Get Started

Privacy Policy

Last updated: January 2026

This Privacy Policy explains how personal data is collected, used, and protected when you use SceneLore (the “Service”).

SceneLore is operated by an individual freelancer registered in the Czech Republic (EU) (“we”, “us”, or “the Controller”).

This policy is designed to comply with the General Data Protection Regulation (GDPR) and applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA/CPRA).

1. Scope of This Policy

This Privacy Policy applies to:

  • The SceneLore website
  • The SceneLore web application
  • All related services provided through the platform

SceneLore is a generation-and-download tool, not a hosting or gallery service.

2. What Data We Collect

We collect only the data strictly necessary to operate the Service.

a) Account Data

  • Email address
  • User ID
  • Login timestamps

Used solely for passwordless authentication and account access.

b) Payment Data

Payments are processed by Stripe. We do not store payment card details.

We store limited billing metadata such as:

  • Stripe customer ID
  • Transaction IDs
  • Purchased credit amounts
  • Refund or chargeback events

c) User-Provided Content

  • Images uploaded by users for processing
  • Generated images or videos

Important: We do not store user media files ourselves. Media is processed by third-party AI providers and made available via temporary provider URLs only.

d) Technical & Security Data

  • IP address
  • Server logs
  • Error and abuse-prevention logs

Used exclusively for security, reliability, and fraud prevention.

3. How We Use Your Data

We process personal data for the following purposes:

  • Providing access to the Service
  • Authenticating users via email magic links
  • Processing payments and managing credits
  • Executing image and video generation requests
  • Preventing abuse and ensuring system security
  • Meeting legal and accounting obligations

We do not use your data for advertising, profiling, or marketing.

4. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract necessity
    To provide the Service, authenticate users, process generations, and manage credits.
  • Legal obligation
    To retain billing and transaction records as required by law.
  • Legitimate interest
    To ensure security, prevent abuse, and maintain system reliability.

We do not rely on consent for analytics or marketing purposes.

5. Cookies and Tracking

SceneLore does not use:

  • Analytics tools
  • Advertising cookies
  • Tracking pixels
  • Behavioral profiling

Only strictly necessary cookies and local storage are used to:

  • Maintain login sessions
  • Ensure core functionality of the web application

Because no non-essential cookies are used, no cookie consent banner is required.

6. Data Sharing and Third Parties

We share data only with service providers acting as data processors, solely to deliver the Service:

  • Vercel – hosting and server infrastructure
  • Vercel Postgres – database services
  • Stripe – payment processing
  • Email (SMTP provider) – transactional emails (login links, receipts)
  • AI providers (Gemini, KIE) – temporary processing of user-uploaded images and generation outputs

We do not sell or rent personal data.

7. Data Retention

We retain data only for as long as necessary:

  • Account data: retained while the account is active
  • Billing records: retained as required by accounting and tax law
  • Job and credit records: retained for audit and dispute resolution
  • Uploaded images and generated outputs:
    • Not stored by us
    • Retained by AI providers for up to 14 days, then automatically deleted

After expiration, media files are no longer accessible.

8. User Rights

Depending on your location, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal retention obligations)
  • Object to certain processing
  • Request data portability (GDPR)
  • Request disclosure or deletion under CCPA/CPRA (California residents)

How to exercise your rights

Send a request to: support@scenelore.com

Requests are verified and handled manually. We respond within 30 days.

9. Security Measures

We apply appropriate technical and organizational safeguards, including:

  • HTTPS encryption
  • Access-controlled infrastructure
  • Server-side processing only
  • No exposure of provider API keys to the client
  • Monitoring and logging for abuse prevention

Security measures are proportionate to the size and nature of the Service.

10. International Data Transfers

Because the Service operates globally, data may be processed outside the EU.

Where required, international transfers rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent lawful mechanisms.

11. Policy Updates

We may update this Privacy Policy from time to time.

Material changes will be reflected by updating the “Last updated” date.

Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Information

Data Controller:
Individual freelancer, Czech Republic (EU)

Privacy contact:
📧 support@scenelore.com