Cinemagiq Privacy Policy

    Effective date: June 16, 2026

    Last updated: June 16, 2026

    This policy explains how Cinemagiq handles your data. It covers two things:

    • Our marketing website (cinemagiq.com), no tracking, no analytics cookies, no profiling.
    • The Cinemagiq product (app.cinemagiq.com and related apps), the account-based application, which processes the data needed to run it.

    We try to collect as little as possible. We never sell your data and never use it for advertising.

    1. Scope

    This policy applies to the Cinemagiq marketing website and the Cinemagiq product application. When you create an account and use the product, we process your account details, the content you upload and generate, your payments, and your conversations with our AI assistant, as described below.

    2. Who is responsible for your data

    Data controller: Cinemagiq, Inc. (United States).

    Contact: support@cinemagiq.com

    3. What data we collect

    3.1 Marketing website

    • Contact form: your name, email address, subject, and message.
    • No analytics cookies, no advertising identifiers, no behavioral tracking.

    3.2 Account and profile

    • Email address and authentication credentials (or a Google account identifier if you sign in with Google).
    • Profile information you provide (e.g. display name).
    • Workspace and team membership, your role, and invitations you send or accept (which include the invitee's email address).

    3.3 Billing and payments

    • When you subscribe to a paid plan, payment is processed by Stripe. Stripe collects and processes your payment-method details, billing name/address, and any tax information. We do not store full card numbers.
    • We store billing records associated with your workspace, subscription tier, seat count, invoices, payment status, and token-credit balances.

    3.4 Content you upload and create

    • Files and media you upload (images, video, audio, documents, scripts).
    • Content you generate with our AI tools (images, video, voice, music, sound effects) and the prompts and settings used to create it.
    • Production data you create, projects, episodes, sequences, shots, storyboards, asset metadata, and activity logs.
    • This content is stored on our cloud infrastructure (see §6) in private, access-controlled storage, subject to the storage limits of your plan.

    3.5 AI assistant ("Steve") conversations

    • Your conversations with the Steve assistant are stored on our servers, private to your own user account within a project, so we can sync your history across devices and improve the product.
    • Conversation content (your messages, attachments, and project context) is sent to our AI providers to generate responses (see §5).
    • Conversation history is retained for 90 days by default (see §8). You can clear a conversation at any time.

    3.6 Technical and diagnostic data

    • To keep the product reliable, we use Sentry for error monitoring. When an error occurs, Sentry may receive your IP address, browser and device information, your user identifier, and technical details about the event.
    • We process server and security logs needed to operate the service and prevent abuse. We do not use this data for advertising or behavioral profiling.

    3.7 Cookies and local storage

    • The product uses strictly necessary cookies and browser local storage to keep you signed in and to remember preferences (e.g. your selected AI model).
    • Stripe sets its own cookies during checkout to process payments securely.
    • Sentry uses client-side storage to support error reporting.
    • See §10 for details.

    4. How we use your data and our legal bases (GDPR)

    PurposeData usedLegal basis
    Create and operate your accountAccount, profile, workspace dataContract (Art. 6(1)(b))
    Store and process the content you upload/generateContent, project dataContract (Art. 6(1)(b))
    Provide AI generation and the Steve assistantPrompts, content, conversationsContract (Art. 6(1)(b))
    Process payments and subscriptionsBilling data via StripeContract (Art. 6(1)(b))
    Send transactional email (confirmations, receipts, alerts)Email addressContract (Art. 6(1)(b))
    Keep the service secure, reliable, and prevent abuseTechnical/diagnostic data, logsLegitimate interest (Art. 6(1)(f))
    Respond to your inquiriesContact-form dataConsent / legitimate interest

    We do not use your data for advertising, profiling, resale, or third-party marketing.

    5. AI processing and third-party models

    Cinemagiq is an AI production tool, so generating content and using the Steve assistant means sending the relevant inputs to AI providers on your behalf:

    • What is sent: the prompts, settings, reference images, project context, and (for Steve) your conversation messages and attachments needed to produce the requested output.
    • Who receives it: OpenAI (image generation and the optional "ChatGPT" Steve model); Google Gemini via the Lovable AI Gateway (default Steve model and prompt assistance); Fal.ai and Runway (video generation); ElevenLabs (voice, sound effects, music). See §6 for the full list.
    • Training: We do not sell your content, and we do not use your content to train our own models. We use the business/API tiers of these providers, which do not use content submitted through their APIs to train their models.
    • Outputs: Generated content is stored in your project and is yours to use subject to our Terms and the providers' usage terms.

    6. Subprocessors, who we share data with

    We never sell your data. We share it with the service providers below only as needed to run Cinemagiq, and each is bound by a data-protection agreement.

    ProviderPurposeData processed
    Lovable / SupabaseCloud hosting, database, authentication, file storageAccount, content, all product data
    StripePayments and subscriptionsPayment, billing, tax data
    OpenAIImage generation; optional Steve modelPrompts, images, conversation content
    Google"Sign in with Google" authentication; Gemini models (via Lovable AI Gateway)Account identifier; prompts/content
    Lovable AI GatewayRouting to Gemini models for Steve and prompt toolsPrompts, conversation content
    Fal.aiVideo generationPrompts, reference images
    RunwayVideo generationPrompts, reference images
    ElevenLabsVoice, sound-effects, and music generationPrompts/text
    SentryError and performance monitoringIP, device/browser, user ID, error data
    MailgunTransactional email deliveryEmail address, message content

    We may add or change subprocessors as the product evolves; we will keep this list updated and revise the "last updated" date.

    7. Team workspaces and sharing within your team

    If you use a team workspace, the projects, uploaded files, generated assets, production data, and other content in that workspace are visible to all members of that workspace. Workspace admins can invite members by email and manage access. Your individual Steve assistant conversations remain private to you and are not shared with other workspace members.

    Outside of your own workspace, we do not share your content with other customers.

    8. Data retention

    • Steve conversations: retained for 90 days, then automatically deleted. You can clear a conversation sooner.
    • Deleted items (Trash): when you delete projects or content, they are soft-deleted and recoverable for 30 days, after which they are permanently removed.
    • Account and project content: retained for the life of your account, or until you delete the content or your account.
    • Contact-form inquiries: deleted after your request is handled.
    • Billing records: retained as required by applicable tax, accounting, and legal obligations.
    • Backups and logs: retained for a limited period for security and recovery.

    When you withdraw consent or delete your account, we remove the associated personal data without undue delay, subject to legal retention obligations.

    9. How we protect your data

    • Content is stored in private, access-controlled storage; database access is governed by row-level security so users can only access data they're authorized to see.
    • Data is encrypted in transit. Secrets and credentials are stored in secured secret management, not in our code.
    • Access to production systems is limited to authorized personnel.
    • No method of storage or transmission is 100% secure, but we take reasonable measures appropriate to the sensitivity of the data.

    10. Cookies and tracking

    • Marketing website: no cookies, no analytics, no tracking identifiers.
    • Product: strictly necessary cookies and local storage to keep you signed in and remember preferences.
    • Third-party cookies in the product: Stripe (during checkout) and Sentry (error reporting) set their own cookies/storage for those functions.

    We do not use advertising or cross-site tracking cookies.

    11. International data transfers

    Cinemagiq, Inc. is based in the United States, and some of our providers (§6) are located in the United States and the European Union. Where your personal data is transferred internationally, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and our providers' transfer mechanisms.

    12. Your rights

    Depending on where you live, you have rights over your personal data.

    Under the GDPR (EEA/UK) you may: access your data; correct it; delete it; restrict or object to processing; request portability of data you provided; and withdraw consent at any time. You may also lodge a complaint with your local data protection authority.

    Under US state laws (e.g. CCPA/CPRA), where applicable, you may: know what personal information we collect; access and delete it; correct it; and opt out of "sale" or "sharing", we do not sell or share your personal information for advertising. We will not discriminate against you for exercising these rights.

    To exercise any right, contact support@cinemagiq.com. You can also access, export, and delete much of your content directly in the product.

    13. Marketing and transactional email

    • Transactional email (sign-up confirmation, receipts, payment alerts, low-balance notices) is part of operating your account and is sent via our email provider (§6). You can't opt out of essential service emails while you have an account, but you can unsubscribe from non-essential notifications, and we honor unsubscribe/suppression requests.
    • We do not send advertising or sell your email address to third parties.

    14. Children's privacy

    Cinemagiq is not intended for children under the age of 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact support@cinemagiq.com and we will delete it.

    15. Changes to this policy

    We may update this policy as the product evolves or our providers change. We will revise the "last updated" date above, and for material changes we will provide a more prominent notice by email or in-app.

    16. Contact

    Cinemagiq, Inc.

    support@cinemagiq.com