Privacy Policy

1. Information We Collect

We collect only the information needed to operate, secure, and improve the Service:

• Account information (Google OAuth). When you sign in with Google, we receive your name, email address, and profile image to create and authenticate your account. We request only the scopes openid, email, and profile and do not read your Gmail/Drive content or act on your behalf.
• Usage and log data. We collect IP addresses, timestamps, quota counts, pages/actions, and basic device information to enforce fair-use limits, troubleshoot issues, and protect the Service from abuse.
• Human verification (Cloudflare Turnstile). We use Cloudflare Turnstile to distinguish real users from bots. Turnstile may process technical signals (e.g., browser characteristics) solely for fraud prevention. See Cloudflare’s policy for details.
• Uploaded content & processing (if you use file/video tools). Uploaded files may be temporarily stored in Vercel Blob and processed by Replicate (AI inference) only to provide the requested feature (e.g., watermark removal). Files are deleted after processing and within [24–72 hours] at most. You are responsible for having rights to the content you upload.
• Support correspondence. Messages you send to us (including attachments) are stored so we can respond and keep records.
• Payments. When you purchase a subscription, Stripe processes your payment information. We receive the result of the transaction (plan, status, Stripe customer IDs) and do not store full card numbers.

2. How We Use Information

• Provide, maintain, and personalize the Service (including authentication, quota tracking, and file processing)
• Detect, investigate, and prevent fraudulent or abusive activity (including bot/abuse prevention)
• Process payments and manage subscriptions
• Respond to support requests and send important notices
• Analyze aggregated usage to improve performance and plan features
• Comply with legal obligations and enforce our Terms of Service

3. Legal Bases for Processing (where applicable, e.g., GDPR)

• Performance of a contract (providing the Service you requested)
• Legitimate interests (security, fraud prevention, reliability), balanced against your rights and freedoms
• Consent (e.g., for optional cookies/communications)
• Legal obligations (e.g., maintaining records, responding to lawful requests)

4. Cookies and Similar Technologies

We use strictly necessary cookies/session tokens for authentication and security. We do not use advertising cookies. If we use analytics or performance cookies, they are limited to understanding how the Service is used and can be controlled via your browser settings or any in-product preference we provide. See our Cookie Policy for details.

5. How We Share Information

We share information only with service providers who help us operate the Service and who are bound by confidentiality and data-processing agreements. Key providers include:

• Vercel (hosting, routing, logs/CDN)
• Cloudflare Turnstile and related CDNs (human verification and secure delivery)
• Google (authentication; optional analytics if enabled)
• Stripe (payments, invoicing, fraud prevention)
• Vercel Blob (temporary object storage for uploaded files, if applicable)
• Replicate (AI inference for processing, if applicable)
• Neon/Supabase (database, if applicable)

We do not sell personal information. We may disclose information when required by law, in response to legal processes, or to protect our rights, property, and users.

6. International Data Transfers

Our infrastructure and providers may operate in the United States and other countries. Where we transfer personal data internationally, we implement appropriate safeguards (such as Standard Contractual Clauses) or rely on providers that participate in recognized frameworks to ensure adequate protection.

7. Data Retention

• Account data: retained while your account is active and as needed for the purposes above.
• Usage/log data: retained for approximately [30–90 days] to monitor quotas and security events.
• Uploaded files: retained only for processing and deleted afterwards, typically within [24–72 hours].
• Payment/transaction records: retained as required for accounting and tax compliance (up to [7 years] in some jurisdictions).

You may request deletion of your account or anonymization of usage data at any time (see Section 11).

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your data; to object to or restrict certain processing; and to withdraw consent. To exercise these rights, contact [email protected]. We may request information to verify your identity.

9. Security

We implement technical and organizational measures to protect personal data, including encryption in transit, access controls, least-privilege, monitoring, and regular reviews. No method is 100% secure, but we work to maintain industry-standard protections.

10. Children’s Privacy

The Service is not directed to children under 13 (or 16 where applicable), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us and we will take appropriate action.

11. Changes to This Policy

We may update this Policy from time to time. We will post the updated version here and revise the “Effective date”. When appropriate, we will provide additional notice (e.g., prominent messaging or email). Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

12. Contact

Sora Watermark Remover
Email: [email protected]
Website: https://sora2watermarkremover.app