ColdCut

Privacy Policy

Last updated: April 2026

1. Information We Collect

When you use ColdCut, we collect:

  • Account information: your email address, name (optional), and hashed password when you sign up.
  • Content you create: project names, script content, creator profile details, and resources you upload.
  • Usage data: action counts (scripts generated, critiques run, etc.) used to enforce plan quotas.
  • Contact submissions: name, email, and message content when you contact us via the contact form.

2. How We Use Your Information

We use your information to:

  • Provide and improve the Service.
  • Personalise AI-generated content using your creator profile.
  • Enforce plan quotas and rate limits.
  • Respond to support requests and contact form submissions.
  • Send transactional emails (e.g. account-related notifications) — we do not send marketing emails without your consent.

3. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Vercel infrastructure. We use bcrypt (cost factor 12) to hash passwords — we never store plain-text passwords. Sessions are managed via random secure tokens with a 30-day expiry. We take reasonable technical and organisational measures to protect your data, but no system is completely secure.

4. Cookies

We use the following cookies:

  • sf_uid (httpOnly, 30-day expiry): your session token, used to authenticate requests.
  • sf_auth, sf_onboarded, sf_plan: non-sensitive state flags used for client-side routing and UI.
  • A theme preference is stored in localStorage (not a cookie) to remember your dark/light mode preference.

We do not use advertising cookies or third-party tracking cookies.

5. Third-Party Services

ColdCut uses the following third-party services to operate:

  • Groq / Anthropic: AI language model providers that process your script prompts and content. Your content is sent to their APIs to generate responses. Review their privacy policies for details on data retention.
  • Vercel: hosting and infrastructure provider. Your data is stored and served via Vercel's platform.
  • Vercel Blob: used to store uploaded image resources.

6. Your Rights (GDPR & CCPA)

Depending on your location, you may have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: update inaccurate or incomplete data.
  • Deletion: request that we delete your account and associated data.
  • Portability: receive your data in a structured, machine-readable format.
  • Opt-out: Opt out of the sale of personal information (we do not sell personal data).

To exercise any of these rights, contact us via the contact page.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law. Contact form submissions are retained for up to 12 months.

8. Children's Privacy

ColdCut is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date above or by email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or to exercise your rights, please contact us via the contact page.