Effective Date: March 30, 2025
AI FILMS Studio (Wyoming, USA) gathers account, billing, telemetry, and creative-content data to run its subscription and influencer platform. We process that data on the lawful bases of contract, legitimate interest, or consent. EU/UK users get full GDPR rights; U.S. users get CCPA/CPRA and other state rights. Card data is handled exclusively by Stripe, a PCI-DSS-certified processor. Children under 13 are barred from signup to comply with COPPA. Our cancellation flow follows the FTC's 2024 "Click-to-Cancel" rule.
1. Who We Are
• Controller: AI FILMS Studio, LLC, Wyoming, USA
• Email: help@studio.aifilms.ai
• EU Representative: Not yet appointed. We will update this Policy with name and contact details as soon as the appointment is complete, in accordance with GDPR Art 27.
• Data-Protection Officer: Not required at current scale; will appoint if thresholds in GDPR Art 37 are met.
2. Scope
Applies to:
• Public website, Studio web-app, iOS/Android/desktop clients
• All subscription tiers & influencer accounts
• Marketing emails, referral links, and support tickets
Not covered: external sites we merely link to.
3. Definitions
Terms such as "Personal Data," "Processing," "Controller," "User," and "Visitor" follow GDPR Art. 4 definitions.
4. What Data We Collect
| Category | Examples | Source |
|---|
| Account | name, email, username, password hash | user-supplied |
| Payment | last-4 digits, card type, Stripe customer ID | Stripe webhooks |
| Usage / Telemetry | IP, device, clicks, generation logs | automatic |
| AI Creations | prompts, uploads, rendered output | user |
| Cookies / Pixels | session ID, analytics UID | browser |
We do not intentionally collect special-category data; if you upload it, you do so voluntarily.
5. Legal Bases & Purposes
| Purpose | Legal Basis (GDPR Art 6) | Details |
|---|
| Provide & bill the service | Contract (b) | create account, process subscriptions |
| Fraud & security logging | Legit. interest (f) | protect users & platform |
| Marketing newsletters | Consent (a) | opt-in; can unsubscribe any time |
| Analytics & product improvement | Legit. interest (f) | aggregated stats; feature R&D |
6. Model-Specific Disclosures
Midjourney Prompt Parameters -- Prompts containing disallowed flags (listed in the generator UI) are rejected; any failures for that reason are not refunded.
7. Cookies & Similar Tech
We use functional cookies and analytics cookies (Google Analytics, Hotjar). EU/UK visitors see a consent banner that blocks analytics until opt-in.
You can disable cookies in your browser; some features may break.
8. Marketing
We may send product updates and referral promotions. Opt out via profile settings or the unsubscribe link. We do not sell personal data to third-party advertisers.
9. Sharing & Processors
• Stripe -- payment processing (PCI DSS compliant)
• AWS / GCP -- cloud hosting
• OpenAI / Anthropic / Stability -- AI inference APIs
• Analytics -- Google Analytics, Hotjar
All vendors sign Data-Processing Agreements and receive only data essential to their function.
10. International Transfers
Data is stored in the U.S. and may be transferred internationally. For EU/UK data we rely on Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.
11. User Rights
| Region | Core Rights |
|---|
| EU/UK (GDPR) | access, rectification, erasure, restriction, portability, objection, automated-decision review |
| California (CCPA/CPRA) | know, delete, correct, opt-out of "sharing," limit sensitive data |
| Other U.S. States (CO, VA, CT etc.) | similar opt-out + appeal rights |
Request via help@studio.aifilms.ai or in-app form; we respond within 30 days (extendable to 60 days for complex cases).
12. Data Retention
• Account data: active + 6 years for tax/audit
• Usage logs: 24 months then aggregated
• AI creations: until user deletes or 180 days post-account closure
13. Children's Privacy
Service not directed to under-13s; we block age-restricted features for users under 18. COPPA compliance: no collection of under-13 personal info.
14. Security
Controls: TLS 1.3, AES-256 at rest, RBAC, annual pen-tests, 24/7 monitoring.
We notify users and regulators within 72 hours of a data breach (GDPR Art 33).
15. Changes
We may update this Policy; material changes are announced via email/banner. Continued use = acceptance.
16. Contact
• Email: help@studio.aifilms.ai
• EU Representative: to be appointed -- this Policy will be updated when available.
• Data-Protection Officer: [TBD]
