Caldwell AICaldwell AI
VideoImageMusicLibraryMusic VideoSuper CreationStudioPricingHelp
Sign inGet started
VideoImageMusicLibraryMusic VideoSuper CreationStudioPricingHelp
Sign inGet started

Caldwell AI · Official Documentation

Privacy Policy

This Privacy Policy explains how Caldwell AI (“Caldwell AI,” “we,” “us,” or “our”) collects, uses, discloses, stores, and otherwise processes personal information in connection with our websites, applications, generative creation tools, Super Creation, Studio non-linear editing environment, accounts, credits systems, and related services (collectively, the “Services”). This Policy is written for users in the United States.

Effective date: July 12, 2026Last updated: July 12, 2026
Terms of ServiceHelp Center

Contents

  1. 01Introduction & scope
  2. 02Who we are
  3. 03Key definitions
  4. 04Categories of data we process
  5. 05Sources of data
  6. 06How we use information
  7. 07Generative AI processing
  8. 08Studio, Media Pool & exports
  9. 09Cookies & similar tech
  10. 10Sharing & service providers
  11. 11Where we store data
  12. 12Retention
  13. 13Security measures
  14. 14Your U.S. privacy rights
  15. 15Children’s privacy (COPPA)
  16. 16Automated decision-making
  17. 17Marketing communications
  18. 18Third-party links
  19. 19U.S. state disclosures
  20. 20Changes to this policy

This document is provided for informational and contractual purposes. Scroll or use the links above to navigate long sections.

1. Introduction, scope, and relationship to other documents

Protecting personal information is integral to operating a multi-user creative platform in the United States. This Privacy Policy describes our privacy practices under U.S. federal and state law so that you can make informed decisions about creating an Account, submitting prompts and media, storing projects, and exporting deliverables.

This Policy applies to personal information we process when you visit our marketing pages, register or authenticate, use generative workflows (video, image, music, music video), use Super Creation, use Studio, or otherwise interact with the Services from the United States. It does not apply to third-party websites or services that we do not control, even if linked from the Services.

Our Terms of Service govern contractual use of the platform. In the event of a conflict between the Terms and this Policy regarding privacy-specific statutory rights under U.S. law, this Policy and applicable U.S. privacy statutes control for those rights.

Plain-language summary

We process account data to run your login and credits, process prompts/media to generate and store creative Outputs you request, process technical logs to keep the service secure and reliable, and use limited cookies/session tokens to keep you signed in. We do not sell your personal information for money. U.S. state privacy rights (where available) are described below.

2. Who we are

Unless a signed enterprise agreement names a different responsible entity for a private deployment, personal information collected through the public Caldwell AI Services is processed by the operator of the Caldwell AI platform in the United States.

This Policy is intended for a U.S. audience. References to “applicable law” mean United States federal law and the laws of the U.S. states in which we operate or in which you reside (including, where relevant, comprehensive state privacy laws such as those in California and similar statutes).

3. Key definitions

“Personal Information”
Information that identifies, relates to, describes, or could reasonably be linked with an identified or identifiable individual, as defined under applicable U.S. state privacy laws (for example, the California Consumer Privacy Act as amended by the CPRA, and similar state statutes) and, where applicable, under the Federal Trade Commission’s unfair or deceptive acts or practices framework.
“Process” / “Processing”
Any operation performed on personal information, including collection, storage, use, disclosure, transmission, combination, restriction, erasure, or destruction.
“Inputs” and “Outputs”
As in the Terms: materials you submit (prompts, uploads, references) and media or data the Services generate or assemble in response.
“Subprocessor”
A vendor that processes personal information on our behalf to help deliver the Services (for example hosting, inference compute, email delivery, or error monitoring).

4. Categories of personal information we process

Depending on how you interact with the Services, we may process the following categories. Not all categories apply to every user.

4.1 Identity and account data

  • Display name
  • Email address
  • Password (stored only as a secure one-way hash; we do not store plaintext passwords)
  • Plan tier, credit balance, and account status flags
  • Authentication session identifiers / tokens

4.2 Billing and commercial data

  • Plan selection, invoice metadata, transaction timestamps, and credit allotment history
  • Payment card data is typically processed by a PCI-compliant payment processor; we receive limited payment tokens/status rather than full card numbers where possible
  • Tax-related fields where required for invoicing

4.3 Generative and creative content data

  • Prompt text, parameters, style settings, and negative constraints
  • Reference images, audio, video, and other uploads
  • Super Creation plans, scripts, asset boards, and project control state
  • Generated Outputs (images, video, audio, music videos) and associated metadata
  • Library catalog entries, filenames, durations, and technical media attributes

4.4 Studio and editorial data

  • Timeline structures, track layouts, clip placement, fader levels, mute states, FX rack configurations, and finishing look parameters when persisted server-side
  • Locally stored Media Pool snapshots and session export object URLs that remain on your device until cleared
  • Export event logs (format requested, success/failure, approximate size)

4.5 Technical and usage data

  • IP address, approximate geolocation derived from IP, and security signals
  • Browser type/version, device type, operating system, language
  • Referring URLs, pages viewed, feature usage events, and timestamps
  • Diagnostic logs, error stacks, performance metrics, and rate-limit counters
  • Cookie and local storage identifiers as described in Section 10

4.6 Support and communications data

  • Messages you send to support or legal/privacy inboxes
  • Attachments you provide for troubleshooting (please redact secrets)
  • Our responses and internal ticket metadata

4.7 Sensitive personal information

We do not require sensitive personal information (as defined under various U.S. state laws) to use core features. Please do not submit government ID numbers, precise health data, financial account passwords, or similar sensitive data in prompts. If you voluntarily submit sensitive information, we will process it only as needed to provide the Services you requested or as required by law, and you do so at your own risk.

5. Sources of personal information

  • Directly from you — registration forms, prompts, uploads, project settings, support emails, and preference controls.
  • Automatically from your device — cookies, logs, telemetry, and security signals when you use the Services.
  • From service providers — payment status, fraud signals, email delivery receipts, and infrastructure logs.
  • From you on behalf of others — if you upload media depicting third parties, you must have a lawful basis to do so; we receive that media as part of your Inputs.

6. How we use personal information (United States)

We use personal information to operate Caldwell AI as a U.S.-based service. The table below describes primary purposes. We process information as needed to perform our contract with you (providing the Services you request), to protect security and prevent fraud, to comply with U.S. legal obligations (including tax and law-enforcement process), and—where required by U.S. law—with your consent (for example certain marketing or non-essential cookies).

PurposeExamples of dataWhy we do it (U.S. context)
Create and secure Accounts; authenticate sessionsName, email, password hash, session tokenProvide the Services; account security
Provide generative features and return OutputsPrompts, references, Outputs, job metadataFulfill your requested generations
Operate Super Creation projects and LibraryProject state, assets, generation historyDeliver multi-stage creative workflows
Enable Studio editing and export toolsEditorial parameters, export logs, media refsProvide NLE, mixer, and deliverables
Meter Credits and administer PlansBalances, plan tier, billing metadataCommercial terms; U.S. tax/accounting records
Prevent fraud, abuse, and security incidentsIP, logs, rate limits, abuse signalsProtect users and the platform; legal compliance
Debug, monitor reliability, improve UXTelemetry, error logs, feature usageOperate and improve a reliable U.S. service
Customer supportTicket content, Account identifiersRespond to product and account issues
Optional product updates / marketingEmail, preference flagsCAN-SPAM compliant messaging; opt-out available
Comply with law and enforce TermsRecords relevant to requests or claimsU.S. legal process, enforce Terms, safety
Model/product improvement (if enabled)De-identified or permissioned samplesOnly if disclosed; opt-out where required by state law

We do not use your personal information for purposes that are incompatible with those described in this Policy without providing notice and, where required by U.S. state law, obtaining consent or offering an opt-out.

7. How generative AI features process your data

7.1 End-to-end flow (typical)

  1. You submit Inputs via a creation surface or Super Creation control.
  2. We authenticate your session, validate parameters, and check Credit capacity for metered jobs.
  3. Inputs are transmitted over TLS to application servers and then to inference compute (operated by us and/or subprocessors) as needed to generate Outputs.
  4. Outputs and metadata are stored so you can retrieve them from Library, download them, add them to Media Pool, or place them in Studio.
  5. Safety and abuse systems may scan Inputs/Outputs for policy violations using automated classifiers and rules.

7.2 Human review

In limited cases (abuse investigation, safety appeals, debugging a failing job you reported, or legal compliance), authorized personnel may access relevant Inputs, Outputs, or logs. Access is permissioned and logged according to internal policy.

7.3 Training and improvement

Unless we clearly offer an opt-in or opt-out program and you make a choice, you should assume that enterprise-grade deployments prioritize operating the service you requested rather than unrestricted secondary training. If we introduce a program that uses your content to improve models, we will disclose material details and, where required, obtain consent or provide an opt-out. Aggregated metrics that do not identify you may be used freely for capacity planning and product analytics.

7.4 Special caution for confidential Inputs

Do not paste secrets (passwords, non-public personal data of others, regulated health records, or attorney-client privileged materials) into prompts unless you have evaluated residual risk and have a lawful basis. Generative pipelines are optimized for creative production, not for high-assurance confidential processing environments, unless you have a separate written agreement specifying enhanced controls.

8. Studio, Media Pool, local storage, and exports

8.1 Browser-local data

Certain Studio-related features may store data in your browser’s localStorage, sessionStorage, IndexedDB, or as temporary blob/object URLs. Examples include Media Pool snapshots and in-progress export artifacts. This data may never leave your device until you upload, export, or otherwise transmit it. Clearing site data, using private browsing, or switching devices can remove local data permanently.

8.2 Server-persisted editorial state

If a deployment persists project timelines or mix parameters server-side, that state is associated with your Account and processed under this Policy. If editorial state is session-only on the client, our servers may only receive export events or media fetch requests.

8.3 Exports you download

When you download .mov, WAV, MP3, or other deliverables, copies on your device are under your control. We may retain server-side copies of source media according to Library retention rules. You are responsible for securing downloaded files and for any further sharing.

8.4 Client-side encoding tools

Some export paths load encoder code (including WebAssembly modules) into your browser. Those modules process media locally to produce files. Network requests to fetch encoder assets are technical transfers of software, not transfers of your finished timeline to a public website, but standard CDN logs may record that your client downloaded the asset.

9. Cookies, local storage, and similar technologies

9.1 Categories

CategoryPurposeExamples
Strictly necessaryAuthentication, security, load balancing, fraud preventionSession cookie / HTTP-only auth token
FunctionalRemember preferences and workspace conveniencesUI preferences, Media Pool local cache keys
Analytics (if enabled)Understand aggregate traffic and feature adoptionPrivacy-preserving analytics IDs
Marketing (if enabled)Measure campaigns; only with required consent where applicablePixel/tags on marketing pages

9.2 Your controls

You can control cookies through browser settings. Blocking strictly necessary cookies may prevent login or secure operation. Where required by law, we will present a consent mechanism for non-essential cookies. Browser “Do Not Track” signals are not uniformly standardized; we treat global privacy controls as required under applicable U.S. state laws when legally mandated.

10. How we share personal information

We do not sell personal information for monetary consideration. We may share data as follows:

10.1 Service providers / subprocessors

Hosting providers, object storage, content delivery networks, inference compute providers, email delivery, error monitoring, payment processors, and similar vendors process data under contractual obligations to use it only per our instructions and to implement appropriate security.

10.2 Enterprise administrators

If your Account is managed by an organization, administrators may access account status, usage, and content consistent with your organization’s policies.

10.3 Legal and safety disclosures

We may disclose information if we reasonably believe it is necessary to comply with law, regulation, legal process, or governmental request; to enforce our Terms; to detect or prevent fraud, security, or technical issues; or to protect the rights, property, or safety of users, the public, or Caldwell AI.

10.4 Business transfers

In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of the transaction, subject to standard confidentiality and continued protection commitments.

10.5 With your direction

We share information when you use features that intentionally send media or links to third parties, or when you authorize an integration.

“Share” / “Sell” under U.S. state laws

Some U.S. state laws define “sale” or “share” broadly to include certain cross-context behavioral advertising. If we engage in activities that meet those definitions, we will provide required opt-out mechanisms (including honor of recognized opt-out preference signals where mandated). Core generative processing for your own jobs is a service delivery function, not a sale of your content to data brokers.

11. Where we store and process data

We primarily process and store personal information in the United States. Our service providers (hosting, storage, content delivery, inference compute, payments, and similar) may also process data in U.S. data centers or, in limited cases, in other locations as needed to deliver the Services. By using the Services, you understand that your information is handled in connection with a U.S.-based business subject to U.S. law, including lawful requests from U.S. courts and government authorities.

If a service provider processes data outside the United States, we select vendors that maintain contractual and security commitments appropriate for a U.S. commercial service. This Policy does not create rights under non-U.S. privacy regimes.

12. Data retention

We retain personal information only as long as necessary for the purposes described in this Policy, including:

  • Account data — for the life of the Account and a reasonable wind-down period after deletion request or closure, unless longer retention is required by law.
  • Library media and project data — until you delete them, until Account deletion, or until applicable retention schedules expire; backups may lag for a limited period.
  • Security and server logs — typically for a shorter operational window (for example weeks to months) unless needed for investigations or legal holds.
  • Billing records — for the duration required by tax, accounting, and anti-fraud obligations (often multiple years).
  • Support tickets — for as long as needed to resolve issues and maintain service quality records.
  • Browser-local Media Pool / session exports — until cleared by you or your browser; we may not control these stores directly.

When retention ends, we delete or irreversibly de-identify data, except where retention is required for legal claims, disputes, or compliance.

13. Security measures

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Measures may include, as appropriate to risk:

  • TLS encryption in transit for Service endpoints;
  • encryption at rest for certain storage systems;
  • password hashing with modern one-way algorithms;
  • access controls and least-privilege internal permissions;
  • monitoring, logging, and anomaly detection for abuse and intrusion signals;
  • vendor security review for material subprocessors;
  • secure software development practices and dependency hygiene.

No method of transmission or storage is 100% secure. You are responsible for protecting Account credentials and for securing devices used to access Studio exports and local Media Pool data. Promptly notify us of suspected unauthorized access.

14. Your U.S. privacy rights and choices

Depending on your U.S. state of residence and applicable state privacy statutes, you may have some or all of the following rights regarding personal information we hold about you:

  • Know / access — request the categories and specific pieces of personal information we have collected about you (as defined by your state law).
  • Correction — request correction of inaccurate personal information.
  • Deletion — request deletion, subject to U.S. legal exceptions (for example completing a transaction, security, free speech, legal claims, and tax or accounting records).
  • Portability — receive a copy of certain information in a portable format where required by state law.
  • Opt-out of sale / share / targeted advertising — where those concepts apply under your state’s law.
  • Limit use of sensitive personal information — where applicable (for example under California’s CPRA and similar statutes).
  • Appeal — appeal a denied consumer request where your state law provides an appeal path.
  • Non-discrimination — we will not deny goods or services, charge different prices, or provide a different level of quality solely because you exercised a privacy right, except as permitted by law.

14.1 How to exercise rights

Submit privacy requests through the request channels we publish on the Services (for example an in-product settings control or a designated privacy request form, when available). We will verify your identity before fulfilling requests that reveal personal information, as required to prevent fraud. Authorized agents may submit requests where permitted by your state law, with proof of authorization.

14.2 Response timing

We will respond within the timeframe required by applicable U.S. state law (commonly within forty-five (45) days, with a permitted extension in many states when reasonably necessary). If we deny a request in whole or in part, we will explain the reasons and any appeal rights under your state law.

14.3 Account tools

You may also update certain Account profile information by signing in and editing your profile (where available), and you may download or delete media from Library features when those controls are offered.

15. Children’s privacy (COPPA)

The Services are not directed to children under thirteen (13) years of age. Consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, notify us through the channels published on the Services and we will take appropriate steps to delete it. Zero-tolerance rules regarding sexual content involving minors are described in the Terms of Service and apply regardless of privacy requests that would impede safety investigations required by U.S. law.

16. Automated decision-making

We use automated systems for spam/abuse detection, rate limiting, credit fraud prevention, and content-policy filtering of Inputs/Outputs. These systems may automatically refuse a generation job or temporarily throttle an Account. They are operational security and safety tools for a U.S. online service, not credit, employment, housing, or insurance eligibility decisions. If you believe you were incorrectly blocked, use the support pathways published on the Services for human review where available.

17. Marketing communications (CAN-SPAM)

If we send product newsletters or promotional emails, we will do so in accordance with the U.S. CAN-SPAM Act and applicable state laws, including providing a clear way to opt out of commercial email. Transactional or relationship messages (security alerts, receipts, critical service notices about your Account) are not marketing and may continue as needed to operate your Account.

18. Third-party websites and SDKs

The Services may link to third-party sites or load third-party code (for example fonts CDNs or payment widgets). Their privacy practices are governed by their own policies. We encourage you to review them. We are not responsible for third-party privacy practices.

19. Additional U.S. state disclosures (including California)

19.1 Categories under CPRA-style lists

In the preceding 12 months, we may have collected the categories described in Section 4, including identifiers (email, account ID, IP), commercial information (plan/credits), internet activity (usage logs), audio/visual information (your media Inputs/Outputs), and inferences limited to product analytics. We collect these categories from the sources and for the purposes described above.

19.2 Disclosure for business purposes

We may disclose each category to service providers and as otherwise described in Section 10 for business purposes such as security, hosting, inference fulfillment, analytics, and compliance.

19.3 Sale / share

We do not sell personal information for money. If we engage in “sharing” for cross-context behavioral advertising as defined by law, we will provide a “Do Not Sell or Share My Personal Information” mechanism and honor opt-out preference signals where required.

19.4 Sensitive personal information

We do not use or disclose sensitive personal information for purposes that require a right-to-limit notice beyond providing the Services, security, and legal compliance, except as otherwise disclosed at collection.

19.5 Metrics

If required to publish request metrics, we will make them available upon request or in an annual disclosure.

20. Changes to this Privacy Policy

We may update this Policy periodically to reflect changes in the Services, U.S. federal or state laws, or our processing practices. We will post the updated Policy with a revised “Last updated” date and, when changes are material, provide additional notice as appropriate (for example, email to your Account address or an in-product notice). Your continued use of the Services after the effective date constitutes acknowledgment of the updated Policy, except where consent is required by U.S. law for a specific change.

Related: Terms of Service · Help Center

Back to home
Caldwell AI

Professional AI creation, Super Creation, and Studio finishing — video, image, music, and multi-track delivery.

© 2026 Caldwell AI. All rights reserved.

Product

VideoImageMusicMusic VideoSuper CreationStudioLibraryPricing

Support & legal

Help CenterTerms of ServicePrivacy PolicySign inGet started