Privacy Policy

1. Information We Collect

We collect information you provide directly when you use ShortScript AI:

• Account Information: Email address, name, and password (hashed) when you register. If you sign in via Google or Facebook, we receive your name, email, and profile picture from those services.
• Usage Data: Content generation requests (topics, niches, platforms selected), chat messages, image prompts, and video prompts you submit to the Service.
• Technical Data: IP address, browser type, device information, and session data collected automatically when you access the Service.
• Payment Data: If you subscribe to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID and subscription ID but never store your full credit card number, CVV, or bank details on our servers.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service.
• Process your content generation requests through AI providers.
• Manage your account, subscription, and usage limits.
• Enforce our Terms of Service and protect against misuse.
• Send service-related communications (account changes, usage alerts).
• Generate anonymized analytics to improve the platform.

3. AI Provider Data Sharing

When you use AI-powered features, your input prompts (topics, descriptions, chat messages, image prompts) are sent to third-party AI providers for processing. These providers may include:

• OpenAI (for text, chat, and image generation)
• Google (Gemini) (for text, chat, and image generation)
• OpenRouter (for text and chat generation via various models)

These providers process your prompts to generate responses. Each provider has its own privacy policy and data retention practices. We encourage you to review their respective policies. We do not share your personal account information (email, name, payment details) with AI providers; only the content of your generation requests is sent.

4. Data Storage & Retention

Your data is stored in a PostgreSQL database hosted on our infrastructure. We retain:

• Account data: For as long as your account is active, plus a reasonable period after deletion for backup purposes.
• Generated content: Stored indefinitely for your access in the dashboard, unless you or an administrator deletes it.
• Usage logs: Retained for analytics and billing purposes.
• Session data: Automatically expires based on session timeout settings.

5. Data Security

We implement reasonable security measures to protect your data, including:

• Password hashing using bcrypt with salt rounds.
• HTTPS encryption for data in transit.
• HttpOnly session cookies to prevent cross-site scripting access.
• IP-based rate limiting to prevent brute-force attacks.
• API key masking in the admin interface.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Third-Party Services

The Service integrates with third-party services that have their own privacy policies:

• Stripe: For payment processing. See Stripe's Privacy Policy.
• Google OAuth: For social login. See Google's Privacy Policy.
• Facebook OAuth: For social login. See Meta's Privacy Policy.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Export your generated content.
• Withdraw consent for data processing.
• Lodge a complaint with a data protection authority.

To exercise these rights, contact us through the platform.

8. Cookies & Sessions

We use session cookies to maintain your login state. These cookies are essential for the Service to function and are not used for advertising or tracking. No third-party advertising cookies are used.

9. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance.

11. Contact

If you have questions about this Privacy Policy or your data, please contact us through the contact information provided on the platform.