Privacy Policy

Last updated: April 11, 2026

1. Introduction

ScriptGraph ("we", "us", or "our") operates https://www.scriptgraph.io and https://app.scriptgraph.io(collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

2. Information We Collect

We may collect the following types of information:

  • Personal Information: Name, email address, username, and similar identifiers. When you sign in using a third-party authentication provider (such as Google), we receive basic profile information including your name and email address as permitted by your OAuth permissions.
  • Location Data: Geographic location derived from IP address or device settings
  • Device Information: Browser type, operating system, device type, and unique device identifiers
  • Usage Data: Pages visited, time spent on pages, links clicked, and browsing patterns
  • User-Generated Content: Scripts, video outlines, and other content you create within the Service
  • Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our services
  • To respond to your inquiries and provide customer support
  • To send you marketing communications and promotional materials (with your consent)
  • To analyze usage patterns and improve user experience
  • To personalize your experience and deliver relevant content
  • To comply with legal obligations and enforce our terms
  • To detect, prevent, and address security issues and fraud

We do not sell your personal information to third parties.

4. Third-Party Services

We share your information with the following third-party service providers as necessary to operate the Service:

  • Stripe — Secure payment processing. Your payment details are handled directly by Stripe and are never stored on our servers. Stripe Privacy Policy
  • Supabase — Database storage and user authentication. Your account data and content are stored on Supabase infrastructure. Supabase Privacy Policy
  • Vercel — Website hosting and deployment infrastructure. Vercel Privacy Policy
  • PostHog — Product analytics to help us understand how users interact with the Service. PostHog Privacy Policy
  • Resend — Transactional email delivery (e.g. account confirmation, notifications). Resend Privacy Policy
  • Anthropic — AI language model provider. When you use AI-assisted features within the Service, the content you provide (such as script outlines, talking points, and any context you attach including uploaded files or URLs) is processed by Anthropic's API to generate responses. This content is processed transiently and is not stored by ScriptGraph. Anthropic Privacy Policy
  • OpenAI — AI language model provider. Depending on the configuration of the Service, your content (including any context you attach such as uploaded files or URLs) may be processed by OpenAI's API to generate AI-assisted responses. This content is processed transiently and is not stored by ScriptGraph. OpenAI Privacy Policy

Each of these providers has their own privacy policy governing how they handle your information.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information.

Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly (e.g. authentication sessions)
  • Analytics Cookies: Help us understand how visitors interact with our website (via PostHog)
  • Preference Cookies: Remember your settings and preferences

You can manage your cookie preferences through your browser settings.

6. Data Retention

We will retain your personal information for as long as your account is active or as necessary to provide you with our services. Upon account deletion, we will delete or anonymise your personal data within 30 days, unless a longer retention period is required or permitted by law.

7. Your Rights

Rights Under GDPR (EU/EEA Residents)

If you are a resident of the European Union or European Economic Area, you have the following rights:

  • Right to Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your data
  • Right to Restrict Processing: Request restriction of processing
  • Right to Withdraw Consent: Withdraw consent at any time

Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights:

  • Right to Know: Know what personal information is collected, used, shared or sold
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of your personal information. We do not sell your personal information.
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
  • Right to Data Portability: Obtain a copy of your personal information in a portable format

Rights Under LGPD (Brazil Residents)

If you are a resident of Brazil, you have the following rights under LGPD:

  • Right to Confirmation and Access: Confirm and access your personal data
  • Right to Correction: Request correction of incomplete or inaccurate data
  • Right to Anonymization/Deletion: Request anonymization or deletion of unnecessary data
  • Right to Data Portability: Transfer your data to another service provider
  • Right to Information: Be informed about data sharing with third parties

To exercise any of these rights, please contact us at support@scriptgraph.io.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (including Supabase and Vercel) operate. These countries may have different data protection laws than your country.

When we transfer your data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or other legally recognised mechanisms for international data transfers.

9. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete it.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us: