CineMake Privacy Policy

Version: v0.9.0

CineMake Privacy Policy

Effective Date: March 24, 2026 Version: 0.9.0

  1. Scope

    1. This Privacy Policy describes how CineMake processes personal data when you use our AI filmmaking services and related sites, and how we share data with Providers (OpenAI, Google Veo/Vertex AI, Supabase, Clerk, Vercel, and our Payment Processor) to operate the Service.
    2. Provider Privacy Policies: Your use of Provider services through CineMake is also subject to their respective privacy policies:
      • OpenAI Privacy Policy (updated June 27, 2025) — governs how OpenAI collects and processes data when you use features powered by their models
      • Google Cloud Privacy Notice (effective December 18, 2025) — governs Service Data processing for Google Cloud Platform services including Vertex AI/Veo
      • Payment Processor Privacy Policy — governs payment data processing for checkout and billing (see your receipt for the current processor)

  2. Categories of Data We Process

    1. Account & identity data (via Clerk): email, identifiers, authentication signals, and account status.
    2. Technical/log data: IP address, user agent, device/OS, timestamps, policy version accepted, consent surface (web/mobile), and in-app events required for security, fraud prevention, analytics, and audit. Supabase PostgreSQL stores audit logs with append-only retention policies.
    3. Rendering metadata: prompts, settings, model/provider selections, generation IDs, watermarks, output hashes, and related operational data.
    4. Billing/commerce metadata (via Payment Processor): transaction IDs, currency, amount, taxes, payment method type, subscription status, credit pack purchases, refund status, and break-the-seal timestamps. Our Payment Processor is Merchant-of-Record and handles payment card data securely—CineMake does not store payment card numbers.
    5. Credit usage data: Credit pack status (unopened/opened/refunded), refund window expiry dates, consumption timestamps, FIFO tracking, and usage snapshots for billing reconciliation.
    6. Hosting/analytics telemetry (via Vercel): privacy-forward analytics that do not use third-party cookies; visitors are identified by a request hash and session data is short-lived.
    7. AI interaction data: We collect the following data related to your interactions with AI systems in the Service:
      • Prompts and inputs: Text descriptions you provide for project creation (Story Agent) and video render settings.
      • AI model responses: Structured outputs from AI models, including generated screenplays, scene descriptions, and video generation metadata.
      • LLM audit records: For each AI interaction, we record the prompt version identifier, prompt content hash, model requested and used, token usage (input/output/total), generation elapsed time, continuation and fallback metadata, structural and character-limit resolution outcomes, request correlation IDs, and provider response IDs. These records support transparency, quality assurance, and regulatory compliance (EU AI Act Art. 12).
      • Prompt version metadata: We maintain a versioned registry of AI prompt templates used by the Service, including version labels, content hashes, activation timestamps, lifecycle status (draft, active, rollback, archived), changelog entries, and evaluation results.
      • AI feedback data: If you choose to provide feedback on AI outputs, we collect your ratings (1-5 stars for Story Agent, thumbs up/down for renders), selected feedback tags, and optional free-text comments. Feedback is linked to your user ID and the associated project for quality improvement purposes.
      • Content safety assessments: Per-scene safety ratings generated by AI models, including overall rating, flagged categories, confidence scores, and rationale.
    8. Organization membership data: If you are a member of an Organization, we collect your organizational role (e.g., team_admin, team_member), privilege assignments (e.g., can_manage_billing, can_manage_members), Organization association, and membership status. This data is used to enforce role-based access control and organizational policies.
    9. Organization-level billing data: For Organizations, we collect and process billing data specific to the Organization entity, including the Organization's payment methods, invoices, subscription status, credit pool transactions, credit pack purchases and their status (unopened/opened/refunded), and org-level refund records. This data is maintained separately from individual members' personal billing data.

  3. Purposes and Legal Bases

    1. We process data to:
      1. authenticate and manage accounts (Clerk) — Legal basis: contract performance;
      2. render outputs, deliver features, and moderate per Provider policies — Legal basis: contract performance, legitimate interest (safety);
      3. bill, track credits, and handle taxes/refunds (Payment Processor) including break-the-seal refund eligibility tracking for both personal and Organization-level purchases — Legal basis: contract performance, legal obligation (tax);
      4. secure, audit, and comply using Supabase PostgreSQL audit tables and immutable Ledger entries — Legal basis: legitimate interest (security, fraud prevention), legal obligation;
      5. measure and improve using privacy-forward, cookie-less analytics — Legal basis: legitimate interest (service improvement);
      6. maintain AI transparency and compliance including prompt versioning audit trails, LLM interaction records, and content provenance metadata as required by the EU AI Act (Regulation 2024/1689, Articles 12, 13, 50) and California AI Transparency Act (SB 942) — Legal basis: legal obligation (AI regulatory compliance), legitimate interest (system integrity and transparency); and
      7. improve AI quality using aggregated, anonymized feedback metrics (average ratings, tag frequency distributions) to evaluate and refine AI system performance — Legal basis: legitimate interest (service improvement). Individual feedback responses are not shared with AI providers in an individually identifiable form.

  4. Sub-Processors

    1. We share personal data with the following sub-processors to the extent necessary to operate the Service:

      Sub-Processor Purpose Location Transfer Mechanism
      Supabase Database, backend, audit logs, AI audit records US (AWS us-east-1) DPA with SCCs
      Clerk Authentication, identity, consent metadata US DPA with SCCs
      Vercel Hosting, edge network, serverless compute, analytics US/Global (edge) DPA with SCCs
      Google Cloud Platform (Vertex AI / Veo, Cloud Storage) Video generation, asset storage, SynthID watermarking US (us-central1) Google Cloud DPA with SCCs
      OpenAI AI model inference (prompt processing, story generation) US DPA with SCCs
      Payment Processor (Stripe) Payments, checkout, tax, refunds (Merchant-of-Record) for both personal and Organization-level transactions See receipt DPA with SCCs

    2. Each sub-processor publishes its own DPA and compliance materials. We maintain contractual safeguards with each sub-processor requiring them to process data only on our instructions and to implement appropriate technical and organizational security measures.

    3. We will update this table when we add or replace sub-processors. Material changes to sub-processors will be communicated via email or in-app notification.

  5. AI-Specific Data Processing

    1. No Training on User Data. CineMake does not fine-tune, train, or adapt any AI model using your data. We use base models as provided by OpenAI and Google. Your prompts and outputs are processed solely to deliver the Service.
    2. Provider Data Processing: When you use the Service, your prompts are sent to OpenAI (for story/scene generation) and Google Vertex AI (for video generation). Per Google Cloud Terms, Google does not use Customer Data to train models. Per OpenAI's data usage policies, API inputs and outputs are not used for training unless you opt in. CineMake's API access is configured to not contribute to training.
    3. AI Audit Data. We maintain detailed records of AI interactions (LlmResponse audit records) including model identifiers, token usage, prompt version hashes, and generation metadata. This data is used for: (a) transparency and compliance with EU AI Act Art. 12 record-keeping requirements; (b) monitoring AI system performance and reliability; (c) investigating and resolving service issues; and (d) quality assurance through prompt versioning. Audit records do not contain your raw prompts or outputs — they contain metadata about the AI interaction.
    4. AI Feedback. Feedback you voluntarily provide on AI outputs (ratings, tags, comments) is used to: (a) measure aggregate AI quality metrics; (b) identify areas for improvement in our AI pipeline; (c) support post-market monitoring as recommended by the EU AI Act. Feedback is linked to your user ID for data deletion purposes but is never shared with AI providers in an individually identifiable form.
    5. Content Provenance. AI-generated videos include invisible SynthID watermarks embedded by Google Veo for content provenance. CineMake adds visible "AI-Generated" badges. We are implementing C2PA Content Credentials for machine-readable provenance manifests. These measures support compliance with EU AI Act Article 50 and California SB 942.

  6. International Transfers

    1. Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where data moves across borders (specifically from the EEA, UK, or Switzerland to third countries), we rely on:
      • Standard Contractual Clauses (SCCs) as adopted by the European Commission (Decision 2021/914), incorporated into our DPAs with each sub-processor;
      • UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs where applicable;
      • Supplementary measures including encryption in transit (TLS 1.2+), encryption at rest, and access controls.
    2. You may request a copy of the relevant transfer mechanisms by contacting support@cinemake.ai.

  7. Retention

    1. We retain personal data only as long as necessary for the purposes outlined below. Specific retention periods are:

      Data Category Retention Period Justification
      Ledger/consent records, security logs Account lifetime + 7 years Legal obligation (audit, tax, compliance)
      Billing and transaction data Account lifetime + 7 years Legal obligation (tax reporting, financial records)
      Org-level billing and transaction data Organization lifetime + 7 years; anonymized upon org deletion Legal obligation (tax reporting, financial records)
      Credit pack and usage data Account lifetime + 3 years Billing reconciliation, dispute resolution
      Rendering metadata Account lifetime + 1 year (anonymized) Service improvement, moderation
      Rendering outputs (videos) Account lifetime; deleted within 30 days of account deletion Contract performance
      AI audit records (LlmResponse) Account lifetime + 3 years EU AI Act Art. 12 record-keeping, CA SB 942
      Prompt version metadata Retained indefinitely (no personal data) Regulatory compliance, system integrity
      AI feedback data Account lifetime + 1 year (anonymized) AI quality monitoring, post-market monitoring
      Account and identity data Deleted within 30 days of account deletion request
      Analytics telemetry 90 days (Vercel-managed, no PII) Legitimate interest (service improvement)
      Deleted (archived) items 7 days after deletion, then permanently purged User-initiated deletion; storage lifecycle policy

    2. Post-Deletion Processing. When you delete your account:

      • Account data and rendering outputs are deleted within 30 days.
      • Billing records are pseudonymized (user identifiers replaced with opaque hashes) and retained for the legally required period.
      • Ledger entries are pseudonymized and retained for audit compliance.
      • AI audit records are pseudonymized and retained for the regulatory compliance period.
      • AI feedback is anonymized (de-linked from user identity) and retained in aggregate form.
      • Anonymized, aggregated data (which cannot identify you) may be retained indefinitely for analytics.

    3. Organization Deletion. When an Organization is deleted:

      • Org-level billing records (payment history, invoices, credit pool transactions) are retained per regulatory requirements (tax reporting, financial records) but anonymized — Organization identifiers are replaced with opaque hashes and member associations are removed.
      • Org-level Ledger entries are pseudonymized and retained for audit compliance.
      • Individual members' personal accounts and billing records are not affected by Organization deletion.

    4. Archived Item Deletion. When you delete a project, character, brand asset, or other entity within the Service, it is moved to your Archive and retained for 7 days. During this period you may restore the item from the Archive. After 7 days, the item and all associated data — including generated images and videos stored in Google Cloud Storage — are permanently and irreversibly deleted by automated processes. This 7-day retention aligns with the soft-delete policy applied to our cloud storage infrastructure.

  8. Your Rights

    Subject to applicable law, you may exercise the following rights:

    1. Access: Request a copy of your personal data, including AI interaction records and feedback data.
    2. Rectification: Correct inaccurate personal data.
    3. Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations. AI audit records will be pseudonymized rather than deleted where retention is required by EU AI Act Art. 12.
    4. Restriction: Request that we limit processing of your data in certain circumstances.
    5. Portability: Receive your data in a structured, machine-readable format, including your AI-generated projects, feedback history, and interaction metadata.
    6. Objection: Object to processing based on legitimate interest.
    7. Withdraw Consent: Where processing is based on consent, withdraw at any time without affecting the lawfulness of prior processing.
    8. AI-Specific Rights: You have the right to: (a) be informed that you are interacting with an AI system (we disclose this prominently in-product and in our AI Transparency Disclosure); (b) receive meaningful information about the AI systems used to generate your content (see /legal/ai-transparency); (c) provide feedback on AI output quality; and (d) request human review of AI-generated content assessments.

    To exercise any right, use your account settings or contact support@cinemake.ai. We will respond within 30 days (extendable by 60 days for complex requests, with notice).

    1. Provider-Specific Rights:

      • OpenAI: You can exercise rights through privacy.openai.com or dsar@openai.com per their Privacy Policy
      • Google Cloud: Rights requests should be directed to your Google Cloud account settings or Google's data subject request process
      • Payment Processor: For payment data inquiries, contact the Payment Processor directly (see your receipt) or submit requests through support@cinemake.ai

    2. Right to Lodge a Complaint. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, a list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

  9. Data Training Opt-Out

    1. CineMake: We do not train AI models on your data. There is no training to opt out of.
    2. OpenAI: Per OpenAI's data usage policies, API data is not used for training by default. CineMake uses the API pathway. You can verify this at openai.com/policies/how-your-data-is-used-to-improve-model-performance
    3. Google Cloud: Per Google Cloud Terms, Google does not train models on Customer Data by default for Google Cloud Platform services

  10. Children's Privacy

    1. Our Service is not directed to children under 13. Per OpenAI's Privacy Policy, their Services are not directed to children under 13, and users under 18 must have parental permission.

  11. Data Protection Contact

    1. For data protection inquiries, requests, or complaints, contact our Data Protection Officer at: dpo@cinemake.ai or support@cinemake.ai.

  12. Changes to This Policy

    1. We may update this Privacy Policy from time to time. Material changes require re-acceptance via our consent flow. The Ledger records the version you accepted. We will notify you of material changes via email and/or in-app notification at least 14 days before the changes take effect.