Privacy policy
Effective: 10 May 2026
If you sign up, we collect your email address, a hashed password (we never store the raw password), and an optional display name. If you sign in with Google, we receive your Google account email, profile name, and the OAuth identifier Google sends us. We do not request additional Google permissions.
If you use Cutline without signing in, we set a first-party cookie containing an anonymous session identifier and we store the count of videos you have generated in that session. We do this so you can try the product before signing up. There is no advertising profile or cross-site tracking.
The prompt sentence you type, any optional duration / mode / model selections, and any files you upload (logos, product photos, reference images). These are required to generate your video.
Intermediate artifacts produced by the pipeline (intent JSON, narrative, shot list, script, subtitle track, voice audio, sourced or generated images) and the final MP4. These are kept for the retention window described below.
Job identifiers, status (pending / processing / completed / failed), per-stage timings, error messages, your IP address (used for rate limiting and abuse prevention), browser user-agent. We do not log the contents of your prompts in our application logs.
If you subscribe to a paid plan, our payment processor (Dodo Payments) handles your card data directly. They send us the plan you purchased, the status of your subscription, and a customer reference identifier. We do not see, store, or process your card number, CVV, or banking credentials.
We use the data described above only for the following purposes:
We do not sell your data. We do not share it with advertisers. We do not use your prompts or generated videos to train our own models.
To deliver the service we have to send some data to the following sub-processors. They each have their own privacy policies, which we recommend you read.
What we send: The text of your prompt, intent, narrative, shot list, script, and any image-search queries we derive from them.
Why: Routes our LLM requests to the model you (or we) selected. Used in every text generation stage.
What we send: The script text we generate from your prompt.
Why: Converts the script into voiceover audio. You configure which provider via the TTS_PROVIDER setting.
What we send: Image prompts derived from your shot list. We never send your full prompt or account email.
Why: Generates fallback images via DALL·E 3 when no stock photo matches.
What we send: Image search queries derived from your shot list.
Why: Returns stock photos used as the visual layer of each shot. Standard image-search API requests.
What we send: Used only if you select "Talking object" mode. The script text is sent to Google Veo to generate the talking character clip.
Why: Generates AI character video. Optional and only triggered when you explicitly choose this mode.
What we send: If you sign in with Google: your Google email, name, and OAuth identifier.
Why: Authenticates you and creates your account record.
What we send: Your email address and the plan you are purchasing. Card data goes directly to them, not to us.
Why: Processes subscriptions and one-time payments. PCI-DSS compliant; we are not in scope for cardholder data.
What we send: Account records, job metadata, anonymous-session records, subscription state.
Why: Database hosting.
What we send: Job queue entries, cancellation flags, rate-limit counters.
Why: Queue and ephemeral state. May be hosted by a managed Redis provider.
What we send: Uploaded assets and generated videos.
Why: Either local disk on our server or S3-compatible object storage. Files are deleted on the retention schedule below.
Cutline is an AI-driven video tool. Several things follow from that:
Depending on where you live, you may have rights under laws such as GDPR (EU/UK), CCPA/CPRA (California), or similar regimes. These commonly include:
To exercise any of these, write to parbhat@parbhat.work from the email address associated with your account. We will respond within 30 days. We will not retaliate against you for exercising your rights.
If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (and the equivalent UK GDPR / Swiss FADP) gives you the rights summarised in "Your rights" above. This section explains how we apply those rules.
Cutline, operating the service at cutline.cloud, acts as the data controller for personal data you submit to operate your account and use the service. You can reach the controller at parbhat@parbhat.work.
If you believe our processing of your personal data infringes the GDPR, you can lodge a complaint with the supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement, or with the UK Information Commissioner's Office (ICO) for UK residents.
The Cutline pipeline produces video output by automated means, but we do not make decisions that produce legal or similarly significant effects on you within the meaning of Art. 22 GDPR. The output is creative content delivered to you for review and use.
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you specific rights regarding your personal information.
In the last 12 months we have collected the following categories of personal information about California users, all from the user directly:
We do not sell personal information for monetary value, and we do not share personal information for cross-context behavioural advertising as those terms are defined under the CPRA. We do not knowingly sell or share the personal information of consumers under 16.
We do not collect sensitive personal information as defined by the CPRA, and therefore do not use or disclose it in a way that triggers your right to limit. Account passwords are stored as cryptographic hashes only.
Email parbhat@parbhat.work from the address associated with your account. We may need to verify your identity before fulfilling certain requests. Authorised agents may submit requests on your behalf with appropriate written authorisation.
Cutline and its sub-processors operate from servers in multiple jurisdictions, including the United States and the European Union. If you access the service from outside those jurisdictions, your data will be transferred to and processed in them. We rely on the standard contractual clauses or equivalent safeguards offered by our sub-processors where applicable.
Cutline is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact parbhat@parbhat.work and we will delete it.
We use industry-standard practices: TLS for data in transit, hashed passwords, scoped API keys held server-side, and access controls on our database and storage. No system is perfectly secure; if we ever experience a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.
We may update this policy as the product evolves. When we make material changes we will revise the "effective" date at the top of the page and, for changes that materially expand how we use your data, send a notice to your account email or display an in-app banner. Continued use of Cutline after a change means you accept the updated policy.
Questions, requests, or complaints about this policy or your data: parbhat@parbhat.work.