Privacy Policy
Last updated: June 2026
1. Data Collected
MergeFrame collects the bare minimum:
- Email: only if you create an account (optional).
- Payment data: handled by Stripe, never stored by MergeFrame.
- Anonymous usage data: export count (via Plausible Analytics, cookieless).
2. Images
Your images never leave your browser. MergeFrame uses your browser's Canvas API to assemble images. No network upload takes place. MergeFrame cannot see, store, or access your images.
3. Cookies
MergeFrame only uses essential technical cookies (Supabase authentication session). No advertising tracking cookies are used. Analytics are performed via Plausible, without cookies.
4. Legal Basis (GDPR)
- Contract performance: processing necessary to provide the service.
- Legitimate interest: anonymous analytics to improve the service.
- Consent: for marketing email sends (if offered in the future).
5. Your Rights
In accordance with the GDPR, you have the right to access, rectify, erase, and port your data. Contact: contact@mergeframe.com.
6. Subprocessors
- Vercel (hosting) — United States, EU-US Data Privacy Framework (DPF).
- Supabase (authentication) — United States, EU-US Data Privacy Framework (DPF).
- Stripe (payments) — United States, EU-US Data Privacy Framework (DPF).
- Plausible Analytics (stats) — EU, GDPR compliant.
Contact : contact@mergeframe.com