# PRIVACY POLICY

**The Frame Vault - theframevault.com**

**Last updated: 25 April 2026**

---

## 1. Who we are

This Privacy Policy explains how Impish Things KB (organisation number 969746-8313, registered in Sweden) - trading as The Frame Vault - collects, uses, and protects personal data when you visit our website or purchase one of our digital products.

For any privacy-related question, contact us at [email protected].

We are the data controller for the personal data described in this policy.

---

## 2. What we collect

We collect personal data only where it is necessary to operate the website, process your purchase, and deliver the product you bought.

### 2.1 Information you give us at checkout

When you purchase a prompt pack, we collect:

- Your name (or the name you choose to provide)
- Your email address
- Your billing country and any other information required by our checkout provider for tax and fraud-prevention purposes
- Payment details - note that payment information is processed directly by our payment provider and is never stored on our servers

### 2.2 Information collected automatically

When you visit our website we may collect:

- Standard server log information (IP address, browser type, pages visited, time of visit)
- Anonymised analytics data showing how visitors use the site

We do not use invasive tracking, behavioural advertising pixels, or cross-site cookies for marketing purposes.

### 2.3 Information you give us by email

If you reply to one of our emails - for example to opt in to the Volume III announcement list, or to ask a question - we keep that correspondence so we can respond and follow up.

---

## 3. Why we collect it (legal basis under GDPR)

We process personal data only for the purposes set out below, and only on the legal bases listed.

| Purpose | Legal basis |
|---|---|
| To process your order, charge payment, and deliver your PDF | Performance of a contract |
| To send you a delivery email and order confirmation | Performance of a contract |
| To send you a follow-up email about a future volume - only if you have opted in | Consent |
| To respond to your questions and provide customer support | Legitimate interest |
| To meet tax, accounting and other legal obligations | Legal obligation |
| To detect and prevent fraud or abuse of our website | Legitimate interest |
| To improve our website using anonymised analytics | Legitimate interest |

---

## 4. Marketing emails

We do not add anyone to a marketing list automatically.

If you want to be told when a future volume launches, you opt in by replying to your delivery email with the word "yes." That reply is your consent. You can withdraw that consent at any time by replying with "remove" or by emailing [email protected].

We will never sell, rent, or share your email address with third parties for their own marketing.

---

## 5. Who we share your data with

Your personal data is shared only with the service providers we need in order to run the business. Specifically:

- Our checkout and digital delivery provider (Ivory)
- Our payment processor (which handles your card details directly and shares only what we need to confirm the transaction)
- Our email delivery provider (used to send your order confirmation, delivery email, and any follow-up emails you have opted into)
- Our website hosting provider
- Our accountant, where required for tax and bookkeeping

Each of these providers is contractually bound to handle your data securely and only for the purposes we've engaged them for. Where any of them is located outside the EU/EEA, transfers are protected by Standard Contractual Clauses or another safeguard recognised under GDPR.

We do not share your data with anyone else, and we do not sell it under any circumstances.

---

## 6. How long we keep your data

| Type of data | Retention period |
|---|---|
| Order records (name, email, what you bought, when) | 7 years (Swedish bookkeeping requirement) |
| Email correspondence | Up to 2 years after our last exchange |
| Volume III announcement list (if you opted in) | Until you ask to be removed |
| Anonymised website analytics | Up to 2 years |

When the retention period expires, your data is deleted or fully anonymised.

---

## 7. Your rights under GDPR

If you are in the EU, the EEA, or the UK, you have the following rights in relation to your personal data:

- Right of access - to ask what personal data we hold about you, and to receive a copy
- Right of rectification - to ask us to correct anything inaccurate
- Right of erasure - to ask us to delete your personal data, subject to our legal obligation to retain order records for tax purposes
- Right to restrict processing - to ask us to pause processing your data while a question is resolved
- Right to data portability - to receive your data in a portable format
- Right to object - to processing based on legitimate interest
- Right to withdraw consent - at any time, where processing is based on consent

To exercise any of these rights, email [email protected]. We will respond within thirty days.

If you believe we have mishandled your data, you also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (**Integritetsskyddsmyndigheten - IMY**) at imy.se, or with the data protection authority in your country of residence.

---

## 8. Cookies

We use only the cookies necessary to make the website work and to anonymously measure how it's used. We do not use cookies for advertising or to track you across other websites.

You can control cookies through your browser settings. Disabling them may affect how the website functions but will not prevent you from completing a purchase.

---

## 9. Security

We take reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, or unlawful disclosure. The most sensitive data - your payment information - is handled directly by our payment provider on PCI-compliant infrastructure and is never seen by us.

No transmission over the internet is ever 100% secure. If a security incident were to occur that affected your personal data, we would notify you and the relevant supervisory authority in accordance with our legal obligations.

---

## 10. Children

The Frame Vault sells adult content and is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe a child has submitted personal data through our website, contact [email protected] and we will delete it.

---

## 11. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available at theframevault.com. The "Last updated" date at the top of this page tells you when it was most recently revised.

---

## 12. Contact

For any privacy-related question, request, or complaint, contact:

**[email protected]**

Impish Things KB
Org. nr. 969746-8313
Sweden