Privacy Policy
This Privacy Policy explains how Saffra Scripts collects, uses, stores, and shares your personal information. It is written to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
1. Who we are and how to contact us
Saffra Scripts is a trading name of Harrison Keen, an Australian sole trader (ABN 65 835 915 031). To exercise your rights under this Policy, or to raise a privacy concern, email hello@saffrascripts.com.
2. What we collect
- Account information: your email address; either a hashed password (stored by Supabase Auth) or a third-party authentication identifier (e.g. Google OAuth).
- Generation inputs: the prompts, synopses, character notes, and other text you submit to generate scripts.
- Generation outputs: scripts and related artefacts the Service generates for you.
- Billing information: handled by Lemon Squeezy. We do not see or store your card details. We receive your billing email address and order metadata via Lemon Squeezy's webhook.
- Technical and operational data: server logs (Hostinger), database and authentication logs (Supabase), file-storage logs (Cloudflare R2). No third-party analytics or tracking pixels are installed on the site at the time this Policy was written.
3. Why we collect it
We collect personal information to:
- provide and operate the Service;
- process credit purchases and maintain credit balances;
- detect and prevent abuse, fraud, and breaches of our Terms;
- respond to your support enquiries;
- comply with our legal obligations (e.g. tax record-keeping).
4. Who we share it with
We use the following third-party processors. Each operates under its own privacy policy:
- Supabase — database and authentication.
- Cloudflare R2 — file storage for generated scripts.
- Anthropic — large language model inference on your prompts.
- Lemon Squeezy — payment processing.
- Hostinger — web hosting.
- Google — Docs API for output delivery (only where you opt to receive output via Google Docs).
We do not sell your personal information.
5. International transfers
Several of our processors operate servers outside Australia (primarily in the United States and the European Union). By using the Service, you consent to your personal information being transferred to, and processed in, those jurisdictions.
6. Retention
Account information is retained for as long as your account remains active. Billing-related records are retained for seven (7) years to satisfy Australian tax record-keeping obligations. You can request deletion of other data — including generation inputs and outputs — at any time by emailing us.
7. Your rights
Under the Australian Privacy Act and the APPs, you have the right to:
- request access to the personal information we hold about you;
- request that we correct inaccurate information;
- request that we delete information (subject to our legal retention obligations);
- complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have mishandled your information.
To exercise these rights, email hello@saffrascripts.com. We will respond within 30 days.
8. Security
We use TLS for data in transit. Passwords are hashed by Supabase Auth (we never see or store plaintext passwords). Access to production data is restricted. Despite these measures, no system is perfectly secure, and we cannot guarantee absolute security.
9. Children
The Service is not intended for users under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have done so, please email us and we will delete the information.
10. Changes to this Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after a change constitutes acceptance of the updated Policy.