Privacy Policy

Parafraim is an AI-native studio that turns conversational briefs into image-and-text videos. It is built and operated by an independent developer rather than a registered company. For the purposes of applicable data protection laws, the operator of Parafraim acts as the data controller for personal data processed through the Service.

For any privacy question, request, or complaint, contact us at contact@parafraim.com.

We collect the following categories of personal data:

Information you provide

• Account data: email address, and (optionally) your name and profile picture. If you register with email and password, we store a securely hashed version of your password — never the password itself.
• Authentication data from Google: if you sign in with Google, we receive your email address, name, and profile picture from Google in line with the permissions you grant.
• Content you create: the prompts and chat messages you send to the AI agent, the HTML compositions generated for your projects, project names and descriptions, cover frames, and the videos you render.
• Support and communications: messages you send us and their contents.

Information collected automatically

• Usage and billing data: your subscription plan, render credit balance, and a history of credit transactions and render jobs (status, progress, and resulting video URLs).
• Technical data: information generated when you interact with the Service, such as your IP address, browser and device type, and timestamps, processed in part for security and to keep your session active.

We do not currently use third-party advertising or web-analytics trackers on the Service. If this changes, we will update this Policy and, where required, ask for your consent.

Payment information

Payments are processed by our payment provider, Creem. We do not collect or store your full card number or other complete payment instrument details. We retain limited billing records such as your plan, a Creem customer identifier, checkout identifiers, and the status of your subscription.

We use personal data to:

• Create and manage your account and authenticate you.
• Provide the Service — generate, preview, refine, render, and store your videos and projects.
• Process subscriptions, allocate and meter render credits, and prevent abuse of usage limits.
• Maintain security, detect and prevent fraud, and enforce our Terms of Service.
• Respond to your requests and provide customer support.
• Comply with legal obligations and improve the reliability of the Service.

We do not use your private content (prompts, chat messages, generated compositions, or rendered videos) to train foundation models.

Where the EU/UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Service you request); legitimate interests (to secure, maintain, and improve the Service); consent (where specifically requested, which you may withdraw at any time); and compliance with legal obligations.

When you brief the AI agent, your prompts, selected elements, and related project context are sent to our AI model provider, Anthropic, to generate and refine your video compositions. Generation and rendering run inside isolated, per-project sandbox environments provisioned by Daytona (and, as a fallback, E2B or Cloudflare Workers). Your content is processed to produce your output and is not used by us to train models.

We share personal data only as needed to operate the Service, with providers acting on our instructions under appropriate contractual protections:

• Anthropic — AI model processing for generation and refinement.
• Daytona, E2B, and Cloudflare — sandbox/compute environments where compositions are generated and rendered.
• Neon — managed PostgreSQL database hosting your account, project, and usage data.
• Cloudflare R2 — object storage and CDN delivery for your rendered videos, thumbnails, and assets.
• Creem — subscription billing and payment processing.
• Google — only if you choose Google sign-in, to authenticate you.
• Our hosting and infrastructure providers that operate the Service.

We may also disclose data where required to comply with law or legal process, to enforce our agreements, or to protect the rights, safety, and security of our users and the Service. If operation of the Service is ever transferred to another operator, we will notify you and require that this Policy continue to be honored.

We do not sell your personal data.

Our providers may process data in countries other than your own, including the United States. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses to protect your data during international transfers.

We retain your account data for as long as your account is active. Projects, chat history, and rendered videos are retained until you delete them or close your account. Billing and transaction records are retained as required for accounting, tax, and legal purposes. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where retention is required by law.

Depending on where you live, you may have the right to access, correct, delete, or export your personal data; to object to or restrict certain processing; and to withdraw consent. If you are in the EEA, UK, or California, you may have additional rights under the GDPR or the CCPA/CPRA, including the right not to be discriminated against for exercising them.

To exercise any right, email contact@parafraim.com. We will respond within the timeframes required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

We use technical and organizational measures to protect your data, including encryption in transit, hashed passwords, access controls, and isolated per-project execution environments. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, for material changes, provide additional notice where required. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.