Privacy Policy

Last updated: June 21, 2026 · Effective: June 21, 2026 · Version 3.0

Plain-English version: When you sign in, we receive your email. When you transcribe, the audio from your video is sent to a speech-to-text provider (and, for automatic language detection, to an AI provider) and we don't keep it afterwards. When you export, your video is uploaded to our storage, rendered, and the result is available to re-download for 48 hours, then removed. We keep a record of each export (including the settings you used) so your Library can show your history. If you subscribe to Pro, payment is handled by our payment processor; we never see or store your full card number. We don't sell data, we don't run analytics, and we don't show ads. Free accounts include 2 exports and 5 minutes of transcription per month; Pro accounts include 15 exports and 60 minutes per month.

1. Who we are

Pluto World ("we," "us," "the Service") is a browser-based caption editor. You can reach us at plutoworld.ai@gmail.com.

This policy describes what data the Service collects, why, where it goes, how long we keep it, and the rights you have. It applies to the editor at plutoworld.ai, the marketing site, and the supporting backend.

2. What data we collect

We collect different categories of data depending on what you do with the Service. Some data lives only in your browser; some lives on our backend; some is briefly forwarded to a third-party provider and not retained.

2.1 If you sign in

Email address — required to sign in via magic link, or shared by Google/Apple if you sign in through them.
OAuth provider identifier — your Google or Apple user ID, if you use those options. Used only to recognize you across sessions.
Authentication session token — stored in your browser so you stay signed in.
Sign-in metadata — your authentication provider records your user ID, email, and sign-in metadata (last sign-in, provider used, account creation date).

2.2 If you use transcription

Audio extracted from your video — forwarded to a third-party speech-to-text provider, which returns word-level timestamps to your browser. To detect the spoken language (and, where applicable, to suggest emphasis), short audio may also be sent to a third-party AI provider. We do not retain the audio after the request completes. Your video file itself is not transmitted by transcription.
Usage record — we record the amount of audio you transcribe (your user ID, minutes used, timestamp) so we can apply your monthly transcription allowance.

2.3 If you export a video

Exports run on our backend. The browser-side preview is for editing only — the final render is produced server-side. Here is what happens:

Your video file is uploaded to our storage using a short-lived link.
An export record is created tied to your user ID, containing the lifecycle status, source filename, target quality, video duration, the render engine used, and a snapshot of your project settings (the fonts, colors, timing, words, and animation settings you chose). The snapshot is needed to render your export and to let you see what you exported in your Library.
The render runs on a GPU compute provider and the result is uploaded back to our storage.
Your export record is updated with a completion timestamp and a 48-hour expiry.
You re-download the output via a short-lived link we issue you. After 48 hours the output file is deleted from storage and the link stops working.
Usage record — exporting also records that an export happened, so we can apply your monthly export allowance.
Source video — the uploaded source is removed from storage as soon as the render completes (or fails, or is cancelled). It is never shown in your Library.

You can see and re-download your past exports in the Library until they expire. You can cancel a running export at any time.

2.4 If you subscribe to Pro (payments)

Paid plans are billed through our third-party payment processor. When you subscribe:

Card and billing details are entered directly with the payment processor on its own hosted checkout. We never receive or store your full card number or card security code.
A subscription record is stored on our backend so we can apply your plan: your user ID, plan tier, billing period (monthly or annual), status (active, cancelled, past-due), the current period dates, and the processor's customer and subscription identifiers used to link your account to your subscription.
Webhook events from the payment processor (for example, "subscription activated" or "subscription cancelled") update that record.

2.5 Completion emails (optional)

When an export finishes, we may send you a transactional email confirming the render is ready. It contains your account email and the export filename. It is not marketing, and it can be disabled by us per environment without affecting the rest of the Service.

2.6 In-app feedback

When you submit feedback from inside the editor (the post-download rating, the on-cancel prompt, the on-failure prompt, the manual feedback button, or the periodic "how would you feel if you could no longer use this?" survey), we record:

Your user ID (so you can later request access or deletion).
A numeric rating, if the form had one.
Your free-text comment, if you wrote one.
Which prompt triggered the submission (so we can read the comment in context).
For the periodic survey: your multiple-choice answer.
Your browser's User-Agent string — to help us debug platform-specific issues you mention.
For per-export feedback: a reference to the export so we can correlate your comment to the specific render.

Submitting is always your choice. How often we prompt is controlled by markers stored in your browser — see §7.

2.7 Landing page "Help us decide" form

The feedback form on plutoworld.ai submits to our backend, which records:

The message you typed.
Your email address, if you provided one. The email field is optional.
Your IP address — used to limit abuse of the form and retained as part of the record so we can investigate abuse if it occurs.
Your User-Agent string and Referer header — to help us understand which page you came from.

This form does not require sign-in. If you submit it without an email, you are effectively anonymous to us aside from your IP.

2.8 Quota overrides (testers / approved accounts only)

We may grant specific users (internal testers, approved accounts) higher or unlimited limits. If we do, we keep an internal note of who, the limit applied, and when it was granted. Most users do not have such an override.

2.9 Server logs

Edge / Worker logs — request metadata (path, status, timing, IP, User-Agent) recorded by our hosting providers.
Database / storage logs — connection and access logs retained per each provider's defaults.
Render job logs — operational logs of each render kept by our compute provider per its policy.

We do not centrally aggregate these logs for analytics; they exist for security, debugging, and abuse investigation only.

2.10 What we do NOT collect

We do not run analytics, telemetry, behavioral tracking, or A/B testing on the editor or marketing site. There is no Google Analytics, no PostHog, no Mixpanel, no Sentry, no Datadog, no Plausible, no Fathom.
We do not use third-party advertising networks, retargeting pixels, or marketing cookies.
We do not read videos, transcripts, or project files stored in your browser outside of the explicit upload-to-export and audio-to-transcribe flows above.
We never receive or store your full card number or card security code — those are handled by our payment processor (see §2.4).
We do not collect your name, address, phone number, age, or gender.
We do not use CAPTCHA, hCaptcha, Turnstile, or reCAPTCHA on any form.
We do not set first-party tracking cookies.

3. Why we collect each thing

Data	Purpose	Legal basis (GDPR)
Email + OAuth ID + session token	To authenticate you and let you use the editor	Contract
Audio for transcription / language detection	To generate captions you requested	Contract
Video uploaded for export	To render the output you requested	Contract
Project snapshot in the export record	To render your export and let you see/re-download it from your Library	Contract
Subscription record (plan, status, period, processor IDs)	To provide and manage your Pro plan	Contract
Billing / payment records	To take payment and meet tax and accounting obligations	Contract / Legal obligation
Usage records (exports + transcription minutes)	Apply monthly allowances; abuse prevention; account auditability	Legitimate interest / Contract
Quota override note (where applicable)	Allow approved testers higher limits	Legitimate interest
In-app feedback record	To act on your bug reports, ratings, and survey answers	Consent
Landing feedback record (incl. IP)	To respond to you; limit spam and abuse	Consent + Legitimate interest
Completion email	Transactional notification that your render is ready	Contract
Edge / database / render logs	Security, debugging, abuse investigation	Legitimate interest

4. Where your data is stored, and for how long

Data	Where it lives	How long
Source video file (in your browser)	Your device, while the editor is open	Until you close the tab or load a new video
Transcript + project state (in your browser)	Your device, during the session	Until you reload or close the tab
Feedback-prompt markers (in your browser)	Your device (browser localStorage)	Until you clear them
Auth session token (in your browser)	Your device (browser localStorage)	Until you sign out or the token expires
Account email + user ID	Our authentication provider	Until you ask us to delete the account
Source video uploaded for export	Our storage provider	Removed when the render completes, fails, or is cancelled
Rendered output	Our storage provider	48 hours after completion, then removed
Export record (incl. project snapshot)	Our database provider	Until you ask us to delete it or close your account
Usage records	Our database provider	Until you ask us to delete them or close your account
Subscription record	Our database provider	While your subscription is active and for as long as needed afterwards; certain billing records may be retained as required by law
Card / payment details	Our payment processor (not on our servers)	Per the payment processor's retention policy
Quota override note (where applicable)	Our database provider	Until removed by us or by account deletion
Audio for transcription / language detection	Forwarded through our backend to the relevant provider	Discarded after the provider responds
In-app feedback record	Our database provider	Until you ask us to delete it or close your account
Landing feedback record (incl. IP)	Our database provider	Indefinite by default; we will delete on request from the email you provided
Completion email metadata	Our email provider	Per the email provider's retention defaults
Edge / Worker / database / render logs	Each respective provider	Per each provider's retention defaults

5. Third parties we share data with

We try to keep this list minimal. Each provider only receives the data it needs to do its job. We do not sell data, and we do not share data with anyone for advertising.

Provider	Role	What they receive
Supabase	Authentication, database, subscription records	Your account email, OAuth ID, session token, and the records described in §2 and §4. Privacy policy
Cloudflare	Edge request handling + object storage	API requests to our backend (incl. IPs and request bodies), uploaded videos, and rendered outputs. Privacy policy
RunPod	GPU compute for export rendering	The source video (via a short-lived link) and the project snapshot. Privacy policy
ElevenLabs	Speech-to-text	The audio extracted from your video, for the duration of the transcription request. Privacy policy
Google (Gemini API)	Automatic language / emphasis detection	Short audio sent to detect the spoken language and suggest emphasis. Privacy policy
Stripe	Payments (Pro plan)	Your card and billing details (entered directly with Stripe) and your subscription status. Privacy policy
Resend	Transactional email	Your account email and the export filename, when a completion email is sent. Privacy policy
Google	OAuth sign-in (if you choose it)	The fact that you signed into Pluto World. Privacy policy
Apple	OAuth sign-in (if you choose it)	The fact that you signed into Pluto World. Privacy policy
Vercel	Frontend hosting	Your IP when you load the site; request metadata for the static frontend. Privacy policy
Google Fonts	Web fonts	Your IP, when fonts load. Privacy policy
Adobe Typekit	Web fonts	Your IP, when fonts load. Privacy policy
Fontshare	Web fonts (fallback)	Your IP only if a Fontshare font is actually requested. Privacy policy

6. International data transfers

Several of our providers (Cloudflare, Supabase, RunPod, ElevenLabs, Stripe, Resend, Vercel, Google, Apple, Adobe) operate primarily in the United States or across multiple regions. If you are in the European Economic Area, the United Kingdom, or Switzerland, your data may be transferred to and processed in the US (and other countries) under the relevant Standard Contractual Clauses or equivalent safeguards each provider maintains.

7. Cookies and local storage

We do not set first-party cookies and we do not use cookies for tracking or advertising. We do use the following browser storage:

Auth session token — your authentication provider's client library stores your session token in localStorage so you stay signed in across reloads.
Feedback-prompt markers — a small number of values in localStorage that remember whether and when you've already responded to a given prompt, so we don't pester you. These hold only timestamps or a single flag; no personal data. They never leave your device.
Cookies set by third parties. When you check out for Pro, the payment processor may set cookies on its own hosted checkout to operate and secure the payment. Font providers (Google Fonts, Adobe Typekit, Fontshare) may set cookies on their own domains when fonts load. These are governed by those providers' privacy policies.

You can clear all of this at any time from your browser settings.

8. Quotas and fair use

To keep the Service stable and sustainable, we apply per-account monthly allowances:

Free: 2 exports and 5 minutes of transcription per month.
Pro: 15 exports and 60 minutes of transcription per month.

Allowances reset each billing period — on the 1st of the month for free accounts, and on your renewal date for Pro. If you reach a limit, the request is declined and you're told approximately when it resets. Approved testers may have higher or unlimited limits. We may adjust allowances over time as we balance cost and abuse.

9. Your rights

Wherever you are in the world, you can:

Access — ask us what data we have on you, including any export records, usage records, subscription record, in-app feedback, and (where identifiable) landing-page feedback.
Correct — ask us to fix anything that is wrong.
Delete — ask us to remove your account and any associated data. Account deletion removes your export records, usage records, and any override note. In-app feedback rows are detached from your identity (we can also delete the rows themselves on request). Certain billing records may be retained where the law requires.
Export — ask us for a copy of your data in a portable format (JSON).
Object — tell us to stop processing your data.
Withdraw consent — for anything we process on the basis of consent (e.g. feedback you submitted).
Manage your subscription — view, change, or cancel your Pro plan, and access invoices, through your account's billing settings.
Cancel an in-flight export — from the Library.

To exercise any of these rights, email plutoworld.ai@gmail.com from the email address on your account. We respond within 30 days.

If you are in the EEA/UK and believe we have not handled your data correctly, you also have the right to lodge a complaint with your local supervisory authority.

California residents (CCPA/CPRA): we do not "sell" or "share" personal information as those terms are defined. You have the right to know, delete, and correct your data, and to be free from retaliation for exercising these rights.

10. Children

Pluto World is not intended for users under 13. We do not knowingly collect data from children under 13. If you are between 13 and 18, you must have permission from a parent or legal guardian to use the Service. If you believe a child has submitted data to us, contact us and we will delete it.

11. Security and breach notification

We use industry-standard technical and organizational measures to protect your data, including encryption of data in transit. Source video uploaded for an export is removed from our storage when the render completes, fails, or is cancelled; rendered outputs are removed 48 hours after completion. Payment card details are handled by our payment processor and are not stored on our servers. We restrict internal access to personal data on a need-to-know basis.

No system is perfectly secure. If we ever discover a breach affecting your personal data, we will notify affected users without undue delay and, where required, within 72 hours of becoming aware of it.

12. Automated decision-making

The Service uses automated speech-to-text to produce a transcript and automated video rendering to produce a captioned export. Neither system makes decisions that have legal or similarly significant effects on you. The transcript output is editable by you and is not used to evaluate, score, or categorize you.

13. Changes to this policy

We will update this page when our practices change and update the "Last updated" date at the top. Material changes — new third-party processors, new data categories, or materially expanded purposes — will be communicated by email to account holders and announced on the marketing site at least 14 days before they take effect, where reasonably possible.

14. Contact

For privacy questions, data requests, or anything else covered by this policy: plutoworld.ai@gmail.com

Note: This policy reflects how Pluto World currently works. As the Service evolves — new processors, new data categories, mobile apps, or operation in new regulated jurisdictions — this document will be updated, and we recommend a review by counsel before any major launch.