Privacy Policy

SRTGen.com ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have regarding your information when you use the SRTGen.com platform.

This Policy applies to the SRTGen.com website, our web application, Developer API, and the @SRTGenBot social automation feature on X (formerly Twitter).

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Service.

Legal Basis (for EEA/UK users): If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases: performance of a contract (to provide the Service), legitimate interests (improving services, fraud prevention), consent (marketing communications), and legal obligation (compliance with laws).

Account Information: When you register, we collect your name, email address, and (if applicable) a hashed password. If you register via OAuth (e.g., Google), we receive your name, email, and profile picture from your chosen provider.

Payment Information: We collect billing-related information including your Stripe customer ID, subscription plan, subscription status, and billing period dates. We do not store full credit card numbers — all payment details are handled securely by Stripe, Inc.

Content You Upload: We store the video files, audio files, processed output files (subtitled videos, SRT/VTT/ASS exports), thumbnail images, and any source URLs you paste (for link-based imports). These are stored in Backblaze B2 cloud storage.

AI Processing Data: When you use transcription or translation, audio content is sent to third-party AI providers (AssemblyAI and/or Google Gemini). These providers may transiently process your audio. We encourage you to review their respective privacy policies: - AssemblyAI: https://www.assemblyai.com/privacy-policy - Google Gemini / Vertex AI: https://policies.google.com/privacy

X Account Credentials: If you connect an X account for the @SRTGenBot automation feature, we store your X user ID, username, profile image URL, and OAuth access credentials (tokens). These are stored encrypted and used solely to enable X bot automation on your behalf.

Usage Data: We automatically collect metadata about your use of the Service, including: project creation and processing logs, credit deduction records, job status history, API key creation and usage timestamps, and error logs. This data is used for service delivery, billing accuracy, and debugging.

Communication Data: If you contact us via the Contact form or email, we store your name, email address, inquiry type, and message content (including any attachments you upload).

Feedback & Analytics: We collect feedback submissions, doc helpfulness ratings, and general platform usage analytics (aggregated and anonymized where possible). We do not currently use third-party analytics cookies.

Device & Technical Data: We may collect your IP address, browser type, operating system, and referring URLs for security, rate limiting, and fraud prevention purposes.

We use your personal data for the following purposes:

Service Delivery: - To create and manage your account - To process video files and generate AI-powered subtitles - To execute Cloud Burn rendering jobs and export subtitle files - To operate the @SRTGenBot X automation on your behalf - To manage and provision your credit balance and subscription benefits - To provide Developer API access

Billing & Payments: - To process subscription payments and credit top-up purchases via Stripe - To send invoices, receipts, and billing notifications - To manage subscription renewals, upgrades, downgrades, and cancellations

Security & Trust: - To authenticate your identity and secure your account - To detect and prevent fraudulent activity, unauthorized access, and abuse of quotas or the credit system - To enforce our Terms of Service and Acceptable Use Policy

Service Improvement: - To analyze aggregated usage patterns and improve AI model accuracy - To prioritize feature development based on user behavior - To debug technical issues and resolve errors

Communication: - To respond to your support requests and contact form submissions - To send transactional notifications (e.g., job completion, billing alerts) - To send product updates, new feature announcements, and promotional communications (you can opt out at any time)

Legal Compliance: - To comply with applicable laws, regulations, court orders, and law enforcement requests

We do not sell your personal data. We share data only in the following circumstances:

AI Processing Providers: Audio content from your videos is transmitted to AssemblyAI and/or Google Gemini (Vertex AI) for transcription and translation. These providers act as data processors under appropriate data processing agreements.

Cloud Storage: Your files are stored in Backblaze B2 cloud storage. Files are transmitted over encrypted connections and stored with access controls.

Hosting & Infrastructure: Our website, www.srtgen.com, and its underlying web infrastructure are hosted and secured using Cloudflare. Cloudflare processes website traffic, including IP addresses, for performance routing, CDN delivery, and security purposes.

Payment Processor: Billing data is processed by Stripe, Inc. Stripe is an independent data controller for payment-related data. We receive only non-sensitive billing metadata (customer ID, subscription status).

Authentication Providers: If you use OAuth login (e.g., Google), your authentication is handled by the respective provider. We receive only the profile data they share (name, email, avatar).

X (Twitter) API: The @SRTGenBot feature interacts with the X API using your connected account credentials to post automated replies. Your X usage data may be subject to X's own privacy policy.

Email Service Provider: We use a transactional email service to deliver account verification, password reset, billing, and notification emails.

Legal Disclosure: We may disclose your data to law enforcement, government agencies, or courts when required by law, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of SRTGen.com, our users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

Aggregated / Anonymized Data: We may share aggregated, non-identifiable data (e.g., total active users, average processing times) publicly or with partners for research and marketing without restriction.

We retain your personal data for as long as necessary to provide the Service and comply with legal obligations.

Account Data: Retained for the duration of your active account, plus up to 90 days after account deletion (to allow for disputes or recovery requests). After 90 days, your personal identifiers are purged.

Uploaded Files & Projects: Video files, audio files, processed outputs, and project records are retained while your account is active. Files associated with deleted projects are queued for deletion from cloud storage within 30 days. Upon account deletion, all files are scheduled for permanent deletion within 90 days.

Billing Records: Transaction and subscription records may be retained for up to 7 years in accordance with financial regulation and tax law requirements, even after account deletion.

AI Processing Logs: Transcription and translation job metadata (status, timestamps, credit usage) are retained for up to 2 years for audit and billing accuracy purposes.

X Account Credentials: Stored while your X account remains connected. Revoking your X connection from the dashboard will delete stored access tokens within 24 hours.

Contact & Feedback Data: Inquiry records are retained for up to 3 years to maintain communication history and resolve disputes.

We implement industry-standard security measures to protect your data:

- Encryption in Transit: All data transmitted between your browser and our servers uses TLS/HTTPS encryption. - Encrypted Storage: Sensitive credentials (including X OAuth tokens and API keys) are encrypted at rest. - Access Controls: Our infrastructure uses role-based access controls. Only authorized personnel with a business need can access production data. - API Key Security: API keys are displayed only once at creation and stored as one-way hashed values. We display only the last 4 characters for identification. - Session Security: User sessions are protected with signed, short-lived tokens. Inactive sessions are automatically expired. - Rate Limiting: Our API and authentication endpoints are rate-limited to prevent brute-force attacks and abuse. - Regular Audits: We conduct periodic security reviews of our systems and third-party integrations.

No System is Perfect: Despite our efforts, no security system is completely invulnerable. In the event of a data breach that affects your personal data, we will notify you as required by applicable law (typically within 72 hours of discovery for EEA residents).

If you discover a security vulnerability, please disclose it responsibly via our Contact Us page.

Depending on your location, you may have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten): Request deletion of your personal data, subject to our legal retention obligations.

Right to Restriction: Request that we limit how we process your data in certain circumstances.

Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent: Where processing is based on consent (e.g., marketing emails), you may withdraw consent at any time without affecting prior processing.

California Residents (CCPA/CPRA): California residents have the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell data), the right to delete, the right to correct, and the right to non-discrimination for exercising these rights.

How to Exercise Your Rights: Submit a request via our Contact Us page with the subject line "Privacy Rights Request." We will respond within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

Essential Cookies: We use session cookies and authentication tokens that are strictly necessary for the platform to function (login state, CSRF protection, session management). These cannot be disabled.

Functional Preferences: We may store user preferences (such as your theme or locale selection) in browser local storage to personalize your experience.

Analytics: We may use privacy-respecting analytics to understand aggregate usage patterns. We do not use Google Analytics. Where third-party analytics are used, data is anonymized and no cross-site tracking occurs.

No Advertising Cookies: We do not use cookies for advertising or behavioral profiling. We do not participate in ad networks or retargeting programs.

Managing Cookies: You can manage or delete cookies through your browser settings. Disabling essential cookies will affect the functionality of the platform.

SRTGen.com processes and stores data in server locations that may include regions outside your country of residence, including the United States and European Union.

If you are located in the EEA or UK, we ensure that international data transfers are protected by appropriate safeguards, including: - Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our data processors where required. - Adequacy Decisions: We rely on adequacy decisions where available. - Backblaze B2: Data may be stored in US-based servers. We use Backblaze's data processing addendum compliant with GDPR requirements. - AI Providers: AssemblyAI and Google Gemini have their own international data transfer mechanisms. We recommend reviewing their policies for details on data residency.

SRTGen.com is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal data from children.

If we learn that we have inadvertently collected data from a child, we will promptly delete that information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately via our Contact Us page.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make material changes, we will: - Update the "Last Updated" date at the top of this page - Notify registered users via email to their account email address - Display a prominent notice on the platform for a reasonable period

We encourage you to review this Policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the revised Policy.

SRTGen.com is the data controller responsible for your personal data.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:

Contact: via our Contact Us page Website: https://www.srtgen.com

For EEA/UK users, if you are not satisfied with our response to your privacy request, you have the right to lodge a complaint with your local data protection authority.