EPITRITE
TermsPrivacyData Deletion

Privacy Policy

Last updated: April 20, 2026

This Privacy Policy explains what data Epitrite ("we," "us," or "the Service") collects, how we use it, and your rights.

1. What We Collect

Account Information

  • Email address (used for login and communication)
  • Password (hashed, never stored in plain text)
  • Display name (if you set one)

Content You Upload

  • Audio files (MP3, WAV, etc.)
  • Video clips and images
  • Lyrics and project data
  • Rendered/exported video files

Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details. Stripe provides us with a customer ID and basic transaction records (amount, date, plan).

Automatically Collected Data

  • IP address and approximate location (country/region)
  • Browser type and operating system
  • Pages visited and features used within Epitrite
  • Timestamps of account activity

2. How We Use Your Data

  • To provide the Service — storing your projects and rendering videos
  • To process payments — managing subscriptions and billing through Stripe
  • To communicate with you — account notifications, billing receipts, service updates
  • To improve the Service — understanding usage patterns to fix bugs and build features
  • To enforce our Terms — preventing abuse and unauthorized access

We never claim rights to your music. Your songs, lyrics, audio files, and rendered videos belong to you. We do not sell your personal data. We do not use your content to train AI models. We do not share your data with advertisers. We do not license, sublicense, or distribute your music or creative content to any third party.

3. How We Store and Protect Your Data

  • Database: Hosted on Supabase with row-level security (RLS) — users can only access their own data
  • File storage: Media files stored in secure cloud storage with access controls
  • Passwords: Hashed using industry-standard algorithms (handled by Supabase Auth)
  • Transport: All data transmitted over HTTPS/TLS

4. Third-Party Services

We use the following third-party services that may process your data:

ServicePurposeData Shared
SupabaseAuthentication, database, file storageAccount data, uploaded files
StripePayment processingEmail, payment details
VercelHostingIP address, request logs

5. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required under GDPR Article 33. Notifications will describe the nature of the breach, the categories of data affected, the likely consequences, and the measures we are taking to address it.

6. Your Rights

You can:

  • Access your data — your projects, media, and account info are visible in the app
  • Export your data — download your rendered videos and project files at any time
  • Delete your data — delete individual projects/media, or delete your entire account
  • Cancel your subscription — from your billing settings, effective at end of billing period

To request a full data export or account deletion, email support@epitrite.com. We'll process requests within 30 days.

7. Cookies

Epitrite uses essential cookies for authentication (keeping you logged in). We do not use advertising cookies or third-party tracking cookies.

8. Data Retention

  • Active accounts: Data is retained as long as your account is active
  • Deleted accounts: Data is deleted within 30 days of account deletion
  • Rendered videos: Stored until you delete them or your account is closed
  • Billing records: Retained as required by tax and financial regulations

9. Children's Privacy

Epitrite is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us and we'll delete it.

10. International Users

Epitrite is hosted in the United States. If you're accessing from outside the US, your data will be transferred to and processed in the US. For users in the EU/EEA, UK, and Switzerland, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission as the lawful basis for international data transfers. You have additional rights under GDPR including the right to access, rectify, erase, restrict processing, object to processing, and data portability. Contact support@epitrite.com to exercise these rights. You also have the right to lodge a complaint with your local data protection authority.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we'll notify you via email or a notice in the app. The "Last updated" date at the top will always reflect the most recent version.

12. Contact

Questions or concerns about your privacy? Email us at support@epitrite.com.