Legal
Privacy Policy
Last updated: [date]
1. Who is responsible
The controller for data processing on this website is [Legal name], [address], reachable at support@facelesscontent.ai. See our Imprint for full details.
2. What we collect and why
- Account data — your email address and authentication data, to create and secure your account. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- Billing data — purchase history and credit balance. Payment card data is handled by our payment provider; we never see or store full card numbers. Legal basis: contract and legal obligation (Art. 6(1)(b), (c)).
- Content you generate — the prompts, scripts, images, voiceovers and videos you create, plus the parameters you choose. Legal basis: contract (Art. 6(1)(b)).
- Technical data — IP address, browser type and request logs, kept to operate and secure the service and prevent abuse. Legal basis: legitimate interest (Art. 6(1)(f)).
3. Processors and third-party services
To run the service we share the minimum necessary data with:
- Supabase — authentication and database hosting.
- Stripe — payment processing and subscriptions.
- OpenAI — script and text generation.
- fal.ai — image and video generation.
- ElevenLabs — voiceover generation.
- Our hosting/CDN provider [e.g. Vercel, Railway] — to serve the site and API.
These providers act as processors under data-processing agreements. Some are located outside the EU; transfers rely on EU Standard Contractual Clauses or an equivalent safeguard.
4. Cookies and storage
We use only cookies/local storage strictly necessary to keep you logged in and to run the app. We do not use advertising or cross-site tracking cookies. If you add analytics later, disclose it here.
5. How long we keep data
Account and generated content are kept while your account is active. Billing records are retained as required by tax and commercial law (typically up to [10] years). You can request deletion of your account at any time, subject to those legal retention duties.
6. Your rights
Under the GDPR you have the right to access, rectify, erase, restrict and port your data, and to object to processing based on legitimate interest. You may withdraw consent at any time and lodge a complaint with a supervisory authority. To exercise any right, email support@facelesscontent.ai.
7. Data security
Access to provider APIs runs server-side; provider API keys are never exposed in your browser. Connections are encrypted in transit (TLS). Passwords are handled by our authentication provider and stored only in hashed form.
8. Changes
We may update this policy as the service evolves. The current version is always available at this URL, with the date shown above.