Legal

Privacy Policy

Last updated: June 16, 2026

1. Introduction

Boyan Georgiev, operating as StudioScope ("we," "our," or "us"), operates the StudioScope platform available at studioscope.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Company name and job title (if applicable)
  • Password (stored in hashed form)
  • Billing information (processed by our payment provider, Stripe)
  • Profile picture and preferences

2.2 User-Generated Content

We store content you create, upload, or submit through the Service, including:

  • Project files, documents, photos, and videos
  • Comments, annotations, and chat messages
  • File attachments and uploads
  • Project and task data

2.3 Usage Data

We automatically collect:

  • Application Logs: Feature usage, actions performed, errors encountered
  • Device Information: Browser type, operating system, screen resolution, device type
  • Network Information: IP address, approximate location (city/country level)
  • Session Data: Login times, session duration, pages/features accessed
  • Performance Data: Load times, crashes, and diagnostic information

2.4 Information from Third Parties

We may receive information from:

  • Authentication Providers: If you sign in via Google or other OAuth providers
  • Payment Processors: Transaction status and billing details (we do not store full credit card numbers)
  • Analytics Services: Aggregated usage patterns

3. How We Use Your Information

We use your personal data for the following purposes:

  • To provide and maintain the Service — operating the platform, authenticating users, and delivering features (legal basis: contractual necessity)
  • To process payments and subscriptions — billing, invoicing, and payment processing (legal basis: contractual necessity)
  • To send transactional communications — account notifications, password resets, project updates (legal basis: contractual necessity)
  • To improve the Service — analyzing usage patterns to enhance features and user experience (legal basis: legitimate interest)
  • To detect and prevent abuse — fraud prevention, security monitoring, and enforcing our Terms of Service (legal basis: legitimate interest)
  • To comply with legal obligations — responding to lawful requests, maintaining records (legal basis: legal obligation)

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • With your team or organization: If you use a studio/organization plan, administrators can access usage data and manage accounts within your organization.
  • With service providers: We engage third-party companies to facilitate the Service. These include:
    • Vercel (application hosting)
    • Supabase (database, authentication, file storage)
    • Stripe (payment processing)
    • Cloudflare (video streaming)
    • Resend (transactional email)
    • Vercel Analytics (usage analytics)
  • For legal compliance: When required by law, subpoena, or court order.
  • During business transfers: In connection with a merger, acquisition, or asset sale (you will be notified).

Each third-party service provider has its own privacy policy governing the use of your information.

5. Data Storage and Security

5.1 Infrastructure

Your data is stored on servers provided by Vercel (application hosting, Washington D.C., USA) and Supabase (database and storage, US East). By using the Service, your data may be transferred to and processed in the United States.

5.2 Security Measures

We implement industry-standard security measures:

  • All data encrypted in transit (TLS 1.2+)
  • Data encrypted at rest (AES-256)
  • Role-based access controls
  • Multi-factor authentication available
  • Regular security monitoring

5.3 Data Breach Response

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours (as required by GDPR) and provide details on the nature of the breach and remediation steps.

6. Data Retention

We retain your personal data only for as long as necessary:

  • Account data: Duration of account + 30 days after deletion
  • User-generated content: Duration of account + 30 days after deletion
  • Usage logs: 12 months
  • Payment records: 7 years (legal requirement)
  • Support tickets: 3 years

After account deletion, we remove or anonymize your data within 30 days, except where retention is required by law.

7. Your Rights

7.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information
  • Deletion: Delete your account and associated data
  • Export: Download your data in a machine-readable format

7.2 GDPR Rights (EEA/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have additional rights:

  • Right to restrict processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local data protection authority

Our Data Protection Officer can be reached at privacy@studioscope.app.

7.3 CCPA Rights (California Residents)

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at privacy@studioscope.app or use the account settings in the application.

8. International Data Transfers

If you access the Service from outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for EU/UK data transfers
  • Data Processing Agreements with all sub-processors

9. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal data, please contact us at privacy@studioscope.app and we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before the changes take effect. We encourage you to review this Privacy Policy periodically.

11. Contact Us

For privacy-related inquiries: