Privacy Policy

Last updated: January 18, 2025

1. Introduction

PrePublish ("we," "us," or "our") operates the PrePublish service at prepublish.ai. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our service.

We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using PrePublish, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our service.

2. Data Controller

For the purposes of GDPR, PrePublish acts as the data controller for the personal data we collect. You can contact us regarding any privacy matters at:

Email: [email protected]

3. Data We Collect

3.1 Information You Provide

  • Account Information: Email address when you create an account or subscribe
  • Content: Scripts, video files, and audio files you upload for analysis
  • Payment Information: Processed by our payment provider Polar.sh; we do not store credit card numbers
  • Communications: Information you provide when contacting support

3.2 Information Collected Automatically

  • IP Address: Used for rate limiting, fraud prevention, and to track daily analysis usage
  • Device Information: Browser type, operating system, and device type
  • Usage Data: Pages visited, features used, and interaction timestamps
  • Cookies: Session cookies for authentication (see Section 8)

3.3 Content Analysis Data

When you submit content for analysis, we process your scripts and media files to provide our service. This content is:

  • Sent to third-party AI providers for analysis (see Section 6)
  • Stored temporarily to deliver analysis results
  • Not used to train AI models without your explicit consent
  • Deleted according to our retention policy (see Section 7)

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our service to you (Article 6(1)(b))
  • Legitimate Interests: For fraud prevention, security, and service improvement (Article 6(1)(f))
  • Consent: For optional features like marketing communications (Article 6(1)(a))
  • Legal Obligation: To comply with applicable laws (Article 6(1)(c))

5. How We Use Your Data

  • Service Delivery: To analyze your content and provide retention predictions and improvement suggestions
  • Account Management: To create and manage your account, process subscriptions, and authenticate access
  • Communication: To send transactional emails (login links, receipts) and respond to support requests
  • Security: To prevent fraud, abuse, and unauthorized access through rate limiting and monitoring
  • Improvement: To analyze aggregate usage patterns and improve our service (using anonymized data)

We do not sell your personal data. We do not use your content to train AI models. We do not share your data with third parties for their marketing purposes.

6. Third-Party Service Providers

We use the following third-party services to operate PrePublish. Each provider processes data as described below:

AI Analysis Providers

Purpose: To analyze your scripts and provide retention predictions

Data Shared: Script content, video/audio transcripts

Location: Servers may be located outside the EEA, including the United States and other regions

Safeguards: We ensure appropriate data processing agreements are in place

AssemblyAI (Transcription)

Purpose: To transcribe audio and video files you upload

Data Shared: Audio/video files for transcription

Location: United States

Privacy Policy: assemblyai.com/privacy-policy

Polar.sh (Payments)

Purpose: To process subscription payments

Data Shared: Email address, payment information (handled directly by Polar)

Location: European Union (Sweden)

Privacy Policy: polar.sh/legal/privacy

Resend (Email)

Purpose: To send transactional emails (login links, receipts)

Data Shared: Email address

Location: United States

Privacy Policy: resend.com/legal/privacy-policy

Hetzner (Hosting)

Purpose: To host our application and database

Data Shared: All data is stored on Hetzner infrastructure

Location: European Union (Germany)

Privacy Policy: hetzner.com/legal/privacy-policy

Cloudflare (CDN & Security)

Purpose: DNS, CDN, and DDoS protection

Data Shared: IP addresses, request metadata

Location: Global network

Privacy Policy: cloudflare.com/privacypolicy

7. Data Retention

We retain your data for the following periods:

  • Account Data: Until you delete your account or request deletion
  • Analysis Results: Retained while your account is active; deleted within 30 days of account deletion
  • Uploaded Content: Processed temporarily and deleted within 24 hours after analysis completion
  • Server Logs: Retained for 90 days for security and debugging purposes
  • Payment Records: Retained as required by tax and accounting laws (typically 7 years)

Users without an account: Analysis data associated with your IP address is retained for 30 days, then automatically deleted.

8. Cookies

We use the following cookies:

CookiePurposeDurationType
session_tokenAuthentication30 daysEssential
cf_clearanceCloudflare securitySessionEssential

We only use essential cookies required for the service to function. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may prevent you from using certain features.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including:

  • European Union: Primary data storage (Hetzner, Germany) and payment processing (Polar.sh, Sweden)
  • United States: Email delivery (Resend) and transcription (AssemblyAI)
  • Other Regions: AI analysis providers may process data in various locations

For transfers outside the EEA, we rely on:

  • EU-US Data Privacy Framework (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all sub-processors

10. Your Rights

Depending on your location, you may have the following rights:

GDPR Rights (EEA Residents)

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

CCPA Rights (California Residents)

  • Know: Right to know what personal information we collect
  • Delete: Right to request deletion of your information
  • Opt-Out: Right to opt out of sale (we do not sell personal data)
  • Non-Discrimination: Right not to be discriminated against for exercising your rights

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or sooner as required by law).

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure authentication using cryptographic tokens
  • Access controls and least-privilege principles
  • Regular security monitoring and logging
  • Secure hosting in EU data centers (Hetzner, Germany)

While we strive to protect your data, no system is completely secure. In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.

12. Children's Privacy

PrePublish is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at [email protected], and we will delete such data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email. The "Last updated" date at the top of this page indicates when this policy was last revised.

Your continued use of PrePublish after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Email: [email protected]

We aim to respond to all inquiries within 30 days.