Preprodfilms

AI-Powered Screenplay Studio

Privacy Policy

Last updated: 2026-05-26

This Privacy Policy explains how Preprodfilms ("we", "us") collects, uses, shares, and protects personal data when you use our film pre-production platform. We are committed to processing your data lawfully and transparently under the EU General Data Protection Regulation (GDPR) and equivalent regimes.

1. Data controller

The data controller for the personal data described in this policy is Preprodfilms (placeholder legal entity — replace with the registered company name, address, and contact details before launch). For any privacy-related question or request, contact us at privacy@preprodfilms.com.

2. Data we collect

We collect only what we need to provide the service:

  • Account information. Your email address, name, and authentication identifier from our identity provider (Clerk).
  • Project content. The synopses, screenplays, character bibles, technical scenarios, timelines, storyboards, conversation history, and revision notes you create. This content is yours; we store it on your behalf.
  • Uploaded files. Images, reference scripts, and other files you upload (stored in Vercel Blob).
  • Billing references. A Stripe customer ID and subscription state. We do not store card numbers — payment data is handled directly by Stripe.
  • Usage data. Aggregated analytics about how features are used (only with your consent).
  • Technical logs. Request identifiers, error reports, and performance metrics needed to operate the service and diagnose issues.

3. Legal basis for processing

We process your data under the following GDPR Article 6 bases: • Contract performance (Art. 6(1)(b)) — to deliver the service you subscribed to, including storing your projects, running AI generation, and processing payments. • Legal obligation (Art. 6(1)(c)) — for tax, accounting, and fraud-prevention obligations. • Legitimate interests (Art. 6(1)(f)) — to operate, secure, and improve the service, balanced against your privacy interests. • Consent (Art. 6(1)(a)) — for optional analytics cookies and any marketing communications. You can withdraw consent anytime.

4. Sub-processors

We rely on the following sub-processors to operate the service:

  • Clerk (authentication, user identity) — United States, GDPR-compliant DPA in place.
  • Neon (PostgreSQL database hosting) — United States / EU regions.
  • Vercel (application hosting, blob storage, analytics) — United States / EU regions.
  • Stripe (payment processing) — United States, PCI-DSS Level 1 certified, EU DPA in place.
  • xAI (Grok LLM for content generation) and OpenRouter (fallback provider) — United States.
  • Sentry (error reporting) — when enabled.

Some processors are located outside the EEA. Where transfers occur, we rely on Standard Contractual Clauses or equivalent safeguards under GDPR Chapter V.

5. AI processing of your content

When you use AI features, the content you provide (synopsis, scenario, conversation messages) is sent to our AI providers (xAI and, on failure, OpenRouter) for processing. We have contractual commitments from these providers not to train on your inputs. Generated outputs are stored in your project and treated as your content under this policy. We do not use your project content to train any model.

6. How long we keep your data

• Project content, conversations, versions, and assets: retained for as long as your account is active. Deleted on request within 30 days. • Audit logs (security and fraud detection): retained for 30 days after account deletion. • Stripe-side invoice and payment records: retained by Stripe according to their compliance and legal-obligation periods (we hold only references in our database).

7. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of your data.
  • Right to rectification (Art. 16) — correct inaccurate data.
  • Right to erasure (Art. 17) — "right to be forgotten".
  • Right to data portability (Art. 20) — receive your data in a machine-readable format.
  • Right to restriction of processing (Art. 18).
  • Right to object to processing based on legitimate interests (Art. 21).
  • Right to lodge a complaint with a supervisory authority (e.g. the CNIL in France).

You can exercise the rights of access, erasure, and portability directly from your account settings (Settings → Account). For other requests, contact privacy@preprodfilms.com. We respond within 30 days.

8. Cookies

We use strictly necessary cookies (session, authentication, language preference) — these do not require consent. Optional analytics cookies are only set if you click "Accept all" on the cookie banner. You can change your choice anytime from the footer.

9. Security

All data is transmitted over TLS. Authentication is delegated to Clerk. Database access is restricted to the application and authenticated administrators. Uploaded files are stored on Vercel Blob and served through an authorization proxy. We log errors via Sentry without including personal content. No system is 100% secure, but we take industry-standard precautions.

10. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced in-app and the "Last updated" date above will reflect the change.

11. Contact

Questions or requests: privacy@preprodfilms.com If you are in the EU, you also have the right to contact your local data protection authority (e.g. CNIL in France: www.cnil.fr).