Do I need to disclose Framer in my privacy policy?

Yes. Because Framer collects personal data from your website visitors, you must disclose this in your privacy policy. Framer qualifies as a data processor under GDPR and CCPA, and transparency about its use is a legal requirement. Omitting this disclosure could result in regulatory violations and loss of user trust.

What data does Framer collect from my website visitors?

Framer collects form submission data (information users voluntarily enter into forms on your site) and IP addresses (automatically collected when visitors access your website). The specific data collected depends on which forms you include and what fields you configure.

Does Framer use cookies that require a consent banner?

No cookies from Framer are currently documented. However, you should monitor Framer's updates, as this may change. If you use other analytics or tracking tools alongside Framer, those may require a consent banner under GDPR and similar regulations.

Who processes my visitor data and where is it stored?

Framer B.V., a company based in the Netherlands (EU), acts as your data processor. Since Framer operates within the EU, data processing benefits from GDPR protections. You remain the data controller responsible for ensuring lawful data handling and user rights compliance.

CMS

Privacy policy clauses for Framer

Framer is a design-to-website builder and content management system that enables users to create and publish websites without coding. Websites use Framer to streamline the design and deployment process while collecting visitor data through form submissions and analytics.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Framer collects

Your privacy policy must disclose each of the following data types when you use Framer.

Form submissions

IP address

When does Framer trigger privacy obligations?

Installation and Form Data Collection

Adding Framer to your site triggers privacy obligations the moment it begins collecting form submission data and capturing visitor IP addresses. These are personal data under GDPR Article 4(1) and CCPA Section 1798.100, regardless of whether you think the data is sensitive.

Applicable Regulations

GDPR (EU/EEA visitors): If your site reaches any EU resident, Framer B.V. (Netherlands) becomes a data processor. You are the controller. GDPR Articles 5 (lawfulness, transparency, purpose limitation) and 28 (processor contracts) apply immediately. You must have a Data Processing Agreement (DPA) in place before data flows to Framer.

CCPA (California): If you collect form data from California residents, the IP address and form content are personal information under CCPA Section 1798.100. You must disclose collection in your privacy policy and honor consumer rights (access, deletion, opt-out).

ePrivacy Directive (EU/EEA): IP logging may require consent under Article 5(3) depending on whether it constitutes tracking.

Privacy policy clauses for Framer

What data Framer collects

When does Framer trigger privacy obligations?

Installation and Form Data Collection

Applicable Regulations

First Concrete Step

Where data goes

Common compliance pitfalls

Missing or Outdated Data Processing Agreement

Incomplete Privacy Policy Disclosure

Conflating Consent and Legitimate Interest

Sample privacy policy clause

What regulators look for

Primary DPA Audit Triggers

Enforcement Priorities

Frequently asked questions

Do I need to disclose Framer in my privacy policy?

What data does Framer collect from my website visitors?

Does Framer use cookies that require a consent banner?

Who processes my visitor data and where is it stored?

Don't ship without Bandit.