Privacy Policy

Nexora Unity LLC ("Cutboard," "we," or "us") operates the Cutboard service at cutboard.io. This Privacy Policy explains what information we collect when you use the Service, how we use and share it, and the rights you have over it.

By using the Service you consent to the data practices described here. If you don't agree, please don't use the Service.

Account information. When you sign up we collect your email address, your name (or the name you choose), and an encrypted password (via Supabase Auth) or OAuth identifier (via Google).

Workspace information. Brand details you enter (industry, audience, tone, words to use/avoid, etc.), campaign notes, and any other content you provide directly to Cutboard.

Connected service data.If you connect a Google Drive folder, we receive read-only access to the files you select. We download those files to transcode and index them so the Service can search through your library. We don't access files outside the folder you connect.

Generated content. Briefs, images, scene picks, transcripts, and other Outputs the Service produces for you, plus the prompts and references that produced them.

Billing information. When you subscribe, Stripe collects your payment method and billing address. We store the Stripe customer ID and subscription status but never the full card number or CVC.

Usage data. Logs of how you use the Service — chats sent, ads created, images generated, videos indexed, brand scans performed — used for tier-cap enforcement and internal product analytics.

Technical data. IP address, browser type, device type, pages visited, and similar information collected automatically when you access the Service. Used for security, debugging, and analytics.

Communications. Messages you send via the /contact form, support emails, or in-app chat (if any).

We use the information above to:

• Operate, maintain, and improve the Service
• Process and store the content you submit
• Generate AI Outputs based on your prompts, brand information, and library content
• Bill you for subscription fees and process payments through Stripe
• Enforce subscription tier caps and prevent abuse
• Send service-related communications (account, billing, security)
• Respond to support requests and feedback
• Detect and prevent fraud, security incidents, and policy violations
• Comply with legal obligations
• Aggregate or anonymize usage data for analytics that help us improve the product

We do not train AI models on your data. We do not sell your personal information.

We share your information only with the following categories of recipients, and only as needed to operate the Service:

• AI processors — chat content, brand context, generated image prompts, library text, and video files are sent to AI model providers (for text generation, image generation, and video understanding) so the Service can produce your outputs. Our providers do not train their public models on your data when accessed via paid API.
• Google— if you connect a Drive folder, we use Google's API with your OAuth consent to read files you select.
• Payment processor— payment information is collected and processed by our payment provider under their privacy policy. We don't see or store your full card number.
• Cloud infrastructure — providers handling database + authentication, application hosting, background workers (for video transcoding and AI processing), and email forwarding.
• Product analytics— anonymized usage events sent to an analytics provider for product improvement. We don't send the contents of your chats, ads, or library.
• Law enforcement — only when required by valid legal process (subpoena, court order) and only the specific information requested.
• Successors — in connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity under the same privacy commitments.

The current, named list of all subprocessors we use is available on request. Email support@cutboard.io and we'll send it back the same day along with the data each processor receives. When the list changes, we notify customers who've previously requested it within 14 days, per the notice-of-changes commitment below.

We do not share your personal information with advertisers, data brokers, or any third party for cross-context behavioral advertising. We do not sell your personal information.

We use cookies and similar technologies (localStorage, sessionStorage) to:

• Keep you signed in across requests (Supabase Auth)
• Remember UI preferences
• Collect anonymized analytics (PostHog)

We don't use cookies for advertising. You can disable cookies in your browser, but parts of the Service won't work without them (e.g. staying logged in).

We keep your information for as long as your account is active and for a reasonable period after, as follows:

• Account & workspace data — retained while your account is active. Deleted on request, subject to legal retention obligations.
• Generated outputs — retained while your workspace is active so you can revisit and share past ads.
• Library content (Drive files) — retained while your account is active. Removed when you disconnect Drive or delete the workspace.
• Billing records — retained for at least 7 years per US tax obligations.
• System logs — typically retained 30–90 days, depending on the source.
• Contact form submissions — retained for 2 years for support continuity, then deleted.

We use industry-standard safeguards to protect your information, including:

• TLS (HTTPS) for data in transit
• Encryption at rest for stored data (Supabase, Stripe)
• Encrypted storage of third-party OAuth tokens (AES-256-GCM)
• Row-level security (RLS) policies in Supabase to isolate workspaces
• Service-role keys stored as environment variables, never in client code
• Restricted admin access — only super-admins can read across workspaces, and access is logged

No system is 100% secure. If we become aware of a breach affecting your information, we'll notify you in accordance with applicable law.

Depending on where you live, you may have rights regarding your personal information:

California (CCPA / CPRA).Right to know what information we collect, right to delete, right to correct, right to opt out of sale (we don't sell), right to limit use of sensitive personal information, and the right to non-discrimination for exercising these rights.

European Economic Area, UK, Switzerland (GDPR / UK GDPR). Right of access, rectification, erasure, restriction of processing, data portability, and to object to processing.

Other US states. Several states (CO, CT, VA, UT, OR, TX, MT, IA, DE, FL, NJ, NH, KY, NE, MD, MN, RI, MD, and others) have privacy laws with similar protections. We extend most rights to all U.S. residents regardless of state.

To exercise these rights, email support@cutboard.io from the email address associated with your account. We'll verify your identity and respond within 45 days (or sooner if required by law).

The Service is not directed to children under 13, and we don't knowingly collect personal information from children under 13. If you believe we have collected such information, email support@cutboard.ioand we'll delete it.

Nexora Unity LLC is based in the United States. By using the Service, you understand that your information will be processed in the United States, where data protection laws may differ from those in your country.

For users in the EEA, UK, and Switzerland, transfers rely on appropriate safeguards (e.g. Standard Contractual Clauses) where required.

Some browsers send a "Do Not Track" signal. There is no industry consensus on what these signals mean and we don't respond to them. You can disable PostHog analytics via your browser's tracker-blocking extensions.

We may update this Privacy Policy from time to time. When we make material changes we'll notify you via email or in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.

For privacy questions, data requests, or feedback on this policy:

Nexora Unity LLC
Email: support@cutboard.io
Mailing address: [TO BE CONFIRMED]

See also our Terms of Service.