Privacy Policy
Last updated: October 2025
Who we are
Extended Frames (“Extended Frames”, “we”, “us”, “our”) provides presentation, creative design consultancy, and video services. This Privacy Policy explains what personal information we collect, how we use and share it, and your choices.
Contact: [email protected]
Registered/ Postal address: Extended Frames, Lumshyiap Pdengshnog, Golf link, Shillong-793001
If you’re in the EEA/ UK: Extended Frames is the data controller for processing described here (unless stated otherwise).
Grievance/ Privacy contact (India DPDP): use [email protected] until a dedicated address is set.
1. Information we collect
Identity & contact: name, business email, phone, company, role, country.
Project content: briefs, copy, brand assets, images/ video, commentary/ edits, approvals.
Account & transaction: proposals, SOWs, invoices, payment confirmations (payment is handled by processors; we don’t store card numbers).
Usage & device: pages viewed, IP address, device/ browser info, referring/ exit pages, timestamps, approximate location; cookies or similar tech.
Marketing preferences: email opt-ins/ opt-outs, topics of interest.
Recruitment (if you apply): résumé/ CV, portfolio links, interview notes.
Sensitive/ special data: we don’t seek sensitive data. If you choose to share it (e.g., within project files), we process it only as needed to provide the service and under appropriate safeguards.
2. How we use your information
Provide and manage services: scoping, design/ production, delivery, support, and account management.
Communicate: proposals, service messages, updates, surveys, marketing (with your consent where required).
Improve & secure: troubleshooting, analytics (aggregate), quality assurance, security monitoring, fraud prevention.
Legal & compliance: record-keeping, tax/ audit, responding to lawful requests, enforcing agreements.
Legal bases (EEA/ UK): consent; contract; legitimate interests (e.g., securing our services, running a design studio); legal obligations. GDPR rights include access, rectification, erasure, portability, restriction, objection, and rights related to automated decisions.
3. Cookies & similar technologies
We use essential cookies (security, session), functional cookies (preferences), and limited analytics. You can control cookies via your browser or a consent banner where required. We do not use cookies for interest-based ads unless clearly disclosed with an opt-out.
(For accessibility and alt-text guidance we follow ICO best practices.)
4. When we share information
We share personal information only with:
Service providers/ processors that help us operate (hosting/ CDN, project management, file transfer, email, analytics, payment processing). They act under contract and only on our instructions.
Professional advisers (accounting, legal) under confidentiality.
Business transfers (merger, acquisition).
Legal reasons: to comply with law, protect rights, safety, and prevent fraud.
We don’t sell personal information. If we ever “sell” or “share” data as defined under CPRA (e.g., for cross-context behavioral advertising), we will provide a “Do Not Sell or Share My Personal Information” link and honor opt-outs.
5. International transfers
We may process and store data in countries outside your own (including India and the US). For EEA/UK data, we use recognized transfer mechanisms such as Standard Contractual Clauses (SCCs) (EU) or the UK IDTA/ Addendum when appropriate.
6. How long we keep information
We keep personal information only as long as needed for the purposes above, typically:
Active client files: for the project term plus 7 years for tax/ audit/ legal.
Prospect inquiries: 24 months from last interaction.
Recruitment: 12 months (or as required by law).
When no longer needed, we delete or anonymize data subject to backup/ archival limits.
7. Security
We use organizational and technical measures designed to protect personal information (least-access permissions, segregated brand libraries, versioned sources, encryption in transit, limited access, logging). No method is 100% secure; please use strong passwords and share credentials only through agreed secure channels.
8. Your rights and choices
If you are in the EEA/ UK (GDPR/ UK GDPR)
You can request: access, correction, erasure, restriction, portability, objection (including to legitimate interests/ marketing), and to withdraw consent at any time. You also have the right to lodge a complaint with your data protection authority (e.g., the ICO in the UK). We respond within one month (extendable by two months for complex requests).
How to exercise: email [email protected] with “Privacy Request” and your country of residence.
If you are in California (CCPA/ CPRA)
You have the right to know/ access, delete, correct, opt-out of sale/ share, and limit use/ disclosure of sensitive personal information, plus the right to be free from discrimination for exercising your rights. We will verify your request and respond within 45 days (extendable by 45 more). If applicable, use our “Do Not Sell or Share My Personal Information” link.
If you are in India (DPDP Act, 2023)
You can access, correct, update, and erase your personal data, withdraw consent, and raise grievances with our Grievance Officer; you may also nominate someone to exercise rights on your behalf in case of incapacity or death, as applicable.
9. Children
Our services are not directed to children under 13. We do not knowingly collect personal information from children. If we learn that a child under 13 has provided personal information, we will delete it or obtain verifiable parental consent as required by COPPA.
10. Marketing communications
If you subscribe, we may send newsletters or updates. You can unsubscribe at any time via the email footer or by contacting us. We will still send service/ transactional messages related to your projects.
11. Third-party links and integrations
Our website may link to third-party sites (e.g., file transfer, scheduling, video hosting). Those sites are governed by their own privacy policies. Please review them before sharing information.
12. Automated decision-making
We do not use automated decision-making that produces legal or similarly significant effects without human involvement. If we ever introduce such processing, we will disclose it and provide the rights/ appeals required by law.
13. Region-specific disclosures (summary)
EEA/ UK: We rely on consent, contract, legitimate interests, and legal obligations; your GDPR rights are listed above. Supervisory authorities and complaint routes are available in your country (e.g., the UK ICO). ICO
California: We describe categories collected, purposes, and whether we “sell” or “share” PI. Consumers can opt-out of sale/ share and limit sensitive PI. We do not retaliate for exercising rights. privacy.ca.gov
India: Processing is based on consent and specified legitimate uses under the DPDP Act; a Grievance Officer and redress mechanism are provided. Draft rules are being finalized by MeitY; we will update this policy as they are enacted. MeitY+1
14. Changes to this Policy
We may update this Policy from time to time. We’ll change the “Last updated” date above and, where required, notify you by email or site notice.
15. How to contact us
Privacy & general inquiries: [email protected]
Postal: Extended Frames, Lumshyiap Pdengshnong, Golf link, Shillong-793001
If you’re in the EEA/ UK: you may also contact your data protection authority (e.g., ICO in the UK) to lodge a complaint. ICO
