Privacy Policy

Last Updated: 2026-05-07

At Save Sora, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, store, and safeguard your information when you use our AI video generation platform (the "Service"). By accessing or using the Service, you consent to the practices described in this Policy. This Policy should be read together with our Terms of Service and the Acceptable Use Policy in Section 5 of those Terms.

1. Information We Collect

1.1 Account Information

• Google sign-in: When you sign in with Google, we receive your email address, name, profile photo, and Google account ID via OAuth. We do not receive your Google password.
• Account credentials: If you set a password for email-based login, we store only a salted hash — never your plaintext password.
• Profile metadata: Region, preferred language, device type, referral codes, and similar attributes used to personalize the Service.

1.2 Generation Inputs and Outputs

• Prompts: The text prompts you submit to AI video models (Google Veo 3.1, Kling 3.0, Seedance 2.0, OpenAI Sora 2, and any future integrations).
• Reference media: Images, videos, and audio clips you upload as references for image-to-video, first/last-frame conditioning, or @-mention composition (Seedance 2.0).
• Generated outputs: The video files produced by AI models on your behalf, along with task metadata (model used, parameters, duration, resolution, generation timestamps).
• Generation history: A record of your past tasks linked to your account, available in "My Creations".

1.3 Billing and Transaction Data

• Order records: Plan purchased, amount, currency, payment provider, transaction ID, refund status, and the email used at checkout (which may differ from your login email).
• No card data on our servers: Credit card and bank details are entered directly with our payment processors (Stripe, Creem, NOWPayments). We receive only tokenized references and transaction outcomes, never raw card numbers or banking credentials.
• Crypto payments: For NOWPayments transactions, we receive the invoice ID, payment status, and paid amount; we do not receive your wallet's private keys or seed phrase.

1.4 Technical and Usage Data

• Network and device: IP address, user-agent string, device type (mobile / desktop / tablet), operating system, and approximate region inferred from IP.
• Usage events: Pages viewed, features used, generation success/failure rates, credit consumption, and timestamps — used for service optimization, analytics, and abuse detection.
• API usage: If you obtain an API key, we log requests (endpoint, timestamp, response code, bytes transferred) for rate-limiting, billing, and abuse prevention.

1.5 Cookies and Similar Technologies

• Essential cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
• Analytics: Google Analytics 4 (GA4) and Google Ads conversion pixels measure aggregate engagement, attribute sign-ups and purchases, and improve marketing efficiency.
• Local storage: We may use browser localStorage to remember UI preferences and improve performance.

2. How We Use Your Information

• Provide the Service: Generate AI videos from your prompts and references; maintain your account, credit balance, and generation history.
• Process payments: Charge your selected payment method, fulfill orders, issue refunds when eligible, and provide tax documentation where required.
• Safety and moderation: Run automated content safety classifiers (provided by us and by model providers) on prompts, reference media, and outputs to enforce our Acceptable Use Policy. This includes scanning for sexually explicit content, CSAM, non-consensual intimate imagery, terrorism material, and other prohibited categories. Material flagged as CSAM is reported to the National Center for Missing & Exploited Children (NCMEC) and applicable authorities.
• Abuse prevention and fraud: Detect and block bots, credential abuse, multi-account evasion, payment fraud, and other policy violations.
• Legal compliance: Respond to lawful requests from law enforcement, regulators, and courts; enforce our Terms of Service; protect the rights, property, or safety of users, third parties, or our company.
• Improve the Service: Aggregate, deidentified analytics to optimize performance, fix bugs, and design new features. We do not use your individual prompts, reference media, or generated outputs to train AI models.
• Communications: Send transactional messages (order confirmations, password resets, security alerts) and, where you opt in, product updates.

3. Data Storage and Retention

• Generated videos: Stored in object storage tied to your account so you can download them later. You may delete individual creations from "My Creations"; deleted files are removed from active storage and purged from backups within a reasonable window.
• Prompts and task metadata: Retained for the lifetime of your account to power your generation history, support billing reconciliation, and satisfy moderation and legal-hold obligations. Retention may extend beyond account deletion where required by law (for example, financial recordkeeping) or to investigate confirmed Acceptable Use Policy violations.
• Order and tax records: Retained for the period required by applicable tax, accounting, and consumer-protection laws (typically 5–10 years depending on jurisdiction).
• Logs: Application and security logs are retained for a limited period (typically 30–180 days) for operational, security, and compliance purposes.

4. How We Share Your Information

We do not sell or rent your personal information. We share information only with the following categories of recipients, and only to the extent necessary to operate the Service or comply with law.

4.1 AI Model Providers

• To generate videos, we transmit your prompts and reference media to the model provider you select: Google (Veo 3.1, via KIE), Kuaishou (Kling 3.0, via KIE), ByteDance (Seedance 2.0, via KIE), and OpenAI (Sora 2, via FAL).
• These providers process your inputs under their own privacy and content policies, which we encourage you to review. We do not control their independent data practices.

4.2 Payment Processors

• Card payments are processed by Stripe and, for legacy subscriptions, Creem. Cryptocurrency payments are processed by NOWPayments.
• We share with these processors only what is required to complete the transaction (amount, currency, order ID, customer email). Card numbers and bank credentials are entered directly with the processor and never reach our servers.

4.3 Infrastructure and Analytics Providers

• Hosting, content delivery, object storage, and DDoS protection are provided by Cloudflare and other infrastructure partners.
• Aggregate engagement analytics are provided by Google Analytics 4 and Google Ads.
• These providers act as data processors under contract and may not use your data for their own purposes beyond what is necessary to deliver the contracted service.

4.4 Legal and Safety Disclosures

• We may preserve, review, and disclose information when we believe in good faith that disclosure is required by law or necessary to (a) comply with legal process, (b) protect our rights, property, or safety, (c) protect the rights, property, or safety of users or the public, or (d) investigate or prevent confirmed violations of our Acceptable Use Policy.
• Confirmed CSAM is reported to NCMEC. Imminent threats of violence may be reported to law enforcement.

4.5 Business Transfers

• If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or control of personal information.

5. Your Rights and Choices

• Access and export: You can view your account profile, generation history, and order records at any time from within the Service. To request a structured export, contact us at the address below.
• Correction: You can update your profile (name, photo, region, language) from your account page.
• Deletion: You can delete your account at any time. Deletion removes your profile, generation history files, and active session data. Some records (orders, tax data, safety incident records, retained logs) may be preserved as required by law or for legitimate interests.
• Withdraw consent: You can revoke Google OAuth permission from your Google account settings; this will prevent further sign-in with Google but will not, by itself, delete your existing data on our Service.
• Cookie controls: You can disable non-essential cookies via your browser settings or relevant consent banners. Essential cookies are required for authentication and cannot be disabled.
• Marketing opt-out: You can unsubscribe from product update emails via the unsubscribe link in each message; transactional emails (receipts, security alerts) cannot be opted out of while your account is active.
• Regional rights: Depending on your location, you may have additional rights under GDPR (EEA / UK), CCPA / CPRA (California), LGPD (Brazil), PIPEDA (Canada), or other applicable laws — including the right to lodge a complaint with your local data protection authority.

6. Children's Privacy

• The Service is not directed to, and may not be used by, children under 13 (or under 16 in the EEA / UK, or such higher age as required by local law).
• We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will take steps to delete that data.
• Any content sexualizing or endangering minors (including CSAM, sexualized depictions, or minors in sexual contexts) is strictly prohibited under our Acceptable Use Policy and is reported to NCMEC and law enforcement.

7. International Data Transfers

• The Service operates on globally distributed infrastructure. Your information may be processed in countries outside your country of residence, including the United States and other regions where our processors and model providers maintain operations.
• Where required by law (for example, GDPR), we rely on appropriate transfer mechanisms such as Standard Contractual Clauses and the data protection commitments of our processors.

8. Data Security

• We use industry-standard safeguards including HTTPS / TLS in transit, encryption at rest for sensitive stores, hashed credentials, signed download URLs, scoped access controls, and regular security reviews.
• No method of transmission or storage is 100% secure; we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
• Notify us immediately at support@savesora.comif you believe your account has been compromised.

9. AI Safety and Content Moderation

• To enforce our Acceptable Use Policy, prompts, reference media, and generated outputs are screened by automated classifiers (including those built into the underlying model providers) and may be reviewed by our trust & safety team when flagged.
• Content categorized as sexually explicit, CSAM, non-consensual intimate imagery, terrorism content, or other prohibited categories may be blocked, removed, quarantined, or reported to authorities, and the associated account may be suspended or terminated without refund.
• We may embed provenance signals (such as C2PA metadata or visual watermarks) in generated outputs to support synthetic-media transparency.

10. Third-Party Services

• The Service integrates with third-party AI model providers, payment processors, and infrastructure vendors. Each operates under its own privacy policy, and your interactions with them are governed by their terms.
• We are not affiliated with, endorsed by, or sponsored by OpenAI, Google, Kuaishou, ByteDance, FAL, Stripe, Creem, or NOWPayments. References to their names and trademarks are for descriptive purposes only.

11. Changes to This Policy

• We may update this Privacy Policy from time to time. Material changes will be posted on this page and reflected in the "Last Updated" date above.
• Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

12. Contact Us

Questions about this Privacy Policy, data subject requests, or privacy concerns should be sent to support@savesora.com. For Acceptable Use Policy violations or content moderation reports, please refer to our Terms of Service and DMCA pages.