Introduction
This Privacy Policy describes how Syntactic Digital LTD ("we", "us", "our") collects, uses, stores, and protects personal information in connection with your use of censorble.studio (the "Service").
We operate under a principle of data minimisation: we collect only what is strictly necessary and retain it only for as long as needed. This policy applies to all users of the Service, including those who register accounts and purchase Gem Packs.
Data We Collect
We collect the following categories of data only to the extent necessary to provide the Service:
| Data Type | What It Includes | Purpose |
|---|---|---|
| Account Data | Email address, display name, hashed password (via Firebase Auth), account creation date | Account creation, login, password recovery |
| Transaction Data | Gem Pack purchase history, Gem balance, transaction timestamps | Processing purchases, balance management, support |
| Video Content | Videos you upload for editing, temporarily held during processing | Delivering the video editing service to you |
| Technical / Debug Data | Error logs, crash reports, device type, OS version, app version, IP address (anonymised where possible) | Identifying and fixing bugs, improving service stability |
| Usage Data | Features used, edit actions taken, session timestamps | Service improvement and debugging |
How We Use Your Data
We use the data we collect for the following purposes only:
- Providing the Service: Processing your video uploads, applying edits, and managing your Gem balance.
- Account Management: Creating and maintaining your account, authenticating logins, and enabling account recovery.
- Payment Processing: Facilitating Gem Pack purchases through PayPal.
- Debugging & Support: Diagnosing technical issues, resolving errors, and responding to support requests.
- Legal Compliance: Meeting our obligations under applicable laws, including fraud prevention and regulatory requirements.
- Security: Detecting and preventing unauthorised access, abuse, and policy violations.
We do not use your data for advertising, profiling, or sale to third parties.
Legal Basis for Processing
Where applicable privacy law (such as the UK GDPR, EU GDPR, or similar frameworks) requires us to identify a lawful basis for processing your personal data, we rely on the following:
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Contract β necessary to perform the agreement between you and us |
| Processing Gem Pack purchases via PayPal | Contract β necessary to fulfil your purchase |
| Storing debug logs and crash reports | Legitimate interests β maintaining a stable, secure, and functional service |
| Fraud detection and security monitoring | Legitimate interests β protecting the Service and our users from harm |
| Retaining financial records | Legal obligation β compliance with financial and tax regulations |
| Responding to law enforcement requests | Legal obligation β compliance with applicable laws |
If you are in a jurisdiction that requires consent as a basis for specific processing activities, we will obtain that consent separately and you will always have the right to withdraw it.
Data We Do Not Collect
In line with our minimal data principle, we do not collect:
- Your physical address or phone number (unless you voluntarily provide these for support).
- Biometric data or facial recognition information.
- Social media profiles or third-party account data (unless you sign in via a supported OAuth provider).
- Data about your contacts, location (beyond coarse IP-based region), or browsing history outside the Service.
- Any data from individuals under 18.
Firebase & Third-Party Services
5.1 Firebase (Google)
We use Firebase (provided by Google LLC) for authentication and data storage. Firebase may process your account data on servers located in various regions globally. By using the Service, you acknowledge that your account data is handled in accordance with Google's Privacy Policy.
5.2 PayPal (Payment Processing)
Gem Pack purchases are processed by PayPal (PayPal Holdings, Inc. / PayPal (Europe) S.Γ r.l. et Cie, S.C.A., as applicable to your region). When you make a purchase, you will interact directly with PayPal's payment interface. We do not store, see, or have access to your full card number, bank account details, or PayPal password.
As required by PayPal's Data Protection Addendum, we disclose the following:
- PayPal is an independent data controller for any personal data you provide directly to PayPal during payment. This means PayPal determines its own purposes and means of processing your data, separately from us.
- PayPal may receive information such as your email address and transaction details to facilitate and confirm payments.
- PayPal's data practices are governed by the PayPal Privacy Statement, which we encourage you to read.
- PayPal is PCI DSS compliant, meaning your payment card data is handled to the highest industry security standard.
We receive only a transaction confirmation and Gem Pack purchase record from PayPal. We do not receive or store your raw payment credentials.
5.3 No Sale of Data
We do not sell, rent, or trade your personal information to any third party for commercial purposes.
5.4 Legal Disclosure
We may disclose your data to law enforcement or regulatory authorities where required by law, court order, or where we have a good-faith belief that disclosure is necessary to prevent imminent harm, fraud, or illegal activity.
Data Storage & Security
6.1 Security Measures
We take the security of your personal data seriously and implement the following safeguards:
- Encryption in transit: All data exchanged between your device and our servers is encrypted using TLS/HTTPS.
- Encryption at rest: Stored data is encrypted using industry-standard methods.
- Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis.
- Firebase Security Rules: Data stored in Firebase is protected by server-side security rules preventing unauthorised reads and writes.
- Regular reviews: We periodically review and update our security practices.
6.2 Limits of Security
Despite our best efforts, no method of data transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to responding promptly and transparently in the event of an incident.
Data Breaches & Incident Response
In the event of a confirmed personal data breach that poses a risk to affected users, we will:
- Notify affected users by email within the timeframe required by applicable law (typically 72 hours under GDPR-type frameworks).
- Report to relevant supervisory authorities where legally required.
- Provide clear information about what data was affected, the likely consequences, and the measures we are taking.
- Take immediate steps to contain the breach and prevent further exposure.
We maintain an internal incident response plan and regularly test our security posture to reduce the risk of breaches.
Data Retention
We retain your personal data only for as long as necessary:
- Account data: Retained for the duration of your account and deleted within 30 days of account closure, except where retention is required by law.
- Video content: Uploaded videos are retained only during active processing and for a short buffer period for re-download. They are not permanently stored or used for any other purpose.
- Debug/log data: Retained for up to 90 days for the purpose of diagnosing ongoing technical issues, then deleted.
- Transaction records: Retained for up to 7 years for financial compliance and audit purposes.
Children's Privacy
The Service is not directed at, intended for, or permitted to be used by individuals under the age of 18. We do not knowingly collect personal data from minors.
If we become aware that personal data has been collected from a user under 18, we will delete that data promptly and permanently close the associated account. If you are a parent or guardian and believe your child has used this Service, please contact us immediately at privacy@censorble.studio.
Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, please contact us at privacy@censorble.studio. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
Cookies & Tracking
We use only essential functional cookies and session tokens required to operate the Service (e.g., maintaining your logged-in state). We do not use advertising cookies, third-party tracking pixels, or behavioural analytics tools that profile you across external sites.
Firebase may set its own cookies in accordance with Google's cookie policies. By using the Service, you consent to the use of essential cookies.
Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you via email or an in-app notification at least 14 days before the changes take effect. The updated Effective Date will always appear at the top of this document.
Continued use of the Service following the effective date of any update constitutes your acceptance of the revised policy.
Contact & Data Controller
If you have any questions about this Privacy Policy, wish to exercise your rights, or wish to make a complaint, please contact:
- Privacy Contact: privacy@censorble.studio
- Company: Syntactic Digital LTD
- Response Time: Within 30 days of receipt.
If you are located in the EU/EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.