Privacy Policy

Last updated: April 20, 2026

1. Information We Collect

Account information: Email address, username, and password hash when you register. If you use Google OAuth, we receive your name and email from Google.

Payment information: Billing is processed by Stripe. We do not store your credit card number. Stripe retains payment details under their own privacy policy.

Content you create: Scripts, video settings, and generated videos. We store these to provide the Service and allow you to access your video history.

Usage data: Video creation counts, plan usage, and feature interactions to improve the Service and enforce plan limits.

Technical data: IP address, browser type, and device information collected automatically via server logs.

2. How We Use Your Information

  • Provide and operate the video creation service
  • Process payments and manage subscriptions
  • Send transactional emails (video completion, billing alerts, password reset)
  • Enforce plan quotas and prevent abuse
  • Improve the Service based on usage patterns
  • Respond to support requests

3. Third-Party Services

We use the following third-party services that process your data:

  • OpenAI — Text-to-speech voice generation. Your script text is sent to OpenAI's API to generate audio.
  • Anthropic (Claude) — AI script generation and translation. Your prompts are processed by Claude's API.
  • Pexels — Background video search. Search queries are sent to Pexels' API.
  • Stripe — Payment processing. Billing information is handled by Stripe.
  • Amazon S3 — Video file storage. Generated videos are stored on AWS S3.
  • Reddit API — Content extraction when you provide a Reddit URL. We fetch publicly available post data.

Each third-party service operates under its own privacy policy. We only share the minimum data necessary to provide the Service.

4. Data Storage & Security

Your data is stored on servers in the United States and Germany (Hetzner). We use encryption in transit (TLS/HTTPS) and encrypt sensitive data at rest. Passwords are hashed with bcrypt. API keys and secrets are encrypted with sops+age.

5. Data Retention

Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.

Videos: Stored as long as your account is active. You can delete individual videos at any time from your dashboard.

Server logs: Retained for 90 days for security and debugging purposes.

6. Your Rights

You have the right to:

  • Access your personal data via your account Settings
  • Correct inaccurate information by updating your profile
  • Delete your account and all associated data
  • Export your data by downloading your videos
  • Object to processing by contacting us

7. Cookies

We use a single authentication token stored in localStorage (not a cookie) to keep you logged in. We do not use tracking cookies. If we add analytics in the future, we will use a privacy-friendly solution that does not require a cookie consent banner.

8. Children's Privacy

Tsuyu is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "last modified" date. Continued use of the Service constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or data requests, reach us at the email listed on our website.