Privacy Policy

We collect information you provide directly to us when you create an account, purchase credits, use the Service, or contact us for support. The categories of personal data we collect include: • Account information: your name, email address, and hashed password. • Payment information: processed securely by our third-party payment service providers. We do not store full credit or debit card numbers, CVV codes, or other sensitive financial data on our servers. We may retain a truncated card identifier and transaction reference for record-keeping. • Usage data: information about how you interact with the Service, including videos processed, styles and effects selected, processing parameters, feature usage patterns, and session activity. • Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, referring URLs, pages visited, and timestamps of access. • Communications: records of correspondence when you contact us via email, support tickets, or other channels. • User Content: videos and other media files you upload for processing. See Section 5 for our data retention policy regarding User Content.

We use the information we collect for the following purposes: • To provide, operate, maintain, and improve the Service and its features. • To process your video content and deliver the requested effects, enhancements, and transformations. • To process credit purchases and send related transaction information, including purchase confirmations and receipts. • To send technical notices, security alerts, system updates, and administrative messages essential to the operation of the Service. • To respond to your comments, questions, requests, and customer support enquiries. • To monitor and analyse usage trends, performance metrics, and aggregate statistics to improve the Service. • To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal or unauthorised activities. • To enforce our Terms of Use and protect the rights, property, and safety of Synth Global Limited, our users, and the public. We do not use your uploaded videos or processed outputs to train machine learning models, generate datasets, or for any purpose other than delivering the service you explicitly requested.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information only in the following limited circumstances: • Service providers: with trusted third-party vendors who perform services on our behalf, including payment processing (e.g., Stripe), cloud infrastructure hosting, content delivery, analytics, and customer support tools. These providers are bound by contractual obligations to protect your data and may only use it for the specific services they provide to us. • Legal compliance: when required by applicable law, regulation, legal process, or enforceable governmental request, including court orders and subpoenas. • Protection of rights: when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a security incident. • Business transfers: in connection with a merger, acquisition, reorganisation, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information. • With your consent: when you have given us explicit, informed permission to share your information for a specified purpose.

We use cookies and similar tracking technologies to collect and track information about your use of the Service and to improve your experience. Cookies are small text files stored on your device by your web browser. Types of cookies we use: • Strictly necessary cookies: essential for the Service to function properly, including user authentication, session management, and security features. These cookies cannot be disabled without impairing the functionality of the Service. • Performance and analytics cookies: used to collect information about how visitors use the Service, including which pages are visited most frequently, time spent on pages, and error messages encountered. This data is aggregated and anonymised. We may use third-party analytics providers such as Google Analytics or similar services. • Functional cookies: used to remember your preferences and settings, such as language preferences, display options, and previously selected styles. • Marketing cookies: we do not currently use marketing or advertising cookies. Should this change in the future, we will update this policy and seek your consent where required. Managing cookies: You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for certain websites. Please note that disabling strictly necessary cookies may impair the functionality of the Service. For more information on managing cookies, visit your browser's help documentation.

We retain your personal data only for as long as is necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. • Account data: retained for the duration of your account's active status and for a reasonable period thereafter (up to 24 months) to comply with legal obligations, resolve disputes, and enforce agreements. • User Content: source video files and processed outputs are automatically and permanently deleted from our processing servers within 72 hours of processing completion. We do not maintain long-term archives of your video content. • Transaction records: payment records and credit purchase history are retained for a minimum of seven (7) years as required by applicable tax and financial regulations. • Usage and analytics data: aggregated, anonymised usage data may be retained indefinitely for analytical and product improvement purposes. Upon account deletion request, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for legitimate business purposes as described above.

We implement appropriate technical and organisational measures designed to protect your personal information against unauthorised access, alteration, disclosure, destruction, or loss. These measures include: • Encryption of data in transit using TLS 1.2 or higher. • Encryption of sensitive data at rest using industry-standard encryption algorithms. • Regular security assessments, vulnerability scanning, and penetration testing. • Role-based access controls limiting employee access to personal data on a need-to-know basis. • Secure software development practices and regular code review. • Incident response procedures for prompt detection and response to security events. Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and shall not be liable for any breach of security beyond our reasonable control. In the event of a data breach affecting your personal information, we will notify you and the relevant supervisory authority in accordance with applicable law.

Depending on your jurisdiction, and in particular under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), you may have the following rights regarding your personal data: • Right of access (Article 15): the right to obtain confirmation of whether we process your personal data and to request a copy of that data. • Right to rectification (Article 16): the right to request correction of inaccurate or incomplete personal data we hold about you. • Right to erasure / right to be forgotten (Article 17): the right to request deletion of your personal data where there is no compelling reason for its continued processing. • Right to restriction of processing (Article 18): the right to request that we restrict the processing of your personal data in certain circumstances. • Right to data portability (Article 20): the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. • Right to object (Article 21): the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. • Rights related to automated decision-making (Article 22): the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects. To exercise any of these rights, please contact us at team@synthstudio.net. We will verify your identity before processing your request and will respond within 30 days. If we are unable to comply with your request, we will provide a clear explanation of the reasons. You also have the right to lodge a complaint with your local data protection supervisory authority (in the UK, this is the Information Commissioner's Office at ico.org.uk).

Your information may be transferred to and processed in countries other than your country of residence, including countries within and outside the European Economic Area (EEA) and the United Kingdom, which may have different data protection standards. Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include: • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Secretary of State. • Transfers to countries that have received an adequacy decision from the relevant authority. • Other legally recognised transfer mechanisms as appropriate.

The Service may contain links to third-party websites, services, or resources that are not owned or controlled by Synth Global Limited. We are not responsible for the privacy practices, content, or data collection policies of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services you visit. This Privacy Policy applies solely to information collected through the Synth Studio Service and does not extend to any third-party websites, products, or services, even if they are linked to or accessible from our Service.

The Service is not intended for, directed at, or designed to attract children under the age of 16. We do not knowingly collect, solicit, or maintain personal information from children under 16. If we become aware that we have collected personal information from a child under the age of 16, we will take immediate steps to delete such information from our servers. If you are a parent or guardian and believe that your child under 16 has provided us with personal information without your consent, please contact us immediately at team@synthstudio.net so that we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational factors. When we make material changes to this policy, we will: • Post the updated policy on the Service with a revised "Last updated" date. • Notify registered users by email if the changes are significant. • Where required by applicable law, obtain your consent before implementing material changes. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy, our data practices, or your personal data, please contact us at: Synth Global Limited Email: team@synthstudio.net We aim to respond to all privacy-related enquiries within five (5) business days. For data subject access requests and rights exercised under GDPR, we will respond within 30 days as required by law.