Skip to main content

Privacy Policy

Effective date: May 14, 2026. Last updated: May 14, 2026.

1. Introduction

Scene24 ("we," "our," or "us") operates the scene24.so website and the Scene24 platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information we collect

2.1 Information you provide

  • Account information: When you sign in via Google, GitHub, or Apple, we receive your name, email address, and profile picture from the OAuth provider.
  • Content: Product URLs you submit, prompts you write, images you upload, and videos generated by the Service.
  • Settings: Your preferences (theme, language, default export settings).
  • Communications: If you contact us directly, we may collect your name, email, and the contents of your message.

2.2 Information collected automatically

  • Usage data: Pages visited, features used, generation counts, and session duration. Collected via PostHog (self-hosted analytics).
  • Device data: Browser type, operating system, screen resolution, and language preference.
  • Log data: IP address, access timestamps, and error logs. Retained for 30 days for debugging, then deleted.

2.3 Information we do NOT collect

  • Payment card numbers (handled entirely by Stripe).
  • Passwords (we use OAuth only; no password-based authentication).
  • Biometric data.
  • Data from your product's end users. We only access the public-facing URL you provide.

3. How we use your information

  • To provide and maintain the Service, including generating videos from your inputs.
  • To authenticate your identity and manage your account.
  • To send you Service-related notifications (e.g., generation complete, account changes).
  • To improve the Service through aggregated, anonymized usage analytics.
  • To respond to your inquiries and provide support.
  • To detect and prevent fraud, abuse, or security incidents.

4. How we share your information

We do not sell your personal information. We share data only in these limited circumstances:

  • Service providers: Supabase (authentication and database), Vercel (hosting), Railway (backend hosting), Anthropic/OpenAI (AI model providers), ElevenLabs (voice synthesis), Stripe (payment processing). These providers process data on our behalf under contractual obligations.
  • AI model providers: When generating videos, your prompts and uploaded images are sent to AI model providers (Anthropic, OpenAI, Google). These providers have their own privacy policies. We do not send your account information to model providers.
  • Legal obligations: If required by law, subpoena, or government request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

5. Data storage and security

Your data is stored on Supabase (PostgreSQL, hosted in the United States) and Cloudflare R2 (for generated video files). We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Row-Level Security (RLS) ensuring users can only access their own data.
  • JWT-based API authentication on all backend endpoints.
  • No plaintext storage of secrets or credentials.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data retention

  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
  • Generated content: Retained until you delete it, or until 30 days after account deletion.
  • Log data: Retained for 30 days, then automatically purged.
  • Analytics data: Aggregated and anonymized; retained indefinitely in aggregate form.

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data. You can delete your account from Settings, or email us.
  • Data portability: Request an export of your data in a machine-readable format.
  • Objection: Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at hi.danleedev@gmail.com. We will respond within 30 days.

8. Cookies and tracking

We use essential cookies only: authentication session tokens and locale preferences. We do not use advertising cookies or cross-site tracking pixels.

PostHog analytics is configured to respect Do Not Track (DNT) browser signals.

9. Children's privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it promptly.

10. International data transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to such transfers.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, contact us at:

hi.danleedev@gmail.com