1. Introduction, scope, and relationship to other documents
Protecting personal information is integral to operating a multi-user creative platform in the United States. This Privacy Policy describes our privacy practices under U.S. federal and state law so that you can make informed decisions about creating an Account, submitting prompts and media, storing projects, and exporting deliverables.
This Policy applies to personal information we process when you visit our marketing pages, register or authenticate, use generative workflows (video, image, music, music video), use Super Creation, use Studio, or otherwise interact with the Services from the United States. It does not apply to third-party websites or services that we do not control, even if linked from the Services.
Our Terms of Service govern contractual use of the platform. In the event of a conflict between the Terms and this Policy regarding privacy-specific statutory rights under U.S. law, this Policy and applicable U.S. privacy statutes control for those rights.
We process account data to run your login and credits, process prompts/media to generate and store creative Outputs you request, process technical logs to keep the service secure and reliable, and use limited cookies/session tokens to keep you signed in. We do not sell your personal information for money. U.S. state privacy rights (where available) are described below.
2. Who we are
Unless a signed enterprise agreement names a different responsible entity for a private deployment, personal information collected through the public Caldwell AI Services is processed by the operator of the Caldwell AI platform in the United States.
This Policy is intended for a U.S. audience. References to “applicable law” mean United States federal law and the laws of the U.S. states in which we operate or in which you reside (including, where relevant, comprehensive state privacy laws such as those in California and similar statutes).
3. Key definitions
- “Personal Information”
- Information that identifies, relates to, describes, or could reasonably be linked with an identified or identifiable individual, as defined under applicable U.S. state privacy laws (for example, the California Consumer Privacy Act as amended by the CPRA, and similar state statutes) and, where applicable, under the Federal Trade Commission’s unfair or deceptive acts or practices framework.
- “Process” / “Processing”
- Any operation performed on personal information, including collection, storage, use, disclosure, transmission, combination, restriction, erasure, or destruction.
- “Inputs” and “Outputs”
- As in the Terms: materials you submit (prompts, uploads, references) and media or data the Services generate or assemble in response.
- “Subprocessor”
- A vendor that processes personal information on our behalf to help deliver the Services (for example hosting, inference compute, email delivery, or error monitoring).
4. Categories of personal information we process
Depending on how you interact with the Services, we may process the following categories. Not all categories apply to every user.
4.1 Identity and account data
- Display name
- Email address
- Password (stored only as a secure one-way hash; we do not store plaintext passwords)
- Plan tier, credit balance, and account status flags
- Authentication session identifiers / tokens
4.2 Billing and commercial data
- Plan selection, invoice metadata, transaction timestamps, and credit allotment history
- Payment card data is typically processed by a PCI-compliant payment processor; we receive limited payment tokens/status rather than full card numbers where possible
- Tax-related fields where required for invoicing
4.3 Generative and creative content data
- Prompt text, parameters, style settings, and negative constraints
- Reference images, audio, video, and other uploads
- Super Creation plans, scripts, asset boards, and project control state
- Generated Outputs (images, video, audio, music videos) and associated metadata
- Library catalog entries, filenames, durations, and technical media attributes
4.4 Studio and editorial data
- Timeline structures, track layouts, clip placement, fader levels, mute states, FX rack configurations, and finishing look parameters when persisted server-side
- Locally stored Media Pool snapshots and session export object URLs that remain on your device until cleared
- Export event logs (format requested, success/failure, approximate size)
4.5 Technical and usage data
- IP address, approximate geolocation derived from IP, and security signals
- Browser type/version, device type, operating system, language
- Referring URLs, pages viewed, feature usage events, and timestamps
- Diagnostic logs, error stacks, performance metrics, and rate-limit counters
- Cookie and local storage identifiers as described in Section 10
4.6 Support and communications data
- Messages you send to support or legal/privacy inboxes
- Attachments you provide for troubleshooting (please redact secrets)
- Our responses and internal ticket metadata
4.7 Sensitive personal information
We do not require sensitive personal information (as defined under various U.S. state laws) to use core features. Please do not submit government ID numbers, precise health data, financial account passwords, or similar sensitive data in prompts. If you voluntarily submit sensitive information, we will process it only as needed to provide the Services you requested or as required by law, and you do so at your own risk.
5. Sources of personal information
- Directly from you — registration forms, prompts, uploads, project settings, support emails, and preference controls.
- Automatically from your device — cookies, logs, telemetry, and security signals when you use the Services.
- From service providers — payment status, fraud signals, email delivery receipts, and infrastructure logs.
- From you on behalf of others — if you upload media depicting third parties, you must have a lawful basis to do so; we receive that media as part of your Inputs.
6. How we use personal information (United States)
We use personal information to operate Caldwell AI as a U.S.-based service. The table below describes primary purposes. We process information as needed to perform our contract with you (providing the Services you request), to protect security and prevent fraud, to comply with U.S. legal obligations (including tax and law-enforcement process), and—where required by U.S. law—with your consent (for example certain marketing or non-essential cookies).
| Purpose | Examples of data | Why we do it (U.S. context) |
|---|---|---|
| Create and secure Accounts; authenticate sessions | Name, email, password hash, session token | Provide the Services; account security |
| Provide generative features and return Outputs | Prompts, references, Outputs, job metadata | Fulfill your requested generations |
| Operate Super Creation projects and Library | Project state, assets, generation history | Deliver multi-stage creative workflows |
| Enable Studio editing and export tools | Editorial parameters, export logs, media refs | Provide NLE, mixer, and deliverables |
| Meter Credits and administer Plans | Balances, plan tier, billing metadata | Commercial terms; U.S. tax/accounting records |
| Prevent fraud, abuse, and security incidents | IP, logs, rate limits, abuse signals | Protect users and the platform; legal compliance |
| Debug, monitor reliability, improve UX | Telemetry, error logs, feature usage | Operate and improve a reliable U.S. service |
| Customer support | Ticket content, Account identifiers | Respond to product and account issues |
| Optional product updates / marketing | Email, preference flags | CAN-SPAM compliant messaging; opt-out available |
| Comply with law and enforce Terms | Records relevant to requests or claims | U.S. legal process, enforce Terms, safety |
| Model/product improvement (if enabled) | De-identified or permissioned samples | Only if disclosed; opt-out where required by state law |
We do not use your personal information for purposes that are incompatible with those described in this Policy without providing notice and, where required by U.S. state law, obtaining consent or offering an opt-out.
7. How generative AI features process your data
7.1 End-to-end flow (typical)
- You submit Inputs via a creation surface or Super Creation control.
- We authenticate your session, validate parameters, and check Credit capacity for metered jobs.
- Inputs are transmitted over TLS to application servers and then to inference compute (operated by us and/or subprocessors) as needed to generate Outputs.
- Outputs and metadata are stored so you can retrieve them from Library, download them, add them to Media Pool, or place them in Studio.
- Safety and abuse systems may scan Inputs/Outputs for policy violations using automated classifiers and rules.
7.2 Human review
In limited cases (abuse investigation, safety appeals, debugging a failing job you reported, or legal compliance), authorized personnel may access relevant Inputs, Outputs, or logs. Access is permissioned and logged according to internal policy.
7.3 Training and improvement
Unless we clearly offer an opt-in or opt-out program and you make a choice, you should assume that enterprise-grade deployments prioritize operating the service you requested rather than unrestricted secondary training. If we introduce a program that uses your content to improve models, we will disclose material details and, where required, obtain consent or provide an opt-out. Aggregated metrics that do not identify you may be used freely for capacity planning and product analytics.
7.4 Special caution for confidential Inputs
Do not paste secrets (passwords, non-public personal data of others, regulated health records, or attorney-client privileged materials) into prompts unless you have evaluated residual risk and have a lawful basis. Generative pipelines are optimized for creative production, not for high-assurance confidential processing environments, unless you have a separate written agreement specifying enhanced controls.
8. Studio, Media Pool, local storage, and exports
8.1 Browser-local data
Certain Studio-related features may store data in your browser’s localStorage, sessionStorage, IndexedDB, or as temporary blob/object URLs. Examples include Media Pool snapshots and in-progress export artifacts. This data may never leave your device until you upload, export, or otherwise transmit it. Clearing site data, using private browsing, or switching devices can remove local data permanently.
8.2 Server-persisted editorial state
If a deployment persists project timelines or mix parameters server-side, that state is associated with your Account and processed under this Policy. If editorial state is session-only on the client, our servers may only receive export events or media fetch requests.
8.3 Exports you download
When you download .mov, WAV, MP3, or other deliverables, copies on your device are under your control. We may retain server-side copies of source media according to Library retention rules. You are responsible for securing downloaded files and for any further sharing.
8.4 Client-side encoding tools
Some export paths load encoder code (including WebAssembly modules) into your browser. Those modules process media locally to produce files. Network requests to fetch encoder assets are technical transfers of software, not transfers of your finished timeline to a public website, but standard CDN logs may record that your client downloaded the asset.
11. Where we store and process data
We primarily process and store personal information in the United States. Our service providers (hosting, storage, content delivery, inference compute, payments, and similar) may also process data in U.S. data centers or, in limited cases, in other locations as needed to deliver the Services. By using the Services, you understand that your information is handled in connection with a U.S.-based business subject to U.S. law, including lawful requests from U.S. courts and government authorities.
If a service provider processes data outside the United States, we select vendors that maintain contractual and security commitments appropriate for a U.S. commercial service. This Policy does not create rights under non-U.S. privacy regimes.
12. Data retention
We retain personal information only as long as necessary for the purposes described in this Policy, including:
- Account data — for the life of the Account and a reasonable wind-down period after deletion request or closure, unless longer retention is required by law.
- Library media and project data — until you delete them, until Account deletion, or until applicable retention schedules expire; backups may lag for a limited period.
- Security and server logs — typically for a shorter operational window (for example weeks to months) unless needed for investigations or legal holds.
- Billing records — for the duration required by tax, accounting, and anti-fraud obligations (often multiple years).
- Support tickets — for as long as needed to resolve issues and maintain service quality records.
- Browser-local Media Pool / session exports — until cleared by you or your browser; we may not control these stores directly.
When retention ends, we delete or irreversibly de-identify data, except where retention is required for legal claims, disputes, or compliance.
13. Security measures
We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Measures may include, as appropriate to risk:
- TLS encryption in transit for Service endpoints;
- encryption at rest for certain storage systems;
- password hashing with modern one-way algorithms;
- access controls and least-privilege internal permissions;
- monitoring, logging, and anomaly detection for abuse and intrusion signals;
- vendor security review for material subprocessors;
- secure software development practices and dependency hygiene.
No method of transmission or storage is 100% secure. You are responsible for protecting Account credentials and for securing devices used to access Studio exports and local Media Pool data. Promptly notify us of suspected unauthorized access.
14. Your U.S. privacy rights and choices
Depending on your U.S. state of residence and applicable state privacy statutes, you may have some or all of the following rights regarding personal information we hold about you:
- Know / access — request the categories and specific pieces of personal information we have collected about you (as defined by your state law).
- Correction — request correction of inaccurate personal information.
- Deletion — request deletion, subject to U.S. legal exceptions (for example completing a transaction, security, free speech, legal claims, and tax or accounting records).
- Portability — receive a copy of certain information in a portable format where required by state law.
- Opt-out of sale / share / targeted advertising — where those concepts apply under your state’s law.
- Limit use of sensitive personal information — where applicable (for example under California’s CPRA and similar statutes).
- Appeal — appeal a denied consumer request where your state law provides an appeal path.
- Non-discrimination — we will not deny goods or services, charge different prices, or provide a different level of quality solely because you exercised a privacy right, except as permitted by law.
14.1 How to exercise rights
Submit privacy requests through the request channels we publish on the Services (for example an in-product settings control or a designated privacy request form, when available). We will verify your identity before fulfilling requests that reveal personal information, as required to prevent fraud. Authorized agents may submit requests where permitted by your state law, with proof of authorization.
14.2 Response timing
We will respond within the timeframe required by applicable U.S. state law (commonly within forty-five (45) days, with a permitted extension in many states when reasonably necessary). If we deny a request in whole or in part, we will explain the reasons and any appeal rights under your state law.
14.3 Account tools
You may also update certain Account profile information by signing in and editing your profile (where available), and you may download or delete media from Library features when those controls are offered.
15. Children’s privacy (COPPA)
The Services are not directed to children under thirteen (13) years of age. Consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, notify us through the channels published on the Services and we will take appropriate steps to delete it. Zero-tolerance rules regarding sexual content involving minors are described in the Terms of Service and apply regardless of privacy requests that would impede safety investigations required by U.S. law.
16. Automated decision-making
We use automated systems for spam/abuse detection, rate limiting, credit fraud prevention, and content-policy filtering of Inputs/Outputs. These systems may automatically refuse a generation job or temporarily throttle an Account. They are operational security and safety tools for a U.S. online service, not credit, employment, housing, or insurance eligibility decisions. If you believe you were incorrectly blocked, use the support pathways published on the Services for human review where available.
17. Marketing communications (CAN-SPAM)
If we send product newsletters or promotional emails, we will do so in accordance with the U.S. CAN-SPAM Act and applicable state laws, including providing a clear way to opt out of commercial email. Transactional or relationship messages (security alerts, receipts, critical service notices about your Account) are not marketing and may continue as needed to operate your Account.
18. Third-party websites and SDKs
The Services may link to third-party sites or load third-party code (for example fonts CDNs or payment widgets). Their privacy practices are governed by their own policies. We encourage you to review them. We are not responsible for third-party privacy practices.
19. Additional U.S. state disclosures (including California)
19.1 Categories under CPRA-style lists
In the preceding 12 months, we may have collected the categories described in Section 4, including identifiers (email, account ID, IP), commercial information (plan/credits), internet activity (usage logs), audio/visual information (your media Inputs/Outputs), and inferences limited to product analytics. We collect these categories from the sources and for the purposes described above.
19.2 Disclosure for business purposes
We may disclose each category to service providers and as otherwise described in Section 10 for business purposes such as security, hosting, inference fulfillment, analytics, and compliance.
19.3 Sale / share
We do not sell personal information for money. If we engage in “sharing” for cross-context behavioral advertising as defined by law, we will provide a “Do Not Sell or Share My Personal Information” mechanism and honor opt-out preference signals where required.
19.4 Sensitive personal information
We do not use or disclose sensitive personal information for purposes that require a right-to-limit notice beyond providing the Services, security, and legal compliance, except as otherwise disclosed at collection.
19.5 Metrics
If required to publish request metrics, we will make them available upon request or in an annual disclosure.
20. Changes to this Privacy Policy
We may update this Policy periodically to reflect changes in the Services, U.S. federal or state laws, or our processing practices. We will post the updated Policy with a revised “Last updated” date and, when changes are material, provide additional notice as appropriate (for example, email to your Account address or an in-product notice). Your continued use of the Services after the effective date constitutes acknowledgment of the updated Policy, except where consent is required by U.S. law for a specific change.