# VendorFrame — Privacy Policy _Last updated: July 2026_ VendorFrame is a browser extension that lets photographers create a shareable, branded download portal for a vendor (florist, venue, caterer, planner, etc.) directly from an open Pixieset gallery — without exporting, zipping, or re-uploading photos. This page states plainly what that requires, what data is collected, who it's shared with, and what VendorFrame never touches. ## What we collect - **Your sign-in email address**, used to send a passwordless magic link so your galleries appear on your dashboard. - **A device-generated photographer ID**, created locally by the extension and linked to your account the first time you sign in on the dashboard. - **The vendor's name and Instagram handle**, entered by you, so a gallery portal can be addressed to them. - **The origin CDN link to each photo you select** — never the photo file itself. - **Each gallery's expiry date, view count, and first-viewed time** (Pro feature: open tracking). - **The usage-agreement text shown in a gallery**, frozen at the moment you send it, so a later template edit never changes an already-delivered agreement. ## What we never store - **The image files themselves.** Every gallery streams photos directly from your existing Pixieset account. When a vendor downloads a gallery, the photos pass through our server in memory only, on their way from your gallery's CDN to the vendor's browser — they are never written to disk or kept. - **Your Pixieset password or any Pixieset credential.** VendorFrame never asks for or has access to your gallery login. - **Payment or card information.** VendorFrame Pro is purchased on a separate storefront (getly.store); the extension itself never collects, transmits, or stores any payment details. License activation is verified entirely on your device using a local cryptographic check — no license or purchase data is ever sent to us. ## Who we share data with - **Supabase**, our database and authentication provider, stores the records above (galleries, vendor details, your sign-in email) and handles magic-link sign-in. Supabase acts as our infrastructure processor and does not use this data for its own purposes. - **Vercel** hosts the public portal and dashboard pages. - We do **not** sell your data, share it with advertisers, or use it for any purpose other than running VendorFrame. ## Signing in The dashboard uses a passwordless magic link sent to your email — there's no password to store or leak. A vendor viewing a gallery never signs in at all. ## Removing a gallery Deleting a gallery from the dashboard removes its record immediately. The underlying photos were never ours to begin with — they remain exactly where your gallery host already has them. An expired gallery's photo links are cleared from our database even if the record itself is kept for your dashboard history. ## Data retention Gallery records are kept until you delete them or your account is closed. Expired galleries retain their metadata (for your dashboard) but not the downloadable photo links. ## Changes to this policy If this policy changes, the updated version will be posted at this same address. ## Questions Reach us at **ohuaya@gmail.com**.