[ Privacy Policy ]
Last updated: 1 April 2026
ShortsCraft ("we", "us", "our") operates the shortscraft.app website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our AI video generation service. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using ShortsCraft, you agree to the practices described in this policy.
ShortsCraft is the data controller for the personal data processed through our platform. If you have any questions about this policy or your data, contact us at support@shortscraft.app.
Account information: When you register, we collect your name, email address, and hashed password. If you sign in via a third-party provider, we receive your name and email from that provider.
Billing information: Payment details (card number, billing address) are collected and processed directly by Stripe. We store only a truncated card identifier, your subscription status, and transaction history.
Usage data: We collect information about how you interact with the platform, including pages visited, features used, generation requests, credit consumption, timestamps, IP address, browser type, and device information.
Generated content metadata: We store metadata related to your AI-generated videos, including prompts, model selections, generation parameters, timestamps, and output references. Video files are stored temporarily for delivery and then removed according to our retention schedule.
Scripts and inputs: Text you enter into the script writer, prompt fields, and niche workflow configurations are stored to provide the service and enable you to revisit past projects.
To provide the service: Processing your generation requests, managing your account, delivering generated content, and tracking credit usage.
Billing and payments: Processing subscriptions, invoices, and refunds through Stripe.
To improve the product: Analysing aggregate usage patterns to improve platform performance, optimise model routing, and develop new features. We do not use your prompts or generated content to train our own AI models.
Communication: Sending transactional emails (account confirmations, billing receipts, generation status updates). We will not send marketing emails unless you explicitly opt in.
Legal compliance: Meeting our obligations under applicable law, responding to legal requests, and enforcing our Terms of Service.
We rely on the following third-party services to operate ShortsCraft. Each processes data in accordance with their own privacy policies:
Supabase: Hosts our database and authentication system. Your account data, project data, and metadata are stored in Supabase infrastructure.
Stripe: Processes all payments. When you subscribe or purchase credits, your payment information is sent directly to Stripe. We never store full card details on our servers.
AI generation providers (Google, OpenAI, Kling, Vidu, Hailuo, Seedance, Wan, and others): When you request a video generation, your prompts and relevant parameters are sent to the selected AI provider's API. These providers process your input to generate content and may retain data in accordance with their own policies. We recommend reviewing the privacy policies of the specific providers you use.
Vercel: Hosts the ShortsCraft web application. Standard server logs (IP address, request path, timestamps) may be collected by Vercel infrastructure.
Under UK GDPR, we process your personal data on the following lawful bases:
Contract: Processing necessary to perform our contract with you (providing the service, managing your account, processing payments).
Legitimate interests: Improving our platform, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
Consent: Where you have given explicit consent, such as opting in to marketing communications.
Legal obligation: Where processing is required to comply with applicable law.
Account data: Retained for as long as your account is active. If you delete your account, we will erase your personal data within 30 days, except where we are required by law to retain it.
Generated video files: Stored for 30 days after creation to allow you to download them. After this period, files are automatically deleted from our servers.
Generation metadata and scripts: Retained for the lifetime of your account to allow you to revisit past projects. Deleted within 30 days of account deletion.
Billing records: Retained for 7 years after the transaction date to comply with UK financial record-keeping requirements.
Server logs: Retained for up to 90 days for security and debugging purposes.
Under UK GDPR, you have the following rights regarding your personal data:
Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
Right to data portability: Request an export of your data in a structured, commonly used format.
Right to restrict processing: Request that we limit how we use your data in certain circumstances.
Right to object: Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at support@shortscraft.app. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
ShortsCraft uses strictly necessary session cookies to authenticate your account and maintain your login state. These cookies are essential for the platform to function and cannot be disabled.
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not engage in cross-site tracking.
Some of our third-party service providers (including AI generation providers, Stripe, and Supabase) may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with UK GDPR.
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), encrypted database storage, secure authentication via Supabase, and access controls limiting employee access to personal data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
ShortsCraft is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@shortscraft.app and we will delete it promptly.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the platform. Your continued use of ShortsCraft after changes are posted constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
ShortsCraft
Email: support@shortscraft.app
© 2026 ShortsCraft. All rights reserved.