Framedash
The authoritative version of this document is the Japanese original. This translation is provided for convenience only.

Privacy Policy

Last updated: March 31, 2026

1. Introduction

Crane Valley LLC ("Company", "we", "us") operates the Framedash service. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

Data Controller

  • Company: Crane Valley LLC
  • Address: Ginza Otake Bldg. 2F, 1-22-11 Ginza, Chuo-ku, Tokyo, Japan
  • Representative: Kiyoaki Tsurutani
  • Contact: privacy@framedash.dev

2. Information We Collect

2.1 Account Information

When you create an account and use the Service, we collect:

  • Name and email address (at registration)
  • Password (stored as a cryptographic hash, at registration)
  • OAuth provider identifiers and provider-issued tokens such as access tokens and refresh tokens (if using social sign-in, stored to maintain the linked account)
  • Organization name (when creating a workspace)
  • Billing information (when subscribing to a paid plan, processed by Stripe)
  • Map images and project logos (when uploaded by you)

2.2 Telemetry Data

When you integrate our SDK into your game, we receive telemetry data that you configure the SDK to send. This may include:

  • Performance metrics (FPS, frame time, GPU time, memory usage)
  • Player position coordinates and map identifiers
  • Game events (configurable by you)
  • Device and platform information
  • Build identifiers and session metadata

Telemetry Data is associated with your project. Unless you include personal identifiers, we do not treat Telemetry Data as information that identifies individual End Users. However, please note that combinations of device information and session metadata may constitute personal data or personal information under applicable laws.

2.3 Usage Data

We automatically collect information through server-side logs and error monitoring tools (Sentry) about how you use the dashboard, including pages visited, features used, and browser/device information, to improve the Service.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process payments and manage your subscription
  • To send transactional emails (alerts and notifications)
  • To send important service-related notices (such as changes to Terms of Service)
  • To respond to customer inquiries and provide support
  • To perform statistical analysis using anonymized and aggregated data, including for industry benchmarking and inclusion in marketing materials
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not sell your personal information to third parties.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process personal data on the following legal bases under GDPR Article 6:

  • Performance of a contract (Art. 6(1)(b)): providing the Service, managing your account and subscription, processing payments, and delivering transactional communications.
  • Legitimate interests (Art. 6(1)(f)): improving and securing the Service, performing statistical analysis on anonymized data, detecting and preventing fraud or abuse, and responding to support inquiries.
  • Legal obligation (Art. 6(1)(c)): retaining billing and accounting records as required by applicable tax and accounting laws, and responding to lawful requests from authorities.

4. Data Storage and Processing

  • Account data is stored in Neon PostgreSQL (cloud-hosted).
  • Telemetry data is stored in ClickHouse (cloud-hosted).
  • User-uploaded files (map images and project logos) are stored in Cloudflare R2 object storage.
  • Data may be processed in Japan, the United States, and other countries where our sub-processors operate.
  • We use industry-standard encryption for data in transit (TLS) and at rest.

Security Measures

We implement organizational and technical security measures to prevent leakage, loss, or damage to personal information. For details, please refer to Section 11 (Security) of our Terms of Service.

5. Data Retention

  • Telemetry data retention periods are configured per plan (Free: 7 days, Starter: 30 days, Pro: 90 days, Team: 180 days, Enterprise: 365 days). We periodically run an automatic purge process that deletes expired telemetry data. Raw events are deleted once they exceed the plan-configured retention period. Daily aggregates are retained for the plan retention period or 30 days, whichever is longer, to maintain reporting accuracy. Player first-seen records (the earliest timestamp at which a player identifier was observed) are excluded from the automatic purge to support retention cohort analysis. Because the purge runs as a batch process, there may be a delay of up to several days between the retention period expiring and the physical deletion of data.
  • Account data is retained while your account is active.
  • After the account deletion grace period ends, we delete your data within 30 days. Complete purging from backups shall be completed within 90 days after production deletion. Audit trail records required for legal compliance or security purposes may be retained beyond this period.
  • Billing and payment records are retained in accordance with applicable tax and accounting laws (up to 7 years under Japanese law).

6. Third-Party Services

We use the following third-party services (sub-processors) that may process your data. The privacy policies of each service apply.

  • Stripe (payment processing)
  • Cloudflare (CDN, DDoS protection, Workers runtime, R2 object storage)
  • Auth.js providers (Google, GitHub, Microsoft for OAuth)
  • Neon (PostgreSQL database hosting)
  • ClickHouse Cloud (telemetry data storage)
  • Resend (transactional email delivery)
  • Sentry (error monitoring and performance tracking)
  • Upstash (rate limiting and caching via Redis)
  • Vercel (web application hosting and serverless runtime)

Sub-processor Oversight

Where any sub-processor further delegates processing to a third party, we ensure that the sub-delegate maintains a level of personal information protection equivalent to this Policy. We will update this Policy to notify you of any changes or additions to sub-processors.

Cross-border Transfers under APPI

When entrusting the processing of personal data to operators located outside Japan, we obligate such operators to continuously implement measures equivalent to those required under the Act on the Protection of Personal Information of Japan (APPI).

7. Your Rights

You may exercise the following rights under the Act on Protection of Personal Information (APPI) and other applicable laws.

  • Request disclosure of personal data we hold
  • Request correction, addition, or deletion of inaccurate data
  • Request suspension of use or erasure of data
  • Request cessation of third-party data sharing
  • Export your data in a portable format (for users in GDPR-applicable regions)

To exercise these rights, contact us at privacy@framedash.dev.

Upon verifying your identity, we will respond within one month as a general rule.

Disclosure Request Procedure

Requests for disclosure, correction, or suspension of use under the Act on the Protection of Personal Information shall be made as follows:

  • Submit your request in writing (email accepted) to privacy@framedash.dev.
  • Identity verification: Please provide a copy of an identity document (driver's license, passport, or equivalent). Requests by an authorized representative require a power of attorney and the representative's identity document.
  • Response method: We will respond in writing (including electronic records) to the email address registered with your account.
  • Fees: A fee of JPY 1,000 (tax included) per disclosure request applies under APPI. No fee is charged for correction or suspension requests. For users in the EEA and United Kingdom, access requests under the GDPR are free of charge.

Complaints

For complaints regarding our handling of personal information, please contact privacy@framedash.dev. If we are unable to resolve your complaint, you may consult the Personal Information Protection Commission (PPC) at https://www.ppc.go.jp/.

Additional Information for EEA and UK Users

If you are located in the EEA or the United Kingdom, the following additional information applies:

  • Right to object: You may object at any time to processing based on legitimate interests (Art. 21 GDPR). Our legitimate interests are: improving and securing the Service through usage analytics, preventing fraud and abuse, and providing customer support.
  • Supervisory authority: You have the right to lodge a complaint with the supervisory authority of the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.
  • Contractual necessity: Providing your account information (name and email address) is necessary to enter into and perform our contract with you. If you do not provide this information, we cannot create your account or provide the Service.

8. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately. Users aged 16 to 17 must obtain consent from a parent or legal guardian before using the Service. We treat their personal information on the assumption that such consent has been obtained.

9. Cookies

We use cookies for the following purposes. We do not use third-party tracking cookies or advertising cookies.

  • Authentication and session management (maintaining login state)
  • Storing user preferences (sidebar open/closed state, last selected project, active workspace, etc.)
  • Security protection (Cloudflare cookies for bot detection and DDoS mitigation)
  • Error monitoring (Sentry cookies for session tracking and error replay)
  • Payment processing (checkout is handled on Stripe-hosted pages; Stripe may set its own cookies on its domain during the checkout session)

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.

11. Data Breach Notification

In the event of a security breach affecting your data, we will notify you within the timeframe required by applicable law. See Section 11 (Security) of our Terms of Service for details.

12. Contact

For questions about this Privacy Policy, contact us at privacy@framedash.dev.