Privacy Policy
Last Updated: June 18, 2026. This policy outlines how we handle and protect your information.
Secure Identity
Authentication and secure session synchronization managed using industry-leading Firebase technology.
Encrypted Storage
Your video scripts, project structure, edit revisions, and history are kept secure in Firestore.
1. Authentication & Session Security (Firebase Auth)
We utilize Firebase Authentication to verify your identity and protect access to your account. When you sign up or log in, your authentication state is synchronized with our server using a secure session token. This session token is stored in an HTTP-only, secure cookie named __session, which is required for our middleware to perform secure session verification on the server side.
2. Data Storage & Management (Google Firestore)
All user data created within the editor is stored securely in Google Cloud Firestore. This includes:
- User profile properties (email, metadata, settings).
- Project records, including script text files, analysis reports, and pacing segments.
- Script revisions history and rewrites created through our editor.
Your data is secured by custom firestore security rules ensuring that only you, the authenticated author, can access or write to your project collections.
3. Rate Limiting & Abuse Prevention (Upstash)
To protect the availability of our artificial intelligence features and deter malicious actions, we enforce strict, IP-based rate limiting using Upstash Redis. We track the number of calls to our Gemini rewrite and analysis API endpoints using hashed IP addresses. Additionally, to protect against denial of service during resource-heavy operations, we rate-limit account deletion initiation requests.
4. Artificial Intelligence Processing (Google Gemini LLM)
When you submit a video script for pacing analysis or request section rewrites, the content of your script is transmitted to the Google Gemini LLM API. The text is processed transiently to output pacing analysis and revision suggestions. We do not use your script data to train underlying models, nor is your proprietary script text retained permanently by the AI processor.
5. Permanent Data Deletion Policy
We believe you should have absolute control over your digital footprint. If you decide to delete your account, we perform a complete cascade deletion. This wipes out all of your projects, revisions, history, saved audits, and your user profile. More details on this and instructions on how to initiate it can be found on our Data Deletion page.
6. Cookie Usage & Local Settings
We limit cookie usage to essential mechanisms. They are described below:
An HTTP-only secure cookie containing your Firebase Auth token, required to verify your session in middleware for protected routes. Expires in accordance with session parameters (max 5 days).
Stores your visual style preference (light or dark mode) locally in your browser.