Privacy Policy

CastNova (“we”, “us”, “our”) operates the website castnova.app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are based in Germany and comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and the UK General Data Protection Regulation (UK GDPR).

Data Controller: Kevin Sander
Contact: contact@castnova.app

2.1 Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Password (stored as a secure hash, never in plain text)
• Google account ID (if you sign in via Google OAuth)

2.2 Payment Information

When you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number or full payment details. Stripe handles all payment data in accordance with PCI-DSS standards. We receive only a transaction ID, subscription status, and billing email from Stripe.

2.3 Uploaded Content

When you use the Service, you may upload audio or video files. These files are:

• Temporarily stored on our servers for processing
• Processed using OpenAI's Whisper API for transcription
• Processed using OpenAI's GPT-4o API for content generation
• Deleted from temporary storage after processing is complete

2.4 Generated Content

The text content generated from your uploads (transcriptions, social media posts, blog drafts, etc.) is stored in our database and associated with your account until you delete it.

2.5 Automatically Collected Data

When you visit our website, our servers automatically collect:

• IP address
• Browser type and version
• Operating system
• Date and time of access
• Pages visited

Server logs are retained for 7 days and then automatically deleted.

2.6 Cookies

We use only essential cookies:

• Session cookies (necessary): Required for authentication and keeping you logged in.
• Functional cookies: Store your preferences such as content style/tone settings.

We do not use tracking cookies, analytics cookies, or marketing cookies.

We use your information to:

• Provide and maintain the Service
• Process your uploaded audio/video content
• Generate text content from your uploads
• Process payments and manage subscriptions
• Send transactional emails (account verification, password resets)
• Ensure security and prevent fraud

We do not use your data for:

• Advertising or marketing profiling
• Selling to third parties
• Training AI models (see Section 4)

We share data with the following third-party services, solely for the purpose of providing the Service:

• Account data: Retained until you delete your account.
• Generated content: Retained until you delete it or delete your account.
• Uploaded files: Temporarily stored during processing, then deleted.
• Server logs: Automatically deleted after 7 days.
• Payment records: Retained as required by tax and accounting law (typically 10 years in Germany).

Under GDPR (EU/EEA residents)

You have the right to access your personal data, rectify inaccurate data, erase your data, restrict processing, data portability, object to processing, withdraw consent at any time, and lodge a complaint with a supervisory authority.

Under CCPA (California residents)

You have the right to know what personal information is collected, delete your personal information, opt-out of the sale of personal information (we do not sell your data), and non-discrimination for exercising your rights.

Under PIPEDA (Canadian residents)

You have the right to access your personal information, challenge the accuracy and completeness of your data, and withdraw consent for data collection.

Under UK GDPR (UK residents)

You have equivalent rights to those listed under GDPR above.

To exercise any of these rights, contact us at: contact@castnova.app. We will respond to your request within 30 days.

We implement appropriate technical and organizational measures to protect your data, including:

• TLS/SSL encrypted connections (HTTPS)
• Industry-standard password hashing
• SSH key authentication and firewall-restricted server access
• PCI-DSS compliant payment processing through Stripe
• Self-hosted file storage not shared with third parties

Your data may be transferred to and processed in countries outside the EU/EEA, specifically the United States (for OpenAI, Stripe, Resend, and Google services). These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission and the service providers' compliance with applicable data protection frameworks.

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date.

For any questions about this Privacy Policy or to exercise your data rights:

Email: contact@castnova.app

Imprint: versteckmich.de/curtive/impressum

German Privacy Policy (Datenschutzerklärung): versteckmich.de/curtive/datenschutz