Privacy

Privacy policy

Sofuto Solutions LLP(“we”, “our”) takes the protection of your personal data seriously. This policy explains what we collect, why, and how you can exercise your rights under the UK GDPR and the Data Protection Act 2018.

1. Controller

Sofuto Solutions LLPTO FILL, TO FILL, United Kingdom.
Contact: hendylplm@outlook.fr

2. Data we collect

  • Account data: email address, user ID, and Google SSO metadata (name, profile picture) when you sign in with Google.
  • Payment data: Stripe customer ID and payment method ID (non-sensitive tokens). Full card numbers never touch our servers — Stripe collects and stores them directly.
  • User content: TikTok/Instagram video URLs you submit, face photos you upload for face swap, workspace logos, custom scripts, and the final rendered videos.
  • Technical data: IP address, user-agent, API access logs used for security and abuse prevention.
  • Workspace data: the name, default language and logo of each workspace you create.

3. Purposes and lawful basis

PurposeLawful basisRetention
Operating the service (account, pipelines, delivery)Performance of a contractWhile your account is active
Processing payments and auto top-upsPerformance of a contract6 years (UK accounting records)
Fraud prevention and securityLegitimate interest12 months (access logs)
Customer support and transactional communicationPerformance of a contractDuration of the relationship + 3 years
Product improvement (aggregated usage analytics)Legitimate interest24 months

4. Sub-processors and international transfers

We rely on the following sub-processors to operate the service. Some are located outside the UK; where that is the case the transfer is based on the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.

Sub-processorRoleLocation
Stripe Payments Europe LtdPayment processing (Checkout, recurring billing, card storage)Ireland (EU)
Supabase Inc.Authentication, database, file storage (workspace logos, etc.)United States (with optional EU region)
Vercel Inc.Application hosting and content delivery (CDN)United States
Kie.aiAI face swap models (Nano Banana 2 + Kling Motion Control)Hong Kong / International
Deepgram Inc.Video audio transcription (Deepgram Nova-2)United States
ElevenLabs Inc.AI-generated voice synthesis (voiceovers)United States
OpenRouterAccess to AI models (Claude Sonnet for scripts, Gemini for clip analysis)United States
Twilio SendGridTransactional email delivery (final videos, receipts)United States
Amazon Web Services (S3)Temporary storage of final rendered videos before deliveryEU and/or US regions depending on configuration

5. Video content and AI processing

Videos you submit are downloaded, transcribed, and processed by our AI models to produce the final output. Intermediate and final files are stored temporarily (up to 30 days after generation) and then deleted automatically. We do not use your content to train third-party models unless stated otherwise in the relevant sub-processor's policy.

6. Cookies

We use only strictly necessary cookies needed for the service to work (Supabase session, active workspace preference). We do not set advertising or tracking cookies without your explicit consent.

7. Your rights

Under the UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Request rectification of inaccurate data
  • Request erasure (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time, where processing relies on consent
  • Complain to the UK Information Commissioner's Office (ICO) — ico.org.uk

To exercise any of these rights, write to hendylplm@outlook.fr. We respond within 30 days.

8. Security

We apply appropriate technical and organisational measures to protect your data: TLS encryption in transit, encryption at rest on our database (Supabase), strong authentication (Google SSO), environment isolation, logging of sensitive operations, and least-privilege access to API keys.

9. Changes to this policy

We may update this policy to reflect changes to the service or to the applicable legal framework. When the change is material we will notify you by email. The last-updated date appears at the bottom of this page.

10. Contact

For any question about how we handle your personal data: hendylplm@outlook.fr.