Privacy Policy

1. Scope and who this notice is for

This Privacy Policy describes how CineVoice.cloud (“CineVoice”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you visit our website, create an account, purchase wallet credits through Stripe, or use our AI-assisted cinematic voice generation studio. It is addressed to visitors, registered users, and business customers who interact with our services in the European Economic Area, United Kingdom, Switzerland, and other jurisdictions where we operate.

The data controller responsible for processing is the legal entity named on our Contacts page (replacing any placeholder values before production). For data-protection enquiries you should use the dedicated privacy inbox listed there; general commercial questions may be routed through support. If we appoint a Data Protection Officer (DPO) or EU representative, their coordinates will be published alongside.

2. Categories of personal data we process

We adhere to data minimisation: we do not collect sensitive categories (such as health, biometrics, or political opinions) unless you voluntarily include them in free-text scripts — in which case you should not do so, and we process such incidental content only to the extent necessary to run the generation you requested and to meet safety or legal obligations.

• Identity & account: full name, email address, hashed password, internal user identifier, optional administrative flag, locale or UI preferences if stored, and timestamps for registration and last login.
• Transactional & billing: when you initiate a wallet top-up or other Stripe Checkout session, Stripe collects payment instrument data on Stripe-controlled domains. We receive and store references such as Checkout Session IDs, PaymentIntent IDs where applicable, gross amounts, currency, pack labels, purpose (e.g. wallet_topup), payment status, and JSON audit snippets needed for reconciliation, fraud monitoring, and accounting.
• Studio inputs & outputs: script text (or derived fingerprints such as hashes), word counts, selected voice and preset slugs, preview/full mode flags, watermark settings, generation status history, Nexode or upstream API responses (where logged), estimated internal costs/margins for finance, and URLs or storage paths pointing to rendered audio files.
• Technical & security telemetry: IP address, user agent string, coarse geolocation inferred by CDN or firewall vendors (if any), anti-automation signals, rate-limit counters, CSRF/session identifiers, error stack traces stripped of secrets, and webhook delivery logs (e.g. Stripe) for operational reliability.
• Communications: emails you send to legal, privacy, abuse, or support inboxes, plus metadata (headers, timestamps) needed to manage the thread.

3. Purposes, legal bases, and legitimate interests

Under the UK and EU GDPR, we rely on Article 6(1)(b) performance of a contract for core studio features (creating an account, generating audio you order, debiting wallet credits). Article 6(1)(c) legal obligation applies where we must retain tax or payment evidence, respond to court orders, or cooperate with law enforcement. Article 6(1)(f) legitimate interests covers fraud prevention, network and information security, product analytics that do not require profiling, enforcing our Terms (including moderation), improving reliability, and defending legal claims — balanced against your rights via internal assessments.

Where we introduce optional non-essential cookies, marketing emails, or personalized advertising in the future, we will rely on Article 6(1)(a) consent collected through an IAB TCF–aligned CMP where mandated. Until such tooling is live, we do not run third-party ad personalization pixels on production.

4. How Stripe processes payments

Stripe Payments Europe Ltd (or other Stripe contracting entity) acts largely as an independent controller for fraud, compliance, and payment network rules, while also processing certain data as a processor for merchants. Their privacy notice (https://stripe.com/privacy) governs cardholder data. We never store full card numbers or CVC codes on CineVoice infrastructure. Webhook payloads may contain redacted payment objects; we restrict access to finance and engineering roles under least-privilege policies.

5. AI voice provider (e.g. Nexode) and model inference

To synthesize audio we transmit portions of your script, voice/preset identifiers, and technical parameters to our upstream voice API partner. That provider processes the payload to return audio URLs or binary streams. Their retention, subprocessors, and transfer mechanisms are governed by their documentation and data processing terms. We log request metadata (timestamps, latency, error codes) for troubleshooting and billing reconciliation but avoid logging entire prompts unless temporarily needed for incident response, in which case access is tightly controlled.

6. Automated decisions and profiling

We do not use fully automated decisions within the meaning of Article 22 GDPR that would produce legal or similarly significant effects solely by algorithm. We may apply rules-based risk scoring (e.g. velocity limits, duplicate payment detection, prompt keyword blocking for obvious abuse) with human review for edge cases. You may contact us to contest a purely automated restriction if applicable law grants that right.

7. Retention, deletion, and backups

Account records persist until you request closure, except where law requires longer retention (e.g. invoices). Audio objects tied to completed generations are subject to automated deletion windows configured by the controller (`audio_cleanup_free_hours` for free/preview tiers, `audio_cleanup_paid_hours` for paid tiers) unless a legal hold or abuse investigation requires preservation.

Database backups may transiently contain deleted rows until rotation completes. If you exercise erasure, we overwrite or suppress live data promptly and document any residual backup retention consistent with ICO/EDPB guidance.

8. International transfers

Our hosting region, Stripe, and AI vendors may process data in the United States or other third countries. Where the European Commission or UK ICO has not issued an adequacy decision, we implement Standard Contractual Clauses (2021/914) or the UK IDTA, supplemented by transfer impact assessments and, where necessary, supplementary technical measures (encryption in transit, access logging). Copies of relevant mechanisms are available on request subject to confidentiality.

9. Disclosure to third parties

We share data with infrastructure vendors under strict data processing agreements, with payment partners as required to settle transactions, with professional advisers (lawyers, auditors) under confidentiality, and with public authorities when compelled by lawful, proportionate requests. We may also disclose information to protect the life or physical safety of a person, to enforce our Terms, or to investigate fraud.

10. Security measures

We implement TLS 1.2+ for data in transit, salted password hashing at rest, role-based access controls, secrets management, vulnerability patching cadence, and centralized logging with alerting. Employees and contractors sign confidentiality obligations. Despite these measures, no online service is immune to compromise; you should use unique passwords and enable any future MFA option we release.

11. Your GDPR / UK GDPR rights

Subject to verification and exceptions, you may request access, rectification, erasure, restriction of processing, data portability (for data processed by automated means under contract), objection to processing based on legitimate interests, and information about any known third-country transfers. You may withdraw consent where processing is consent-based without affecting prior lawful processing. You may lodge a complaint with your lead supervisory authority (e.g. in your habitual residence).

To exercise rights, email the privacy inbox with subject line “DSAR — [your email]”. We respond within one month, extendable by two further months where complex, per Article 12 GDPR.

12. Children

CineVoice is not directed at individuals under 16 (or the digital consent age in your Member State). We do not knowingly collect data from children. If you believe a minor has registered, contact privacy support so we can delete the account and associated generations.

13. Changes to this policy

We will post updates on this page and revise the “Last updated” date. Material changes affecting processing may also be communicated by email or in-app banner where appropriate. Continued use after the effective date constitutes acknowledgment unless objection is required by law.