cyclipBack to home

Privacy Policy

Last updated: April 2026. This notice describes how we process personal data in connection with cyclip, including under the GDPR where it applies.

1. Controller

Email: dovyr.websites@gmail.com

2. Data we process

We process in particular:

  • Account and sign-in: Data from authentication (e.g. email address, technical identifiers) managed by Supabase Auth on our behalf.
  • Project data: Metadata for your video pipelines (name, status, modes, timestamps) and the full working state as structured data (including topics, scripts, research text, scenes, prompts, settings, and URLs referencing generated media).
  • Files (storage): Uploaded and generated media (e.g. audio, images, videos) in storage at Supabase, organised per project.
  • Billing and allowances: Linkage to Stripe (e.g. Stripe customer id), subscription/lifetime flags, and counts of purchased and consumed video credits.
  • Optional – your API keys: If you use this feature, we store encrypted credentials for third-party providers you supply, and a record of when consent was given.
  • Technical data: Server and security logs from our hosting; the site may use an analytics service (e.g. Vercel Analytics) that collects aggregated usage data.

3. Purposes and legal bases

We process data to:

  • Provide the service and perform our contract with you (GDPR Art. 6(1)(b)).
  • Process payments via Stripe (GDPR Art. 6(1)(b)).
  • Ensure security and stability (GDPR Art. 6(1)(f), legitimate interests).
  • Analyse usage where we use analytics, on the basis of legitimate interests or, where required, consent (GDPR Art. 6(1)(a) or (f)).

4. Recipients and processors

We use providers that process personal data on our behalf or as independent controllers, including:

  • Supabase (database, file storage, authentication)
  • Stripe (payments)
  • Vercel (hosting; analytics where enabled)
  • AI and media API providers when you use features that send content to them

We use data processing agreements under GDPR Art. 28 where required. Each provider’s privacy notice applies in addition.

5. Transfers outside the EEA

Where recipients are outside the EU/EEA, we implement appropriate safeguards where legally required (e.g. EU Standard Contractual Clauses) if no adequacy decision applies. You may request further information using the contact details above.

6. Retention

We keep data while your account exists and the service is used, and beyond that where required by law. After account deletion or on request, we delete or anonymise data unless a legal obligation prevents this.

7. Public media URLs

For technical operation, media may be stored in a bucket configured so that files can be retrieved via public URLs when the link is known. Do not use the service for highly confidential material unless you accept that risk, or ensure publication is acceptable to you.

8. Your rights

Where the GDPR applies, you have the right to:

  • access (Art. 15)
  • rectification (Art. 16)
  • erasure (Art. 17)
  • restriction (Art. 18)
  • data portability (Art. 20)
  • object to processing based on legitimate interests (Art. 21)

You may also lodge a complaint with a supervisory authority—in the member state of your habitual residence, place of work, or our establishment.

To exercise your rights, contact: dovyr.websites@gmail.com