Privacy Policy

Shuttergen, Inc. ("Shuttergen," "we," "us") provides an AI-powered creative platform for generating, analysing, and iterating on video ads, together with a companion Chrome extension for saving ad inspiration (collectively, the "Services"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to our website, dashboard, and Chrome extension.

Information We Collect

Account information. When you create an account we collect your email address and any profile details you provide. Authentication is handled by Supabase; if you sign in with a third-party provider, that provider supplies us with a verified email and a unique user identifier.

Content you submit. This includes prompts, scripts, brand briefs, voice settings, uploaded images and videos, ads you save through the Chrome extension, and the AI-generated images, videos, and audio produced from your inputs.

Billing information. Subscription and payment processing is handled by our payments provider, Dodo Payments. We receive plan, status, and limited transaction metadata; we do not store full card numbers on our servers.

Support correspondence. Messages you send via our Help form, including any screenshots you attach, are delivered to our support team by email through Resend.

Technical and usage data. Server logs record information such as IP address, browser type, request timestamps, and the pages or actions performed. We use this information to operate, secure, and debug the Services.

Chrome Extension Data

The Shuttergen Chrome extension is the companion tool for saving ad inspiration. We want to be specific about what it does and does not do:

• Where it runs. The extension's content scripts run on web pages you visit so the "Save" and "Download" buttons can be injected into ad-related surfaces (Meta Ads Library, Facebook, Instagram, TikTok, LinkedIn Ad Library, and ChatGPT). On those surfaces the extension reads the public ad markup required to identify and capture the ad you choose to save.
• What we collect. We collect ad data (creative URL, ad copy, brand/page name, public performance metadata) only when you explicitly save an ad via the extension UI. We do not capture page content, form input, keystrokes, or browsing history from pages where you have not chosen to save an ad.
• What we don't do. The extension does not build a profile of your general browsing, does not sell or share what you save outside of your own account, and does not use saved ads to train third-party AI models.
• Authentication. The extension signs in via Supabase Auth (with optional Google OAuth) and stores its session locally via the extension storage permission. The OAuthidentity permission is used solely to sign you into your Shuttergen account.
• Permissions and host permissions are documented in the extension's listing on the Chrome Web Store and match the scopes described here.

How We Use Information

• To provide, operate, and improve the Services, including running AI generations you request.
• To authenticate your account and keep it secure.
• To process payments, manage subscriptions, and enforce plan limits.
• To respond to support requests and communicate service updates.
• To detect, prevent, and address abuse, fraud, or technical issues.
• To comply with legal obligations.

Subprocessors

We rely on a small number of vetted third-party services to run Shuttergen. Each receives only the data required to perform its function:

• Supabase - authentication and primary database.
• Cloudflare R2 - storage of generated images, videos, and audio assets.
• Dodo Payments - subscription billing and payment processing.
• Resend - transactional and support email delivery.
• AI model providers (including Wavespeed and FAL.ai for video generation, ElevenLabs and Google Gemini for voice and language, OpenAI Whisper for transcription, and TwelveLabs for video indexing) - process your prompts, scripts, and uploaded media solely to return generated outputs.
• Sentry - error monitoring; receives application error context (which may include user identifiers and request metadata) to help us detect and fix bugs.
• Vercel - application hosting and edge runtime for the website and dashboard.

We do not sell your personal information, and we do not allow our subprocessors to use your content to train their models beyond what is necessary to fulfil your request.

Data Retention

We retain account information for as long as your account is active. Generated assets and inspiration you save remain available in your dashboard until you delete them or close your account. Server logs are retained for a limited period for security and debugging purposes. When you close your account, we delete or anonymise associated personal data within a reasonable period, except where retention is required by law (for example, financial records).

Security

We use HTTPS for all traffic, signed URLs for asset access, role-based database policies, and encryption-at-rest provided by our infrastructure partners. No system is perfectly secure, but we work to protect your data with industry-standard administrative, technical, and organisational measures.

Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. You can manage most of your data directly from your dashboard, or contact us using the address below to make a request. We will respond within the timeframes required by applicable law.

EU/EEA, UK, and Swiss Users (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent legislation:

• Access a copy of the personal data we hold about you;
• Rectification of inaccurate or incomplete personal data;
• Erasure ("right to be forgotten") of your personal data, subject to legal retention obligations;
• Restriction or objection to certain processing;
• Portability of personal data you provided to us, in a structured, machine-readable format;
• Withdraw consent at any time where processing is based on your consent;
• Lodge a complaint with your local supervisory authority.

Legal bases. We process personal data on the basis of (a) contract, where processing is necessary to provide the Services you have signed up for; (b) legitimate interests, such as securing the Services and preventing abuse; (c) consent, where required by law (for example, for any non-essential cookies, should we add them in the future); and (d) legal obligation, where we must retain records for tax or compliance reasons.

International transfers. Our infrastructure providers operate from the United States and other regions. Where personal data is transferred out of the EEA, the UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK addendum where applicable) or other lawful transfer mechanisms.

Data Processing Agreement (DPA). Business customers (including agencies and performance marketers in the DACH region) may request a Data Processing Agreement covering Shuttergen's role as a processor of personal data you submit on behalf of your own customers or end users. Our DPA is built on GDPR Article 28 and incorporates the European Commission's Standard Contractual Clauses (Module Two) for international transfers. Email support@shuttergen.com with the subject "DPA request" and we will send our current standard DPA for execution.

Deleting Your Account and Data

You can delete your account at any time from Dashboard → Settings → Delete account, or by emailing support@shuttergen.com. When you request deletion we soft-delete your account immediately (you lose access and your data is no longer used to provide the Services), and then we permanently delete it from our active systems within 30 days. Residual copies in encrypted backups are overwritten on our backup rotation schedule. Records we are legally required to retain (for example, tax records) are kept for the minimum period required and then deleted.

Children

Shuttergen is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

International Users

Shuttergen is operated from the jurisdictions where our infrastructure providers are based. By using the Services you understand that your information may be processed in countries other than your own, including jurisdictions whose data protection laws may differ from yours.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be communicated through the Services or by email. Continued use of the Services after a change indicates acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or how we handle your information, contact us at support@shuttergen.com.