Privacy Policy

Last updated: May 7, 2026

This Privacy Policy explains how Scrptly ("we", "us", "our") collects, uses, and shares personal data when you use our website and Service.

We act as the data controller for your personal data.

1. Who We Are

Scrptly is operated by TheSocialCreativesClub, based in Spain.

If you have any questions about this policy, contact:
๐Ÿ“ฉ hello@scrptly.io

2. Data We Collect

We collect the following categories of personal data:

Account Data

  • Name
  • Email address
  • Password (hashed)
  • Authentication data (e.g. Google login identifiers)
  • Subscription plan

Usage Data

  • Scripts you generate
  • Analyses you run
  • Evaluations and interactions
  • Feature usage and quotas

Billing Data

  • Stripe customer ID
  • Subscription status
  • Payment history

๐Ÿ‘‰ Payment details (e.g. card numbers) are processed securely by Stripe. We do not store or access them.

Submitted Content

  • Public URLs you submit
  • Associated metadata retrieved from third-party platforms

Technical Data

  • IP address
  • Device and browser type
  • Cookies and tracking data
  • Analytics events (PostHog)

3. How We Use Your Data

We use your data to:

  • Provide and operate the Service
  • Generate scripts, analyses, and AI outputs
  • Process payments and manage subscriptions
  • Send transactional communications (e.g. account, billing, results)
  • Improve product performance and features
  • Detect fraud, abuse, or misuse
  • Comply with legal obligations

We may also use aggregated, anonymized data to improve the Service.

4. Legal Bases (GDPR)

We process personal data under the following legal bases:

  • Contract - to provide the Service you signed up for
  • Legitimate interests - to improve, secure, and operate the Service
  • Consent - for non-essential cookies and marketing communications
  • Legal obligation - for tax, accounting, and regulatory compliance

5. Sub-processors

We share data with trusted third-party providers that help us operate the Service:

  • Supabase - database, authentication, storage
  • Stripe - payments and billing
  • Cloudflare - hosting and infrastructure
  • Lovable AI Gateway, OpenAI, Anthropic, Google Gemini - AI processing
  • Apify - public content retrieval
  • Resend - email delivery
  • PostHog - product analytics

These providers process data on our behalf under contractual safeguards.

6. AI & Automated Processing

Scrptly uses artificial intelligence to generate outputs.

This involves automated processing of your inputs and usage data.

๐Ÿ‘‰ We do not make legally significant decisions based solely on automated processing.

You are responsible for reviewing outputs before use.

7. Cookies

We use:

  • Essential cookies - required for login, security, and functionality
  • Analytics cookies - to understand usage (PostHog)

Non-essential cookies are only used with your consent via a cookie banner.

You can manage or withdraw consent at any time.

8. Data Retention

We retain your data:

  • While your account is active
  • For up to 30 days after account deletion

We may retain certain data longer where required by law (e.g. invoices for up to 7 years).

9. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time

You can exercise these rights by:

Right to lodge a complaint

If you are in the EU, you have the right to lodge a complaint with your local data protection authority.

In Spain, this is:

๐Ÿ‘‰ Agencia Espaรฑola de Protecciรณn de Datos (AEPD)

10. International Transfers

Your data may be processed outside your country, including in the United States.

Where required, we rely on safeguards such as:

  • ๐Ÿ‘‰ Standard Contractual Clauses (SCCs)
  • ๐Ÿ‘‰ equivalent legal mechanisms

11. Security

We implement appropriate technical and organizational measures, including:

  • Encryption in transit
  • Access controls
  • Database security (row-level security)

However, no system is completely secure.

12. Children

The Service is not intended for users under 16.

We do not knowingly collect data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

If changes are material, we will notify you via email or in-app notice.

Continued use of the Service constitutes acceptance.

14. Contact

For privacy-related questions or requests:

๐Ÿ“ฉ hello@scrptly.io