PersonalityAISTUDIO

Legal · Privacy

Privacy Policy

Last updated: May 2026. We're Engage AI Ventures LLC. This is a plain-English description of what we collect, why, and what you can do about it.

1.What we collect

Account info: email, password (hashed by AWS Cognito; we never see plaintext), display name, account type (creator or enterprise), and — for enterprises — company name and plan selection.

Take + likeness data (creators only): video recordings made in the Studio, derived audio, the trained twin model artifacts, signed asset URLs, and the consent boundary set you specify.

Contract data (enterprises only): the members you lease, timeline, use case, payment receipt, and the SOC 2-aligned audit log of contract events.

Usage data: which pages you visit, what features you use, error reports, and request logs. Standard product analytics.

Payment data: handled by Stripe. We never see or store full card numbers; we hold the Stripe PaymentIntent id and the last four digits of the card for receipts.

2.How we use it

We use your data to run the marketplace: authenticate you, store your twins, render new content, process leases, generate and verify provenance signatures, send transactional emails, and improve the product.

We do not sell your data. We do not train foundation models on your data. We do not use leased likenesses outside the scope of the lease.

3.Who we share with

Service providers operating on our behalf: AWS (storage, Cognito, DynamoDB, hosting), HeyGen (render pipeline), Stripe (billing), our email provider (transactional mail). Each of these is contractually bound to handle your data under the same privacy posture we maintain.

Counterparties to your contracts: when you lease a member, that member sees the contract terms; when you record a take and a brand leases it, the brand sees the take and the trained twin within the scope of the lease.

Legal compliance: we may disclose data if compelled by valid legal process or to protect rights, safety, or property.

4.How long we keep it

Account data: while your account is active, plus 90 days after deletion (for accounting + legal records). Take + likeness data: while you keep them in your account; revocation of a twin removes it from the active catalog and triggers a 30-day grace window before hard deletion of the underlying assets. Contract audit logs: kept for 7 years to support compliance audits.

5.Your rights

You can: download your data (member dashboard → export), revoke any active lease of your twin (90-day notice window), edit your boundary set at any time, delete your account entirely. EU + UK users have additional rights under GDPR (access, rectification, erasure, portability, restriction, objection). California residents have parallel rights under CCPA.

To exercise any of these rights, email privacy@personalityai.net with the request and the email on your account.

6.Cookies

We use a small set of cookies: a session cookie (sealed via iron-session, holds your login state), a CSRF token, an analytics cookie if you've consented, and a cookie-consent acknowledgment cookie. We do not use third-party advertising cookies. You can clear cookies at any time via your browser; doing so signs you out.

7.Children

The platform is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we've collected data from a minor, email privacy@personalityai.net and we will delete the account.

8.International transfers

We process data in the United States, on AWS infrastructure in us-east-1. EU + UK users transferring data here are protected by the EU Standard Contractual Clauses. We are working toward additional regional residency for high-sensitivity customers; contact us if this matters for your deployment.

9.Security

We operate against SOC 2 Type II-aligned controls with an independent attestation in progress. Access to production systems is limited to authorized personnel under least-privilege IAM. Sensitive data is encrypted in transit (TLS 1.2+) and at rest (AWS-managed keys). See our Trust page for the current control inventory.

10.Changes

We may update this policy from time to time. Material changes will be communicated by email + a banner on next login. Continued use after a change indicates acceptance.

11.Contact

Privacy questions, data requests, or concerns: privacy@personalityai.net.

Plain-English summary. Consult your counsel before relying on this language for any binding interpretation.