SurtitleLive Logo

Privacy Policy

Last Updated: February 1, 2026

1. Introduction & Policy Changes

SurtitleLive ("we," "our," or "us"), operated in Calgary, Alberta, Canada, is committed to protecting your privacy and your creative intellectual property. We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via the Service or email with an updated revision date.

2. Information We Collect

  • Account Information: Name, email address, and billing information. Payments are processed securely via Stripe.
  • User Content: Scripts, subtitles, and documents you upload for processing, storage, and display. You retain 100% ownership of your creative work.
  • Technical & Security Logs: We collect diagnostic information (e.g., error codes, device type, feature usage) and security event logs to maintain service stability and defend against cyber threats. These logs may also be used to determine eligibility for refunds, enforce subscription terms, and prevent abuse of trial or refund policies.
  • Cookies & Analytics: We use essential cookies and minimal technical analytics strictly for service functionality, security, and session management. We do not use advertising or cross-site tracking cookies.

3. Purpose & Legal Basis for Processing

We process personal data and User Content only for the following purposes:

  • Service Delivery: Providing surtitling, storage, and live display functions.
  • Contractual Obligations: Fulfilling our agreement to process and manage your scripts.
  • Security & Integrity: Protecting the platform from malicious activity, including Cross-Site Scripting (XSS) and Prompt Injection.
  • Legal Compliance: Complying with applicable laws and protecting our legal rights.

4. Data Processing, Storage & AI Integrity

  • Cloud Hosting & Display: Your User Content is stored in secure, encrypted environments to enable cloud synchronization and live performance display.
  • Security Scanning: To maintain platform integrity, we employ automated systems to scan for technical threats. These scans are programmatic and do not involve manual review of your creative content.
  • AI Confidentiality: We do not use your User Content or creative feedback to train, tune, or improve third-party or proprietary AI models.
  • Zero Manual Access: SurtitleLive staff are prohibited from accessing your User Content except when explicitly requested by you for technical support or as required by law.

5. Data Sharing & Sub-processors

SurtitleLive does not sell personal information or User Content. We utilize trusted sub-processors:

  • Infrastructure: Google Cloud Platform (Primary hosting and encrypted storage).
  • Security: Cloudflare (WAF, CDN, and DDoS protection).
  • Payments: Stripe (PCI-compliant billing).

6. Team Collaboration

If you use the Service as part of an Organization or Production Team, the administrators of that workspace have the ability to access and manage User Content within that shared environment. SurtitleLive is not responsible for the internal privacy practices of your Organization.

7. Data Security & Retention

  • Encryption: We implement TLS/SSL for data in transit and Application-Layer AES-256-GCM for User Content, ensuring that screenplay data remains encrypted until it reaches the authorized viewer device.
  • Retention upon Deletion: Upon account deletion, User Content is removed from active databases within 30 days. Backups may retain encrypted fragments for up to 60 days for disaster recovery purposes. Billing records are retained as required by tax laws.
  • Legal & Financial Retention: Usage and transaction logs related to billing, refunds, or dispute resolution may be retained for a reasonable period as required for legal and accounting purposes.

8. International Data Transfers & Jurisdiction

  • Adequacy: Data is processed in Canada and the United States. Canada's privacy laws are recognized by the European Commission as providing an adequate level of data protection.
  • Compliance: Our practices align with the Personal Information Protection Act (Alberta) and PIPEDA (Canada).

9. Your Rights

Regardless of location, you have the right to access, correct, or delete your personal data. Users in the EEA and UK may lodge a complaint with their local data protection authority. SurtitleLive is not intended for individuals under 13.

10. GDPR Compliance - Data Export & Deletion

In compliance with the General Data Protection Regulation (GDPR), we provide the following rights to all users:

  • Right to Data Portability (Article 20): You can export all your personal data at any time from your account settings. The export includes your profile information, projects, scripts, billing history, and activity logs in JSON format.
  • Right to Erasure (Article 17 - Right to be Forgotten): You can request complete deletion of your account and all associated data. When you initiate deletion:
    • A 30-day grace period begins during which you can cancel the deletion
    • After the grace period, all your data is permanently deleted
    • Your user content (scripts, projects) is removed from active databases
    • Billing records are retained for 7 years as required by tax law, but anonymized
    • Audit logs are anonymized (PII replaced with irreversible hash)
  • How to Exercise These Rights: Log in to your account and navigate to Settings → Privacy to access data export and account deletion options.

11. Contact Us

For privacy inquiries or to exercise your data rights, please contact our Privacy Coordinator at:
Email: privacy@surtitlelive.com
Location: Calgary, Alberta, Canada