MagicSubtitle – Comprehensive Privacy Policy (GDPR / CCPA / PDPA Compliant)

Introduction

MagicSubtitle (“we”, “our”, or “the Service”) is an AI-powered platform that enables users to generate subtitles, translate multilingual content, transcribe audio or video, and create automated summaries. We recognize the importance of privacy and are committed to protecting your personal data in accordance with:

• GDPR – General Data Protection Regulation (European Union)
• CCPA/CPRA – California Consumer Privacy Act / California Privacy Rights Act
• PDPA – Personal Data Protection Acts (Singapore, Malaysia, Thailand)
• Other applicable international privacy and data protection standards

This Privacy Policy explains:

• What data we collect
• How we use and protect your data
• Your rights under GDPR, CCPA, and PDPA
• How you may exercise those rights

MagicSubtitle follows a strict privacy-by-design and minimal-data philosophy.

1. Data We Collect

MagicSubtitle collects only the minimum amount of information required to provide our services effectively.

1.1 Data You Provide

We may collect the following information when you use the platform:

(a) Uploaded Content

• Video files
• Audio files
• Subtitle or text files
• Text input submitted for translation or processing

Uploaded content is used solely for processing (translation, transcription, summarization). We do not use your files to train AI models, nor do we share them with external parties.

(b) Optional Personal Data

• Email address (for login, password reset, or receiving results)
• Account preferences (such as selected language)

We do not collect:

• Legal names
• Phone numbers
• Government-issued IDs
• Physical addresses
• Biometric or facial recognition data

1.2 Automatically Collected Data (Non-Identifying)

For performance, security, and abuse prevention, we may collect:

• Browser type and version
• Device type and operating system
• Anonymized IP address (as permitted under GDPR Recital 49)
• Timestamps of access and transactions
• Error or crash logs

This data is not used to identify individuals.

1.3 Data We Never Collect

• Payment card details (handled by trusted third-party providers such as Stripe or PayPal)
• Sensitive personal information defined under GDPR Article 9
• GPS or precise location data
• Advertising profiles or behavioral tracking information

2. How We Use Your Data

2.1 Service Delivery

• Subtitle generation
• Transcribing speech to text
• Translating content across languages
• Video and text summarization

2.2 Account & Communication

• Authenticating your login
• Sending optional email notifications
• Providing support or resolving user inquiries

2.3 Security & Abuse Prevention

• Rate limiting and preventing misuse
• Detecting automated abuse
• Fraud monitoring and access protection

2.4 System Improvement

We may use anonymized and aggregated data strictly for:

• Performance optimization
• Error detection and debugging
• Service uptime monitoring

We never use uploaded content to train AI models.

We never sell personal data (fully compliant with GDPR and CCPA).

3. Legal Basis for Processing (GDPR Article 6)

We rely on the following lawful bases when processing your data:

• Contractual Necessity: Processing files to provide requested services.
• Legitimate Interests: Securing and improving the platform.
• Consent: When you provide optional information like an email address.
• Legal Obligation: When required to comply with applicable law.

4. Data Storage & Retention

4.1 File Storage

• Files are stored temporarily to complete processing tasks.
• Temporary files are deleted automatically after expiration.
• Processed outputs may remain available for your account until you delete them.

4.2 Retention Periods

Data Type	Retention
Uploaded Files	Automatically deleted after short-term processing
Subtitles / Outputs	Retained for user convenience (optional)
Email Address	Stored until account deletion
System Logs	7–90 days depending on purpose

4.3 Data Deletion

You may request deletion at any time via:

• Account settings
• Email request
• Automatic expiration

5. Third-Party Providers

MagicSubtitle may integrate with reputable service providers to improve performance and accuracy.

5.1 AI Processing

• OpenAI (translation, rewriting, summarization)
• Whisper / Faster-Whisper (speech-to-text)
• Local inference engines deployed on MagicSubtitle servers

5.2 Cloud Infrastructure

• AWS / DigitalOcean / Backblaze B2

5.3 Data Transfer Policies

Data sent to AI APIs is:

• Processed only transiently
• Never stored or reused
• Encrypted in transit (TLS 1.2+)

We never send data to advertisers, marketing firms, or data brokers.

6. Cookies & Tracking Technologies

MagicSubtitle uses minimal cookies to enhance core functionality.

6.1 Essential Cookies

• Language preference
• Session authentication

6.2 Analytics Cookies

Anonymous-only analytics may be used to improve performance.

We do not use:

• Advertising trackers
• Cross-site tracking
• Behavioral profiling
• Fingerprinting technologies

7. User Responsibilities

• Upload only content you have the legal right to use.
• Avoid uploading sensitive or medical information.
• Do not upload illegal, harmful, or copyrighted materials without permission.
• Comply with all relevant copyright laws.

8. Your Rights

8.1 GDPR Rights (EU Users)

• Right to access your personal data
• Right to request correction
• Right to deletion (“right to be forgotten”)
• Right to restrict processing
• Right to data portability
• Right to object
• Right to withdraw consent

8.2 CCPA Rights (California Users)

• Right to know what data is collected
• Right to request deletion
• Right to opt-out of data sale (we never sell data)
• Right to request correction
• Right to non-discrimination for exercising rights

8.3 PDPA Rights (Singapore, Malaysia, Thailand Users)

• Right to access your data
• Right to request correction or deletion
• Right to withdraw consent at any time
• Right to inquire how your data is used

We respond to all rights requests within 7–30 business days.

9. Children’s Privacy

MagicSubtitle is not intended for use by children under 13 (US COPPA) or under 16 (GDPR). We do not knowingly collect personal information from minors.

10. International Data Transfers

We may process data in multiple jurisdictions. All international data transfers comply with:

• GDPR adequacy decisions
• EU Standard Contractual Clauses (SCCs)
• PDPA cross-border transfer requirements

11. Security Measures

We use industry-standard security technologies, including:

• TLS 1.2+ encryption
• Secure file isolation
• Strict access control and permissions
• Rate limiting and abuse prevention systems
• Automated threat monitoring
• Routine security audits

No system is entirely immune to risks, but we follow best practices to safeguard all user data.

12. Changes to This Policy

We may update this Privacy Policy to reflect new features, legal requirements, or improvements in data-handling practices. Updates will be published on this page with a revised date.

13. Contact Information

For privacy-related questions or requests, contact us at:
[email protected]
Subject: Privacy Inquiry