Privacy Policy
Decoupa (decoupa.film) — Alien Alliance Films GmbH, Switzerland Version 1.0 · Effective date: 16 June 2026
This policy explains what personal data we process, why, and what your rights are. It is written to comply with the Swiss Federal Act on Data Protection (FADP/revDSG) and, for users in the EU/EEA and UK, the GDPR / UK GDPR.
Controller: Alien Alliance Films GmbH, Erlachstrasse 23, 3012 Bern, Switzerland — hello@decoupa.film
1. The short version
- Your projects (screenplays, shot lists) are stored in your browser as you work and are encrypted on your device before being saved to our cloud.
- When you run an AI feature, the relevant text is sent through our servers to Anthropic (USA) to generate the result. It is processed in transit and is not used to train AI models. We do not log its contents.
- The cloud copy lets you sign in on any device and keep working; it is encrypted on your device before upload and our storage holds only ciphertext. We manage the encryption keys so this works without passwords — this means we could technically access the data, and our binding policy is that we never read, sell, or train on your work. It is not a "zero-knowledge" system, and we don't claim it is.
- You can export everything and delete your account at any time.
- Our website analytics are cookieless; we aim to operate without a consent banner.
2. What we process, and why
| Data | Purpose | Legal basis (GDPR) | Where |
|---|---|---|---|
| Account data (email, auth identifiers) | Login, account management, quota attribution | Contract (Art. 6(1)(b)) | Supabase (EU region) |
| Project blobs, encrypted client-side | Cloud save / multi-device | Contract | Supabase Storage (EU region) |
| Screenplay text in transit | AI generation you request | Contract | Our edge functions → Anthropic API (USA); not stored by us, contents not logged |
| Usage metering (token counts per operation) | Quota enforcement, billing | Contract | Supabase (EU) — counts only, no content |
| Payment and billing data | Subscription processing | Contract; handled by our merchant of record as independent controller | Stripe Managed Payments |
| Product analytics (pseudonymous events, e.g. "generation completed") | Improving the product | Legitimate interest (Art. 6(1)(f)) | PostHog (EU cloud) — no content, no ad tracking |
| Website analytics | Reach measurement | Legitimate interest | Plausible (EU) — cookieless, no personal profiles |
| Error and crash data | Stability and debugging | Legitimate interest | Sentry — request bodies are scrubbed; screenplay content is excluded by design |
| Transactional email (login/magic links, trial & account notices) | Operating the service | Contract (Art. 6(1)(b)) | Resend (EU region) |
We do not use your content for advertising, we do not sell personal data, and we do not use it to train AI models (ours or anyone else's).
3. The encryption model, stated plainly
Cloud-saved projects are encrypted on your device (AES-GCM via your browser's WebCrypto) before upload; our storage holds only ciphertext. The data encryption key is generated per user and managed by our backend so that you can sign in on another device and continue working without managing passwords or risking permanent data loss.
Because we manage the key, we are technically able to decrypt stored blobs. Our commitment: we access content only if you explicitly ask us to (e.g. a support request you initiate), or where we are legally compelled to. We never read your work out of curiosity, for marketing, for moderation sweeps, or for AI training. If we are legally compelled to disclose data, we will inform you where the law allows it.
4. AI processing (Anthropic)
When you trigger an AI feature, the necessary text (a scene, parts of the screenplay context, your instructions) is transmitted via our servers to Anthropic PBC (USA) and processed there to generate your result. Under Anthropic's commercial API terms, content submitted via the API is not used to train models. Short-lived technical caching (prompt caching, minutes) is used to reduce cost and latency. [Internal: request zero-data-retention terms with the Anthropic DPA if available.]
When you use your own Anthropic API key (BYOK) as an overflow option, the same transit applies; your contractual relationship for that AI processing is directly with Anthropic.
5. International transfers
Some providers process data in the USA (Anthropic, Netlify, Sentry, Resend, payment infrastructure). Transfers from Switzerland and the EU are based on the Swiss–U.S. / EU–U.S. Data Privacy Framework where the provider is certified, otherwise on Standard Contractual Clauses with Swiss addenda. Details per provider: Subprocessor List.
6. Retention and deletion
- Local data: on your device, under your control; deleting it is up to you.
- Cloud blobs: deleted within 30 days after account deletion, immediately upon your deletion of a project.
- Account data: deleted with the account, except where retention is legally required (e.g. accounting records held by the merchant of record).
- Metering/analytics: 12 months, then aggregated or deleted.
- Backups of our systems: rolling, max 35 days.
7. Your rights
Under the FADP and (where applicable) the GDPR you can request: access to your data, correction, deletion, restriction, a portable copy, and you can object to processing based on legitimate interest. The built-in export gives you your content instantly without a request. Contact: hello@decoupa.film. You may also complain to a supervisory authority — in Switzerland the FDPIC; in the EU your local data protection authority.
8. Cookies and similar technologies
We use only technically necessary storage (session/login, your app settings). Web analytics (Plausible) is cookieless. We do not use advertising trackers. If this setup changes, we will introduce a consent mechanism first.
9. Children
The Service is not directed at children under 16. We do not knowingly process their data.
10. Changes
We will update this policy as the product evolves (e.g. desktop app, storyboard features) and announce material changes in-app or by email. The current version is always available at https://decoupa.film/legal/privacy.