Privacy Policy

Last updated: June 2026

This Privacy Policy explains how SBlitz AI ("we", "us") collects, uses, shares, and protects information when you use our website and services. It is written to align with the EU GDPR and UK GDPR.

Information we collect

  • Account data — email, display name, hashed password (where applicable), authentication identifiers.
  • Content data — prompts, scripts, generated stories, voices, videos, thumbnails, and any media you upload.
  • Billing data — Stripe customer/subscription IDs, plan, status, billing period; full card details are handled by Stripe and never stored by us.
  • Usage data — feature usage counts, quota, logs, IP address, browser type, device, approximate location.
  • Cookies & similar tech — see our Cookie Policy.

How we use information

To provide and secure the service, generate content you request, process payments, prevent abuse and fraud, communicate service updates, improve quality, and comply with legal obligations.

AI generation disclosures

SBlitz AI uses third-party large language, voice, and video models to generate output from your prompts. Your prompts and necessary metadata are sent to those providers strictly to fulfill your request. We do not use your prompts or generated outputs to train our own foundation models. AI-generated content may be inaccurate, biased, or offensive; you are responsible for reviewing it before publishing or sharing.

Legal bases (GDPR/UK GDPR)

We process personal data under the following bases: contract (to deliver the service you signed up for), legitimate interests (security, fraud prevention, product improvement), consent (optional cookies, marketing emails where applicable), and legal obligation (tax/accounting).

Data sharing

We share data only with processors required to run the service: hosting and database (Supabase), payments (Stripe), AI providers (OpenAI, Google AI, ElevenLabs, Replicate and similar), email delivery, analytics, and error tracking. Each processor is bound by a Data Processing Agreement. We do not sell personal data and do not share data for cross-context behavioral advertising.

International transfers

Some providers operate outside the EU/UK. Where required, transfers rely on Standard Contractual Clauses and additional safeguards.

Retention

Account and content data are retained while your account is active and for up to 30 days after deletion, except where longer retention is required by law (e.g., tax records up to 7 years). System logs are kept up to 90 days.

Your rights

You may access, correct, export, restrict, object to processing, and delete your data. You may also withdraw consent at any time. EU/UK residents may lodge a complaint with their supervisory authority. To exercise your rights, email privacy@storyblitz.ai; we respond within 30 days.

Children

The service is not directed to children under 13 (or the digital-consent age in your region) and we do not knowingly collect their data.

Security

Data is encrypted in transit (TLS) and at rest. Access is restricted with role-based controls and audit logging. No method is 100% secure; please use a strong unique password and enable any available account protections.

Changes

We may update this Policy; material changes will be communicated by email or in-app at least 14 days in advance.

Contact

Controller: SBlitz AI. Privacy contact: privacy@storyblitz.ai. General: hello@storyblitz.ai.