Privacy Policy
Your messages are never stored. Here's exactly how it works.
Last Updated: February 18, 2026
The Short Version: Your messages are processed in real-time and immediately discarded. We never store what you type. We never store what they said. We track patterns and metadata — never content. You're always in control.
What We Store (Always)
Every time you use reFrame, we save the following metadata to help you track your growth:
- When you used reFrame — timestamp
- Which relationship type you selected — e.g., Partner, Manager, Friend
- Which communication patterns were detected — both harmful (e.g., “gaslighting,” “contempt”) and healthy (e.g., “validation,” “accountability”)
- How severe the patterns were — the classification, not the words
- What you chose to do — edited your message, sent as-is, or used our suggestion
- How many characters your message contained — not the message itself
- Your behavioral patterns over time — are you editing more? Using healthier language?
- Your Clean Message Rate — percentage of messages with zero toxic patterns detected
- Entity classification metadata — whether a message appears human-written or AI-generated (classification only, not content)
- R³ compliance scores — quantitative scores measuring Regulated, Respectful, Repairable qualities (numbers, not text)
What We Never Store (By Default)
- Your messages
- The context you describe
- The reframed version we generate
- Any text you type — it's processed in real-time and discarded
This is not a marketing claim. It's how the system is built. Our database tables store character counts where you'd expect message fields. The text exists in memory for 1–2 seconds while we process it, then it's gone.
If You Choose to Enable Message History
Authenticated users can opt into “Store for My Review” in their Settings. If you do:
- Your messages are encrypted and stored
- Only you can see them
- You can delete them at any time
- You can switch back to “process and discard” whenever you want
- New messages after switching back will not be stored
This is entirely optional. Most people never need it. The default is maximum privacy.
What We Never Do
- Sell your data
- Train AI on your messages
- Share your information with third parties for advertising
- Show ads based on your communication patterns
- Build profiles of “who said what to whom”
- Diagnose anyone as “an abuser”
- Track you across other websites
CPI Communication Pattern Intelligence & Your Privacy
What is CPI?
CPI (Communication Pattern Intelligence) analyzes communication patterns in real-time based on 40+ years of research from the Gottman Institute. It detects toxic patterns like criticism, contempt, defensiveness, stonewalling, gaslighting, and manipulation — as well as healthy patterns like accountability, repair attempts, and active listening — in both directions — what you're about to send AND what you've received.
When you paste what someone said to you, here's what happens:
- We analyze the text to identify toxic patterns
- We show you what we found (“This message contains gaslighting”)
- We help you respond with dignity
- We do NOT store their message
- We do NOT identify who said it
- We do NOT diagnose anyone
Every message — yours AND theirs — is processed and then discarded. We never build a database of conversations.
What CPI Is NOT
- NOT a diagnosis — CPI identifies communication patterns, not mental health conditions
- NOT therapy — it's educational, not a substitute for professional counseling
- NOT judgment — it evaluates specific patterns, not you as a person
- NOT blocking — you always maintain full control. CPI informs, you decide
Third-Party Services
Anthropic (Claude AI)
Your messages are processed through Anthropic's API to generate reframes and perform CPI analysis. Anthropic does not use API data to train their models. Messages are processed in real-time and not stored by Anthropic.
Supabase (Database)
We use Supabase to store the metadata described above (pattern types, severity levels, timestamps). Supabase does NOT have access to your actual messages. Supabase is SOC 2 Type II and GDPR compliant.
Vercel (Hosting)
Our website is hosted on Vercel's infrastructure. They handle website operations but do not have access to your messages or analytics data.
Google Analytics
We use Google Analytics to understand how people use our site (which pages are visited, general usage patterns). This data is anonymized. You can opt out using browser extensions like uBlock Origin or Privacy Badger.
Chrome Extension
The reFrame Chrome extension provides the same communication analysis directly in your browser. Here's how it handles your data:
How It Works
When you highlight text on any webpage and select “Check with reFrame,” the selected text is sent to our servers at wereframe.com for analysis. The same privacy rules apply — your text is processed in real-time and immediately discarded. Nothing you highlight is stored.
What the Extension Accesses
The extension only reads text you explicitly select and submit. It does not:
- Read your browsing history
- Monitor your keystrokes
- Scan page content in the background
- Access your passwords or form data
- Run on any page unless you activate it
Permissions Explained
The extension requests a minimal set of permissions, each for a specific purpose:
- Active Tab — allows the extension to read text you've selected on the current page, only when you activate it via right-click. It cannot read other tabs or background pages.
- Context Menus — adds the “Check with reFrame” option to your right-click menu.
- Side Panel — displays analysis results in a panel alongside your current page.
- Storage — saves your anonymous session token locally in your browser so we can track your communication growth over time. This token contains no personal information.
Data Flow
Selected text travels from your browser to wereframe.com over an encrypted connection (HTTPS), is processed by the same AI engine as the web app, and is immediately discarded. No text is stored on our servers, in the extension, or anywhere else.
Anonymous by Default
The extension works without an account. If you're signed into reFrame, your pattern metadata (not your messages) syncs with your dashboard. If you're not signed in, the extension works identically — just without persistent growth tracking.
Your Rights
You have the right to:
- Access — request a copy of any data we have about you
- Delete — request deletion of your data at any time
- Opt out — clear your session token (localStorage) or use incognito mode
- Correct — update any inaccurate information
- Port — request your data in a machine-readable format
- Transparency — ask how CPI works or what patterns were detected
To exercise any of these rights, email us at info@wereframe.com.
Data Security
- All data is transmitted over encrypted connections (HTTPS)
- Messages exist in server memory for 1–2 seconds, then they're gone
- Rate limiting protects against abuse (Sprint 15)
- Content Security Policy headers prevent cross-site attacks
- Row Level Security ensures you can only see your own data
- Session tokens are random and anonymous
However: No system is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security. Use reFrame with the understanding that any data transmitted online carries some risk.
Data Retention
Messages: Deleted immediately after processing. Never stored in our database.
Anonymous session metadata: Retained for 90 days, then automatically deleted.
Authenticated user data: Retained while your account is active. You can delete all your data at any time.
Message history (Tier 2 opt-in only): Retained until you delete it or switch back to Process & Discard.
Safety audit logs: Internal decision records retained for 1 year. Contains no message content.
Google Analytics: 14 months per Google's default. No personally identifiable information.
Important Limitations
- reFrame is an educational tool, not professional therapy or counseling
- CPI detects communication patterns, not mental health conditions
- We are not responsible for the outcomes of conversations
- If you are experiencing abuse or safety concerns, please contact appropriate authorities or crisis resources
- reFrame is not a substitute for professional help in cases of domestic violence, mental health crises, or legal matters
Children's Privacy
reFrame is not intended for children under 13. We do not knowingly collect data from children under 13.
International Users
reFrame is operated from the United States. If you're using reFrame from outside the US, your data may be transferred to and processed in the US.
Cookies
- Session token (localStorage): Your anonymous identifier, stored in your browser
- Analytics cookies (Google Analytics): Help us understand site usage (optional, can be blocked)
We do NOT use advertising or third-party tracking cookies.
California Privacy Rights (CCPA)
- Right to know what personal information we collect and how it's used
- Right to delete personal information
- Right to opt out of data sales (we don't sell data)
- Right to non-discrimination for exercising your privacy rights
European Privacy Rights (GDPR)
- Right to access your data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
Legal basis for processing: Legitimate interest (product improvement) + Consent (by using reFrame)
Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be noted with an updated “Last Updated” date at the top of this page.
Contact Us
Questions about this Privacy Policy or how we handle your data:
Email: info@wereframe.com
Website: wereframe.com
Our Promise: We built reFrame to help people communicate better, not to collect their data. Your messages are processed and discarded because that's the right thing to do — not because a regulation required it. If you ever have concerns, reach out. We're here to help.
Last reviewed: February 2026