Privacy Policy

Last updated · May 6, 2026

This Privacy Policy explains how AI Labs Inc., doing business as Prescene ("Prescene," "we," "us," or "our"), collects, uses, discloses, and protects personal data when you use the Prescene platform, our websites (including prescene.com), and any related products, applications, APIs, and services we make available (collectively, the "Services").

This Privacy Policy applies when Prescene acts as a data controller—generally, when individual users sign up directly, when we collect data from website visitors, and when we manage our own business operations.

This Privacy Policy does not apply when Prescene acts as a data processor on behalf of an Enterprise customer (such as a studio, production company, or agency that has provisioned the Services for its writers and staff). In those cases, the Enterprise customer is the data controller and its privacy notice governs your relationship with the Enterprise customer; our processing is governed by our Data Processing Addendum.

1. Personal Data We Collect

1.1 Data You Provide Directly

Account Data: name, email address, password, profile picture, phone number (if provided), Organization affiliation.
Billing Data: billing name, billing address, payment method details (handled by our payment processor; we do not store full card numbers), transaction history.
Content Data: the Inputs and Outputs described in our Terms of Service, including any creative works, text, audio, images, video, or other content you upload or generate through the Services.
Communications: support tickets, emails, chat messages, feedback, survey responses.
Marketing Preferences: subscriptions to newsletters or product updates.

1.2 Data Collected Automatically

Device and Connection Data: IP address, device type, operating system, browser type, language preferences, time zone.
Usage Data: pages viewed, features used, actions taken, session duration, referral source, error logs and crash reports.
Cookies and Similar Technologies: as described in our Cookie Notice (Section 9).

1.3 Data from Third Parties

Authentication providers may share basic profile info if you choose to sign in via them.
Payment processors share transaction confirmations.
Analytics providers share aggregated user behavior data.

1.4 Sensitive Data

We do not seek sensitive personal data, though Content you upload may incidentally include it. We treat all Content with the same confidentiality protections and do not analyze it for sensitive attributes about you.

2. How We Use Personal Data

We use personal data to provide and operate the Services (hosting Content, generating Outputs, processing payments, providing support); to maintain security and prevent fraud and abuse; to communicate with you about your account; to improve the Services using aggregated, anonymized data; to send marketing communications (with your consent where required); to comply with law; and to enforce our Terms and defend legal claims.

For users in the EEA, UK, or Switzerland, our lawful bases under GDPR are: performance of contract (for providing the Services and communicating with you); legitimate interests (for security, abuse prevention, product improvement, and enforcement); consent (for marketing communications where required); and legal obligation (for tax, audit, and legal compliance).

2.1 Important Limits on How We Use Your Content

We do not:

Use your Content (Inputs or Outputs) to train or fine-tune AI foundation models, whether ours, our Subprocessors', or any third party's. We have configured our integrations with our model providers to disable training on your Content.
Sell your personal data.
Share your Content with advertisers.
Allow our personnel to access your Content by default. See Section 4 (Human Access).

The only exceptions are:

(a) Aggregated, fully anonymized statistics that cannot be linked to you, your account, or your specific Content. (b) Your explicit, granular opt-in to a separate Prescene product or feature that uses your Content for a defined purpose. Such opt-in has its own consent flow and can be revoked at any time. Without explicit opt-in, your Content is not used for any such purpose. (c) When you submit feedback, support requests, or bug reports that include Content. (d) When required by law, valid legal process, or to protect rights, property, or safety.

3. How We Share Personal Data

3.1 Subprocessors

We share personal data with a small number of third-party providers that help us operate the Services, including cloud hosting, AI model inference, analytics, authentication, and customer support. Our current list of Subprocessors, including their purpose and location, is maintained at prescene.com/legal/subprocessors.

AI model inference providers are configured for zero data retention and do not use Content to train their models.

Subprocessors are bound by contractual obligations of confidentiality, security, and data protection. We will provide at least 30 days' notice (for Enterprise customers) or post an update (for individual users) before adding a new Subprocessor that handles Content.

3.2 Other Sharing

We may share personal data:

With your Organization administrator if you join an Organization, including for account management, content access, and audit purposes.
In a corporate transaction (merger, acquisition, financing, or sale of assets), subject to commercially reasonable confidentiality protections.
For legal reasons when we believe disclosure is required to comply with law, valid legal process, or to protect the rights, property, or safety of Prescene, our users, or others.
With your consent, when you direct us to share specific data.

We do not sell personal data, and we do not share personal data for cross-context behavioral advertising as those terms are defined under California or other state privacy laws.

4. Human Access to Your Content

4.1 Default: No Human Access

By default, no Prescene employee, contractor, or Subprocessor personnel will read your uploaded Content. We have implemented technical and procedural controls to enforce this, including encryption at rest, access controls, audit logging, and automated processing pipelines that do not require human review.

4.2 Limited Exceptions

A Prescene employee may access your Content only in these specific cases:

You request it. You ask us to look at specific Content for support purposes (e.g., "this script isn't loading properly, can you check?").
Lawful process. A subpoena, court order, or other legally enforceable request requires it.
Suspected violation. Automated systems flag potential violations of our Terms or AUP, and a narrowly-scoped investigation is required. Such access is access-logged, role-limited, and reviewed.
Critical incident response. A security incident requires investigation and we cannot reasonably resolve it without access. Access is logged and limited to the minimum necessary.

In all cases, access is logged, the minimum necessary, and limited to authorized personnel. We do not use Content accessed under these exceptions for any other purpose.

5. Data Retention

Data Category	Retention Period
Active account Content (scripts, Outputs, projects)	Until you delete, or until account closure
Content after deletion (production systems)	Removed within 30 days
Content in disaster-recovery backups	Purged within 90 days of deletion
Account metadata (email, billing, consent records) after account closure	Up to 7 years (legal/tax/audit)
Security logs	Up to 90 days
Product analytics	Up to 18 months, anonymized
Support tickets	Up to 3 years
Marketing data	Until you unsubscribe, plus a short suppression-list retention
Aggregated anonymized statistics	May be retained indefinitely
Content sent to model providers	Configured for zero retention by the provider; processed transiently for inference only

You may request deletion at any time. See Section 7 (Your Rights).

6. Security

We implement administrative, technical, and physical safeguards designed to protect personal data, including:

Encryption in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent).
Role-based access controls and multi-factor authentication for personnel with production system access.
Network segmentation, intrusion detection, and continuous monitoring.
Audit logging of administrative and break-glass access.
Contractual data-protection commitments with Subprocessors that handle Customer Data.
An incident response plan with defined escalation and notification procedures.

We are pursuing SOC 2 Type 2 attestation (Security and Confidentiality criteria). Our current security posture is described at prescene.com/trust.

No system is completely secure. If a security incident affects your personal data, we will notify you and, where required, regulators within the timeframes mandated by applicable law.

7. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal data, including the rights to access, correct, delete, or port your data; to restrict or object to processing; to withdraw consent (where we rely on it); to opt out of marketing communications; and to opt out of "sale" or "sharing" for cross-context behavioral advertising (we do neither). We will not discriminate against you for exercising any of these rights.

To exercise rights, email privacy@prescene.ai or use the data controls in your account settings. We may need to verify your identity. We will respond within the time required by applicable law (typically 30-45 days).

7.1 Authorized Agents

You may use an authorized agent to submit a request, subject to verification of the agent's authority.

7.2 Appeals

If we deny your request, you may appeal by replying to our response. We will review and respond within the timeframe required by applicable law.

7.3 Jurisdiction-Specific Rights

If you live in California, the EEA, the UK, Switzerland, Texas, or another U.S. state with applicable privacy law (including Colorado, Connecticut, Virginia, Utah, Oregon, or Montana), you have the rights described above plus any additional rights granted by your local law. EEA, UK, and Swiss residents may lodge a complaint with their local data protection authority. The data controller is AI Labs Inc., 1614 W 9th 1/2 St, Austin, TX 78703, USA, except where Prescene acts as processor (governed by the DPA). We do not engage in profiling that produces legal or similarly significant effects on you.

8. International Data Transfers

We are based in the United States. If you are located outside the U.S., your personal data will be transferred to and processed in the U.S. and other countries that may have data protection laws different from your jurisdiction.

For transfers from the EEA, UK, or Switzerland to the U.S., we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum (IDTA), or other lawful transfer mechanisms. SCCs are incorporated into our DPA for Enterprise customers. Individual users transfer data to us in connection with the contractual provision of the Services.

EU- and UK-based Enterprise customers may request our standard SCCs at privacy@prescene.ai.

Currently, all processing occurs on AWS infrastructure located in the United States.

9. Cookies and Tracking

We use cookies, pixels, and similar technologies for:

Strictly necessary: authentication, session management, security.
Functional: language preference, UI settings.
Analytics: aggregated usage data via our analytics providers.

We do not use advertising cookies or sell data to advertisers. You can manage cookie preferences through your browser or our cookie banner where displayed.

We honor Global Privacy Control (GPC) signals as an opt-out request for residents of states whose laws require this.

10. Children

The Services are not directed to anyone under 18, and we do not knowingly collect personal data from children. If you believe we have collected data from a child, contact privacy@prescene.ai.

11. Automated Decision-Making

We do not engage in solely automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR Article 22. AI features in the Services generate creative or analytical Outputs at your direction; you remain the decision-maker.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (at least 30 days) by email or in-product notification. The "Last Updated" date at the top reflects the latest revision. Prior versions are available on request.

13. Contact

General privacy questions: privacy@prescene.ai
Security concerns: security@prescene.ai
Legal: legal@prescene.ai
Mailing address: AI Labs Inc., 1614 W 9th 1/2 St, Austin, TX 78703, USA

If you are in the EEA, UK, or Switzerland and prefer to contact us about GDPR matters, you may use the same email addresses. We are evaluating appointment of an Article 27 representative as we expand in Europe; this Policy will be updated when one is appointed.