Sintorio ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website sintorio.com (the "Site"), use our services (the "Services"), or interact with us in any other way. Our Services include AI-powered video clipping tools that transform long-form videos into short-form content.

We are GDPR-native and process video data on private infrastructure located in Lithuania. We adhere to the highest standards of data protection, with zero data retention policies for user-uploaded content. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use our Services.

By accessing or using the Site or Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Site or Services after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect on the Site or through our Services includes:

Personal Data

Personally identifiable information, such as:

Contact Information: Your name, email address, and other similar contact data that you voluntarily provide to us when registering for an account, subscribing to our Services, or contacting us.
Account Information: Username, password (hashed and encrypted), and preferences when you create an account.
Payment Information: Billing details, such as credit card numbers or other financial information, which are processed and stored securely by our third-party payment processor, Stripe. We do not store your full payment card details on our servers.
User Profile Data: Information you provide in your user profile, such as full name or avatar URL.

Derivative Data

Information our servers automatically collect when you access the Site, such as IP address, browser type, operating system, and access times.

User-Generated Content

Video and Media Files: Videos, audio, or other media you upload or provide links to (e.g., YouTube URLs) for processing. This content is processed temporarily on our private servers in Lithuania and is deleted immediately after processing is complete (typically within minutes). We do not retain, store, or use your media files for any purpose beyond fulfilling your request.
Processing Preferences: Settings you select, such as clip length, aspect ratios, transcription models, focus prompts, or brand templates. These are stored in our database for your convenience.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.

2. How We Use Your Information

We use the information we collect or receive:

To Provide and Maintain Our Services: To process your videos, generate clips, and deliver results, including transcription, clip selection, face tracking, captioning, and rendering.
To Manage Your Account: To create and manage your user account, authenticate logins, and provide personalized features.
To Process Payments: To facilitate subscriptions and credit purchases via Stripe.
To Communicate With You: To send administrative information, such as updates to our terms, conditions, and policies, or to respond to your inquiries.
To Improve Our Services: To analyze usage patterns and performance (anonymized and aggregated data only) to enhance speed, accuracy, and user experience.
For Security and Compliance: To prevent fraud, enforce our terms, and comply with legal obligations, including GDPR requirements.
For Marketing (With Consent): If you opt-in, to send promotional emails about new features or offers. You can opt-out at any time.

We do not use your data for targeted advertising or sell it to third parties. All video processing occurs on dedicated GPU hardware in Lithuania, with no data retention beyond the immediate processing session.

3. Sharing Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

With Service Providers

We may share your information with third-party vendors and service providers who perform services for us or on our behalf, such as:

Supabase: For database, storage, authentication, and real-time features (EU-based servers).
Stripe: For payment processing (secure, PCI-compliant).
OpenAI: For AI-powered clip selection and transcription (via APIs; transcript text is processed with a 30-day retention window for abuse monitoring by OpenAI, but is not used to train their models).
NVIDIA CUDA and Open-Source Tools: For GPU acceleration and video processing (run locally on our infrastructure; no data sharing involved).

Business Transfers

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, your information may be transferred as part of that transaction.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

4. Data Security

We use administrative, technical, and physical security measures to help protect your personal information, including:

Encryption: Data in transit (HTTPS/TLS) and at rest (via Supabase).
Access Controls: Role-based access and Row Level Security (RLS) in our database.
Zero Retention: User-uploaded videos are deleted immediately after processing (no backups or archives).
Private Infrastructure: Video processing occurs on our dedicated hardware in Lithuania, ensuring your content is never exposed to third-party public cloud environments during processing.

5. Your Privacy Rights (GDPR)

If you are a resident in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). These include:

Right to Access: Request a copy of your personal data.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure: Request deletion of your data (subject to legal retention requirements for billing data).
Right to Restrict Processing: Limit how we process your data.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests.

To exercise these rights, contact us at privacy@sintorio.com. We will respond within one month. You also have the right to lodge a complaint with the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) in Lithuania.

6. International Data Transfers

Our primary processing infrastructure is located in the EU (Lithuania). If we transfer data to service providers outside the EEA (e.g., OpenAI APIs in the US), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

7. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16.

8. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

9. Contact Us

If you have questions or comments about this Privacy Policy, you may email us at privacy@sintorio.com or by post to:

Sintorio
Vilnius, Lithuania