Back to CineMat

Privacy Policy

Last updated: March 25, 2026

Data Controller

CineMat is operated from the European Union. We process personal data in compliance with GDPR (Regulation EU 2016/679). All data is stored on EU-based servers (Contabo, Germany).

Data We Collect

• Email address — for authentication (magic link login)
• Name — optional, for display in the workspace
• IP address — for security and rate limiting
• Usage data — project metadata, AI generation history, billing

How We Use Your Data

• Authentication and account management
• Providing the AI storyboard generation service
• Processing payments via Stripe
• Sending transactional emails via SendGrid
• Security monitoring and abuse prevention

AI Processing

Your project content is sent to third-party AI services: OpenAI (script generation), Google Gemini (image generation), and ElevenLabs (voice synthesis). We do not share personal information with these services — only project content necessary for generation.

Data Retention

• Account data — retained while your account is active
• Project data — retained while your account is active
• Security logs — automatically deleted after 90 days
• Magic links — automatically deleted after 24 hours
• Sessions — automatically cleaned up after expiration

Your GDPR Rights

• Right to access — export all your data via /api/gdpr/export
• Right to erasure — permanently delete via /api/gdpr/delete-request
• Right to portability — download data in JSON format
• Right to rectification — update information in workspace settings
• Right to restriction — contact us to restrict processing

Third-Party Services

• Stripe — payment processing (PCI DSS compliant)
• SendGrid — transactional email delivery
• OpenAI — AI script generation
• Google Gemini — AI image generation
• ElevenLabs — AI voice synthesis

Security

We implement industry-standard security: HTTPS, JWT authentication, rate limiting, input validation, parameterized SQL queries, and regular audits. Access to production systems is restricted via SSH key authentication.

Cookies

We use only essential authentication tokens stored in localStorage. No tracking cookies, no advertising cookies, no third-party analytics.

Contact

For privacy inquiries: privacy@cinemat.app