Privacy Policy
Last updated: May 2026
1. Who We Are
ContentOS Studio ("ContentOS Studio", "we", "us") provides this Service and is the controller of the personal data described in this policy. You can reach us at support@contentosstudio.com for any privacy question or to exercise your rights.
2. What We Collect
We collect: your email address and name (via Clerk, our authentication provider); the Brand Brain details and topics you enter; the scripts you generate; billing information when you subscribe (handled by Stripe, we never see or store your card number); product analytics if you consent (via PostHog); your IP address for rate limiting and, in hashed form, for analytics; and technical diagnostics when something errors (via Sentry, with personal data scrubbed).
3. How We Use Your Data, and Our Legal Bases
We use your data to provide the Service (generate and store scripts, personalise them with your Brand Brain) and to bill you, on the basis of our contract with you; to send product analytics, where you have given consent; and to keep the Service secure through rate limiting and error monitoring, on the basis of our legitimate interest. We send account and billing emails as part of providing the Service, and tips or product emails only where permitted, with a one-click unsubscribe in every one.
4. AI Processing
To generate a script, the topic you submit and your Brand Brain are sent through the Vercel AI Gateway to Anthropic's Claude API. We do not retain AI conversation logs beyond the generated output. Text-to-speech runs entirely in your browser (Kokoro), so your voiceover text never leaves your device and no third party processes it.
5. Third-Party Services (Sub-processors)
- Clerk: authentication and account management
- Stripe: payment and subscription processing
- Anthropic (via the Vercel AI Gateway): AI script generation
- Resend: account, billing, and product emails
- PostHog: product analytics (EU region, opt-in only)
- Sentry: error monitoring (personal data scrubbed)
- Supabase: database hosting
- Vercel: hosting and infrastructure
- Upstash: rate limiting
- Sanity: blog and changelog content (no user data)
6. International Transfers
Some of these providers are based outside the UK and EU, mainly in the United States. Where your data is transferred internationally, it is protected by appropriate safeguards such as the providers' Standard Contractual Clauses or an applicable adequacy decision.
7. Data Retention
We keep your account data while your account is active, and your scripts until you delete them. If you delete your account, we permanently remove the associated data within 30 days. Our providers apply their own retention periods to the data they process.
9. Your Rights
Under UK GDPR you have the right to access, correct, erase, port, restrict, or object to the processing of your data, and to withdraw consent at any time. Email support@contentosstudio.com to exercise any of these and we will respond within 30 days. You also have the right to complain to the Information Commissioner's Office at ico.org.uk.
10. Children
The Service is not directed to children. You must be at least 13 to use it, and at least 18 to buy a paid plan. We do not knowingly collect data from children under 13.
11. Data Breaches
If a personal data breach is likely to affect your rights, we will notify you and the Information Commissioner's Office without undue delay, as required by law.
12. Security
We protect your data with encryption in transit (TLS), secure authentication (Clerk), and personal-data scrubbing on error reports. Payment details are handled entirely by Stripe; we never see or store your card number.
13. Changes to This Policy
We may update this policy. When we do, we will change the date above, and we will highlight significant changes where appropriate.
14. Contact
For any privacy question, email support@contentosstudio.com. See also our Terms of Service.