Bureau/Legal/Privacy Policy

LEGAL · EFFECTIVE MAY 2026

Privacy Policy

This is a v1 draft published to enable early-access launch. For production-grade compliance — especially in regulated jurisdictions — review with qualified counsel before scaling. Material updates will be announced via email to all account holders.

1. The short version

We collect the minimum data needed to run Bureau. Your project content — topics, scripts, generated assets — belongs to you and is stored only to make the service work. We don't sell your data and we don't train AI models on your content. The longer version below explains the specifics.

2. What we collect

Account data

  • Email address (required for sign-in and notifications).
  • Display name (optional; defaults to your email handle).
  • Authentication tokens managed by Supabase Auth.
  • If you sign in with Google: your Google account ID and email; we do not access any other Google profile data.

Project content

  • Topics, scripts, voiceover audio, generated AI clips, thumbnails, subtitles, metadata, and any other inputs or outputs you create through the pipeline.
  • Brand reference images you upload to condition thumbnail generation.
  • Custom assets you upload to override AI clips.

Billing data

  • Stripe customer ID, subscription status, credit balance, and transaction history. Bureau never sees or stores your full credit-card number — that lives only with Stripe.

Usage data

  • API request logs (timestamp, endpoint, status code, user ID) used for debugging and abuse prevention.
  • Aggregate usage statistics (e.g. number of projects per workspace, scenes generated) used for capacity planning.

Connection metadata

  • IP address and user-agent string for each request, retained for 30 days for security and rate-limiting purposes.
  • If you connect YouTube for direct publishing: your channel ID and the OAuth refresh token, used only to upload to your channel.

3. Why we collect it

  • To operate the service. Sign-in, generation, billing, asset delivery, support.
  • To prevent abuse. Rate limits, fraud detection, account-security checks.
  • To communicate with you. Notifications when long-running generations complete; receipts and renewal alerts; service announcements.
  • To improve the product. Aggregate, de-identified usage patterns inform feature priority. We do not use individual project content for product analytics or model training.

4. Third-party services

Bureau orchestrates third-party AI and infrastructure providers. To function, the service must transmit some of your data to them. Each vendor has its own privacy policy.

  • Anthropic — receives your topic, brief, scenes, and any chat we route through Claude. Anthropic's public retention policy applies.
  • kie.ai / Google DeepMind / ByteDance — receives scene prompts and (where used) reference images for video generation.
  • ElevenLabs — receives voiceover text for synthesis.
  • Google AI (Gemini) — receives thumbnail prompts and reference images.
  • Pexels — receives stock-search keywords.
  • SerpAPI — receives research-agent search queries.
  • Supabase — stores account, project, and asset data on Supabase's US infrastructure.
  • Stripe — handles payment processing; sees billing data and never sees project content.
  • Resend — delivers transactional email.
  • Vercel — hosts the application.

We do not sell or rent your data to any third party. We do not authorise any vendor to use your data for advertising or training their models on Bureau-routed content.

5. Cookies and tracking

Bureau uses cookies only for essential service functions: keeping you signed in, storing your theme preference, and remembering UI state (sidebar collapsed, etc.). We do not use cookies for cross-site tracking or advertising.

We use Vercel Analytics for traffic insights. Vercel Analytics is cookieless and tracks aggregate page-view data only — no individual identifiers, no cross-site profiles.

6. Data retention

  • Account data — retained while your account is active, deleted within 30 days of account closure.
  • Project content — retained while your account is active. After account closure, content remains downloadable for 30 days, then deleted.
  • Billing records — retained for 7 years for tax-compliance purposes (US accounting requirements).
  • Connection logs — retained 30 days.
  • Backups — Supabase point-in-time recovery snapshots retain a copy for up to 7 days after deletion.

7. Your rights

Subject to applicable law, you have the right to:

  • Access — request a copy of personal data we hold about you.
  • Correct — update inaccurate or incomplete data.
  • Delete — request deletion of your account and associated data, subject to retention obligations described above.
  • Export — receive your data in a machine-readable format.
  • Object — opt out of non-essential email and ask us to stop processing your data for non-essential purposes.
  • Lodge a complaint — with your local data-protection authority (EEA, UK, California, etc.).

To exercise these rights, email privacy@bureau.studio. We respond to verifiable requests within 30 days.

California residents (CCPA)

If you are a California resident, you have the right to request information about the categories of personal information we collect, the purposes for which we use it, and the third parties with whom we share it; the right to delete that information; and the right not to be discriminated against for exercising these rights. We do not sell personal information.

EEA / UK residents (GDPR)

We process your data on the lawful basis of contract performance (operating the service you signed up for) and legitimate interest (preventing abuse, improving the product). For users in the EEA or UK, the data controller is Deep Narrative Media US LLC; you may contact our designated representative through the email above.

8. Security

Bureau follows industry-standard practices including TLS in transit, encryption at rest for Supabase storage, scoped credentials per vendor, Row-Level Security on user-segmented tables, and least-privilege access for engineering staff. Sensitive secrets (API keys, OAuth tokens) are stored in encrypted vendor vaults, never in source code or browser storage.

No system is perfect. If you suspect unauthorized access to your account or any vulnerability in the service, email security@bureau.studio — we read every report.

9. Children's data

Bureau is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

10. International users

Bureau is operated from the United States and processes data on US infrastructure. By using the service from outside the US, you consent to the transfer of your data to and processing in the United States, which may have different data-protection laws than your jurisdiction.

11. Changes

We may update this policy as the product evolves. Material changes will be announced by email at least 14 days before they take effect. Non-material changes (clarifications, formatting, vendor list updates for parity) take effect when published; the "effective" date at the top of the page is updated accordingly.

12. Contact

Privacy questions: privacy@bureau.studio
Security reports: security@bureau.studio
General support: support@bureau.studio