Privacy Policy

1. Data Controller Identity

The data controller responsible for your personal data is:

This Privacy Policy explains how we collect, use, share, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Belgian data protection law.

2. What Personal Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address (required for account creation and communication)
• Full name (optional but recommended)
• Password (stored as a hashed value, never in plain text)

2.2 Subscription & Payment Data

When you subscribe to a paid plan, we collect:

• Polar customer ID (generated by our payment processor)
• Subscription plan (Free, Auteur, Studio)
• Subscription status (active, inactive, canceled)
• Billing cycle dates

Note: Payment card details are processed and stored by Polar, not by us. We never have access to your full credit card number.

2.3 Content Data

We store the creative content you create using AuteurPro:

• Screenplays (scripts, content, formatting)
• Characters (names, descriptions, traits, relationships)
• Scenes (headings, synopses, notes)
• Projects (titles, descriptions)
• Comments and feedback (from collaborators)
• Version history (screenplay revisions)

2.4 AI Interaction Data

When you use AI writing assistance features:

• AI prompts (your requests to the AI)
• AI responses (suggestions generated by Claude)
• AI token usage (tracking your monthly AI usage)

AI requests are sent to Anthropic (Claude). See Section 5 for details on third-party processors.

2.5 Usage Data

We automatically collect technical and usage data:

• IP address (for security and fraud prevention)
• Browser type and version
• Device information (operating system, screen size)
• Login times and activity logs
• Feature usage (which features you use most)
• Performance metrics (page load times, errors)

2.6 Cookies & Tracking

We use cookies to provide the Service. See our Cookie Policy for details. Essential cookies (authentication) are required; optional cookies (analytics) require your consent.

3. Legal Basis for Processing Your Data

Under GDPR Article 6, we process your personal data based on the following legal grounds:

3.1 Contract Performance (Article 6(1)(b))

We process your data to provide the AuteurPro Service as agreed in our Terms of Service:

• Creating and managing your account
• Storing and processing your screenplays
• Providing AI writing assistance
• Enabling collaboration features
• Processing your subscription payments

3.2 Legitimate Interest (Article 6(1)(f))

We process certain data based on our legitimate business interests:

• Service improvement: Analyzing usage patterns to enhance features
• Security: Detecting and preventing fraud, abuse, and security threats
• Customer support: Responding to your inquiries and troubleshooting issues
• Legal compliance: Maintaining audit logs for accounting and legal purposes

3.3 Consent (Article 6(1)(a))

We rely on your consent for:

• Marketing emails: Sending tips, updates, and special offers (opt-in required)
• Optional cookies: Analytics and non-essential tracking
• My Enigma account: Creating an account on our upcoming social network

You can withdraw consent at any time through your Account Settings without affecting the lawfulness of processing before withdrawal.

4. How We Use Your Personal Data

We use your data for the following purposes:

• Provide the Service: Account management, screenplay storage, AI assistance
• Process payments: Manage subscriptions and billing via Polar
• Communicate with you: Account notifications, service updates, customer support
• Improve the Service: Analyze usage to develop new features and fix bugs
• Security & fraud prevention: Protect against unauthorized access and abuse
• Legal compliance: Comply with tax, accounting, and legal obligations
• Marketing (with consent): Send newsletters and promotional content

5. Data Sharing & Third-Party Processors

We share your data with trusted third-party processors who help us provide the Service. Under GDPR Article 28, these processors are bound by Data Processing Agreements (DPAs) and can only use your data as we instruct.

We do NOT sell your personal data to third parties.

6. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA) to the United States, where our third-party processors (Supabase, Amazon Bedrock, Vercel) operate. We ensure these transfers comply with GDPR using:

• Standard Contractual Clauses (SCCs): EU-approved contracts that ensure GDPR-level protection
• Data Protection Agreements: Written agreements with all processors
• Processor Certifications: Our processors comply with international privacy frameworks

7. Your Rights Under GDPR

As an individual in the EU/EEA, you have the following rights:

How to Exercise Your Rights:
Email us at julien@enigmareleasing.com or use Account Settings. We will respond within 30 days as required by GDPR.

8. Data Retention

We retain your data for different periods based on legal requirements and business needs:

9. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit: All data transmitted over HTTPS/TLS
• Encryption at rest: Database encryption via Supabase
• Password hashing: Passwords stored using bcrypt (irreversible)
• Row-Level Security (RLS): Database policies prevent unauthorized data access
• Regular security audits: Ongoing monitoring for vulnerabilities
• Access controls: Limited employee access to production data

Data Breach Notification: In the event of a data breach, we will notify you and the Belgian DPA within 72 hours as required by GDPR Article 33.

10. Cookies & Tracking Technologies

We use cookies to provide and improve the Service. See our detailed Cookie Policy for information about:

• What cookies we use
• Essential vs. optional cookies
• How to manage your cookie preferences
• Third-party cookies (if any)

11. Children's Privacy

AuteurPro is not intended for users under the age of 16 (the age of consent for data processing in Belgium under GDPR). We do not knowingly collect personal data from children under 16. If we discover that a user is under 16, we will delete their account and data immediately. If you believe a child under 16 has created an account, please contact us at julien@enigmareleasing.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features. Material changes will be communicated via:

• Email notification to your registered email address
• Prominent notice on the Service
• Updated "Last Updated" date at the top of this page

Continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy. For significant changes, we may require you to re-accept the policy.

13. Contact Us About Privacy

For privacy-related questions, requests to exercise your GDPR rights, or data protection concerns:

If you're not satisfied with our response, you can lodge a complaint with the Belgian Data Protection Authority: