← Home

Privacy Notice

Last updated: 11 May 2026

1. Who we are

SixteenCut is operated by Adam Poulter, sole trader, Felixstowe, United Kingdom (the "Seller", "we", "us"). The Seller is the controller of the personal data described in this notice. Contact: support@sixteencut.com.

2. What we collect

• Account data — email address, hashed password, sign-in identifiers from OAuth (e.g. Google) if you choose to use them.
• Usage data — credit balance, captioning jobs (minutes processed, language detected, timestamps), errors and diagnostic logs.
• Uploaded content — video files you upload for caption generation. We extract audio and send it to our captioning provider; we do not retain the video itself on our servers beyond the duration of the job.
• Device / network data — IP address, browser type, approximate location derived from IP, for security and abuse prevention.
• Support messages — anything you send us by email.

Payment card details are collected and processed by Paddle, not by us. See "Sharing" below.

3. Why we use it (purposes and legal basis)

• Provide the service (contract performance): create your account, run caption jobs, debit credits, deliver results.
• Security and abuse prevention (legitimate interests): rate limiting, fraud detection, account integrity.
• Customer support (legitimate interests / contract): respond to your messages.
• Legal compliance (legal obligation): keep records of sales and meet tax obligations via our Merchant of Record.
• Product improvement (legitimate interests): aggregate, non-identifying analytics on usage patterns.

4. Who we share it with

• Paddle.com Market Limited — our Merchant of Record. Paddle processes payments, manages subscriptions and invoicing, calculates and remits sales tax/VAT, handles refunds and chargebacks. See Paddle's privacy notice at paddle.com/legal/privacy.
• ElevenLabs Inc. — our speech-to-text provider. The audio extracted from your uploads is sent to ElevenLabs to generate captions.
• Hosting and infrastructure providers — Lovable Cloud (Supabase / Cloudflare) for application hosting, authentication and database storage.
• Authorities where required by law.

5. International transfers

Some of these providers are located outside the UK / EEA. Where data is transferred we rely on adequacy decisions or Standard Contractual Clauses as appropriate.

6. Retention

• Account data — for the life of your account, then deleted within 30 days of account closure (except where we must keep records longer, e.g. tax records held by Paddle).
• Uploaded video / audio — processed in-session and not retained on our servers after the job completes.
• Caption transcripts — stored in your browser session; not persisted on our servers unless you save them to your account.
• Diagnostic logs — typically 30–90 days.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, port and object to processing of your personal data, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). To exercise any of these rights email support@sixteencut.com; we respond within one month.

8. Security

We use industry-standard technical and organisational measures including encryption in transit, encrypted password storage, row-level access controls in our database, and least-privilege service credentials.

9. Cookies

We use only the cookies and local-storage entries strictly necessary to keep you signed in and to remember your preferences. We do not use marketing or third-party advertising cookies.

10. Changes

We may update this notice. Material changes will be announced on the site or by email.