Privacy Policy

Last updated: March 3, 2026

1. Information We Collect

1.1 Personal Information

We collect information you provide directly to us, including:

• Name and email address when you create an account
• Profile information including first name, last name, birthday, location, company, industry, and website
• Payment information for processing transactions (handled securely by Stripe)
• Communications you send to us

1.2 Account & Authentication

When you create an account, we store:

• Email address and encrypted password (managed by Supabase Auth)
• Account creation date and last login timestamp
• Subscription tier and account status

1.3 Usage Information

We automatically collect certain information when you use our Service:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies
• Log data (access times, pages viewed, app crashes)
• API usage statistics (endpoints called, operations performed)

1.4 Content Information

When you upload files for processing, we temporarily store and process this content. This includes:

• Uploaded files (images, videos, audio, PDFs, and other media)
• Generated content from AI processing
• Processing parameters and settings

We do not use your content to train our AI models or share it with third parties without your explicit consent, except as necessary to process your requests through our AI providers.

1.5 Financial Information

For payment processing, we collect and store:

• Credit balance and transaction history
• Stripe customer ID for payment processing
• Purchase history and payment status
• Credit expiration dates (credits expire 1 year after purchase)

Actual payment card data is never stored on our servers. All payment processing is handled securely by Stripe.

1.6 API Keys

When you create API keys for programmatic access:

• We store a cryptographic hash of your API key (never the plain text key)
• We store the key prefix for identification purposes
• We track key creation date, last usage, and active status
• API keys can be revoked at any time from your account settings

2. Feature-Specific Data Collection

2.1 Media Library

Your media library stores uploaded and generated files. We track storage usage per subscription tier with defined limits. Files remain in your library until you delete them or your account is terminated.

2.2 Brand Guidelines

When you create brand guidelines, we store:

• Brand name, description, tagline, and logo
• Color palettes (primary, secondary, accent colors)
• Typography settings and font pairings
• Brand voice information (mission, vision, values, personality)
• Target audience and buyer persona information
• Mood images and design system specifications

2.3 Workflows

For workflow automation features, we store:

• Workflow names, descriptions, and configurations
• Node configurations and connection settings
• Execution history including status, timestamps, and error logs
• Step/node results and output URLs

2.4 Video Editor

Video projects include:

• Project names, descriptions, and video ideas
• Scene configurations with scripts, images, and video URLs
• Style settings, format preferences, and length specifications

2.5 Prompt Gallery

Content submitted to the Prompt Gallery is publicly visible. This includes:

• Prompt text and category
• Generated images or videos
• Your display name as submitter
• Model used and generation parameters

By submitting to the Prompt Gallery, you grant us permission to display this content publicly with attribution.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and manage credit balances
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns and trends
• Enforce storage quotas and subscription limits
• Detect, prevent, and address technical issues
• Process media files through AI providers
• Execute automated workflows
• Comply with legal obligations

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• AI Processing Providers: Your content is transmitted to AI providers (including OpenAI, Google, Anthropic, and others) to process your requests
• Payment Processing: Stripe processes your payments; we share only necessary payment information
• Infrastructure Services: Supabase provides database, authentication, and storage services
• Analytics Services: With your consent, we use Hotjar and Google Analytics for usage analytics
• Legal Requirements: We may disclose information if required by law or to protect our rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred
• Consent: With your explicit consent

5. Third-Party Services

Our Service integrates with the following third-party providers:

AI Processing

• OpenAI (GPT models, DALL-E, Whisper)
• Google (Gemini models)
• Anthropic (Claude models)
• Other AI providers as listed in our service

When you use AI features, your data may be transmitted to these providers in accordance with their privacy policies.

Analytics (loaded only with your consent)

• Hotjar (User analytics ID: 6629887) - heatmaps, session recordings
• Google Analytics (ID: G-KVXRTV48RP) - website analytics

Infrastructure

• Supabase - Authentication, database, and file storage
• Stripe - Payment processing (customer ID stored, card data not stored)

We encourage you to review the privacy policies of these third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit (TLS/HTTPS) and at rest
• API keys stored as cryptographic hashes (bcrypt)
• Row-level security policies on all database tables
• Regular security audits and access controls
• Secure authentication via Supabase Auth with encrypted passwords

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to provide our Service:

Retention Periods

• Account Data: Until account deletion or 30 days after account becomes inactive
• Credits: 1 year from purchase date (credits expire automatically)
• Transaction History: 7 years for legal compliance
• API Keys: Until revoked by user or account deletion
• Workflow Data: Until deleted by user or account deletion
• Brand Guidelines: Until deleted by user or account deletion
• Media Files: Until deleted by user or storage limit enforcement
• Public Gallery Content: Until deleted by user or removed for policy violations
• Analytics Data: 26 months (Google Analytics default)

When we no longer need your information, we securely delete or anonymize it.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze site usage and performance (with your consent)
• Provide personalized content and features
• Ensure security and prevent fraud
• Remember your cookie consent preferences

Analytics cookies (Hotjar, Google Analytics) are only loaded after you grant consent via our cookie banner. You can control cookies through your browser settings, but disabling cookies may affect the functionality of our Service.

9. Storage Quotas and Limits

We enforce storage limits based on your subscription tier. When storage limits are reached:

• You will be unable to upload new files
• Processing jobs that would create output files may fail
• Existing files remain accessible

You can free up storage by deleting files from your media library or upgrading your subscription.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our infrastructure is hosted on Supabase which may process data in various regions. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

11. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

12. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information via your account settings or by contacting us
• Rectification: Correct inaccurate or incomplete information in your profile settings
• Erasure: Request deletion of your account and personal data (see Account Deletion below)
• Portability: Export your data including:
  • Brand guidelines (available as Markdown or JSON export)
  • Media library files (downloadable individually)
  • Transaction history (viewable in Credits page)
• Restriction: Limit how we process your information
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke cookie consent at any time via your browser settings

13. Account Deletion

When you delete your account, the following occurs:

• Your profile and personal information are permanently deleted
• Your media library files are deleted
• All API keys are revoked and deleted
• Your workflows and brand guidelines are deleted
• Your video projects are deleted
• Any remaining credits are forfeited without refund
• Your Stripe customer ID may be retained for fraud prevention
• Public Prompt Gallery submissions may be retained (contact us to request removal)

Account deletion is irreversible. Please export any data you wish to keep before deleting your account.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send email notifications. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

For data portability requests, account deletion, or to exercise your rights, you can also use the account settings within the application.