Back to Home

Privacy Policy

Last Updated: November 29, 2025

We are GDPR Compliant and take your privacy seriously.

Your purchased content is kept for 6 months. You can request deletion anytime. We never sell your data.

1. Information We Collect

Account Information:

  • Email address (for login and communication)
  • Name (optional, for personalization)
  • Password (encrypted with bcrypt)
  • Subscription tier and payment status

Message Content:

  • Child's name and age (for message generation)
  • Christmas wish and good deeds (text input)
  • Language and voice preferences
  • Generated audio/video files (stored for 6 months, deletable on request)

Payment Information:

  • Processed securely by Stripe (PCI-DSS compliant)
  • We never store credit card numbers or CVV codes
  • We only store subscription status and transaction IDs

Usage Analytics:

  • Messages generated (count, language, type)
  • Login timestamps
  • Feature usage (audio vs video)

2. How We Use Your Information

We use your data only for:

  • Service Delivery: Generate personalized Santa messages with AI
  • Account Management: Manage your subscription and credits
  • Communication: Send order confirmations, password resets, and important updates
  • Payment Processing: Handle subscriptions and credit purchases via Stripe
  • Service Improvement: Analyze usage patterns to improve features (anonymized data only)
  • Legal Compliance: Respond to legal requests and prevent fraud

We NEVER: Sell your data, share it with advertisers, or use it for marketing to third parties.

3. Data Storage & Security

Storage Locations:

  • Database: Supabase (PostgreSQL) - EU Region (Frankfurt, Germany)
  • Backend: Railway.app - EU/US servers with encryption
  • Files: Secure cloud storage - kept for 6 months

Security Measures:

  • Encryption: All data transmitted over HTTPS/TLS
  • Password Protection: Bcrypt hashing with salt
  • JWT Tokens: Secure authentication with expiration
  • Access Control: Role-based permissions (user/admin)
  • Regular Backups: Database backups every 24 hours

4. Data Retention & Deletion

We store your purchased content securely and give you full control over your data:

🔒 Your Content, Your Control:

  • Audio/Video Files: Kept for 6 months - plenty of time for scheduled deliveries
  • Dashboard History: Access your messages throughout the holiday season
  • Scheduled Emails: Files available for future delivery within 6 months
  • Manual Deletion: Request deletion anytime via support or account settings

Long-Term Storage:

  • Account Data: Kept until you delete your account
  • Payment Records: Retained for 7 years (legal requirement)
  • Analytics: Anonymized data kept indefinitely for service improvement

5. Your Privacy Rights (GDPR)

Under GDPR, you have the right to:

✅ Access Your Data

Request a copy of all data we have about you

✏️ Correct Your Data

Update inaccurate information in your account

🗑️ Delete Your Data

Request complete account deletion (we'll comply within 30 days)

📦 Data Portability

Export your data in machine-readable format (JSON)

🚫 Opt-Out

Unsubscribe from marketing emails (we rarely send them anyway)

To exercise these rights, email us at: santa@santavoicegenerator.com

6. Third-Party Services

We use trusted partners for specific functions:

Stripe (Payment Processing)

Handles all payments. Read their Privacy Policy.

ElevenLabs (Voice AI)

Generates Santa's voice. They don't store your text after processing.

OpenAI (Message Generation)

Creates personalized messages. Read their Privacy Policy.

Google OAuth (Login)

Allows "Login with Google". We only receive your email and name.

7. Cookies & Tracking

We use minimal cookies for essential functionality:

  • Authentication Token: Keeps you logged in (JWT in localStorage)
  • Language Preference: Remembers your UI language choice
  • No Advertising Cookies: We don't use tracking pixels or ads

8. Children's Privacy

Our service is designed for parents to create messages for their children. We do not knowingly collect data directly from children under 18. Parents are responsible for supervising their children's use of the messages.

9. International Data Transfers

Our primary servers are in the EU (Germany), but some services (like Railway backend) may process data in the US. We use standard contractual clauses (SCCs) to ensure GDPR-level protection.

10. Changes to This Policy

We may update this Privacy Policy occasionally. We'll notify you via email if there are significant changes. Continued use after updates means you accept the new terms.

📧 Questions or Concerns?

We're here to help! Contact our privacy team:

Email: santa@santavoicegenerator.com

Data Protection Officer: Todor Genchev

Response Time: We'll reply within 48 hours