearly chosen to receive them.
Lawful basis structure
The main lawful bases are contract, legitimate interests, legal obligation, and consent where optional marketing or non-essential cookies are used.
For example, Frame uses contract to provide paid access and reports, legitimate interests to keep the service secure and improve reliability, legal obligation for records that must be kept, and consent for optional analytics or product-update messages.
Who information may be shared with
Hosting, storage, email, support, payment, and analytics providers that help operate the service.
Stripe or another configured payment processor for payment handling and fraud checks.
Professional advisers, developers, or contractors where needed to support the service and subject to appropriate confidentiality and data-protection arrangements.
Authorities or regulators where legally required.
How long information is kept
Account, purchase, access, and report records are usually kept while the account remains active and for a reasonable period afterwards to support archive access, dispute handling, tax records, and operational integrity.
Support records are usually kept for as long as they are operationally useful and then removed or anonymised.
Cookie preferences are kept only for as long as needed to remember the choice.
Where a precise retention period is not set out here, records are kept only for as long as they are reasonably needed for the purpose described, then removed or anonymised where appropriate.
Your rights
Depending on the circumstances, you may have the right to ask for access to your personal information, correction, deletion, restriction, objection, portability, or withdrawal of consent where consent is being relied on.
To make a privacy request, email privacy@shiftthestory.co.uk. If you remain unhappy, you can complain to the Information Commissioner's Office (ICO).