Legal

Privacy Policy

Last updated: May 26, 2026

In plain language

We collect what we need to run the platform — account info, what you watch, what you upload, basic device data.
We do not sell your data.
We share data only with the third parties listed below (Supabase, Cloudflare, Google, Anthropic, AssemblyAI, Resend, Vercel, Sentry, Stripe).
You can access, correct, or delete your data at any time. Email privacy@sinaicinema.com.
Israeli, EU/UK, Brazilian, South African, and California residents have specific rights — see §4 and §8–11.

SINAI Productions, an Israeli sole proprietorship owned by Liran Dandekar ("SINAI", "we", "us"), operates the streaming and creation platform at sinaicinema.com (the "Service"). This Privacy Policy explains what personal data we collect, how we use it, and your rights.

1. Who we are

Controller: SINAI Productions, operated by Liran Dandekar (Israel)
Contact: privacy@sinaicinema.com
Data Protection Officer (EU/UK): dpo@sinaicinema.com

For Israeli residents this Policy is published in compliance with the Protection of Privacy Law 5741-1981 and the Privacy Protection Regulations (Data Security) 5777-2017.

2. What we collect

2.1 Account data

Email, display name, username, profile photo (via Google OAuth or direct signup), preferred language (one of 36), country (derived from IP at signup).

2.2 Creator data

Content you upload (scripts, visual references, video files, thumbnails, metadata), project titles and descriptions, QA review history (scores, gate failures, override notes, verification verdicts), and — when paid features are live — payment details (handled by Stripe; we never store full card numbers).

2.3 Viewer data

Watch history, watch progress per episode, likes, comments (the text, original language, and auto-translations), watchlist, follows and subscriptions, search queries, view events (timestamp, duration, completion rate, device category, country).

2.4 Technical data

IP address, browser type, device type, operating system, referring URL, session timestamps, crash logs, performance metrics.

2.5 Cookies and similar technologies

Essential cookies for authentication and session management; analytics cookies (with consent where required) to understand usage. Manage non-essential cookies via our cookie banner. Full details in the Cookie Policy.

3. How we use your data

Provide and operate the Service: authentication, streaming, comments, recommendations, search.
Run the AI QA pipeline on uploaded videos (technical check, creative scoring, content safety).
Translate captions (36 locales), descriptions, and comments via AI so the audience reaches across languages.
Process creator revenue-share payments (when live).
Enforce our Terms and content standards.
Detect fraud, abuse, and safety violations.
Communicate with you (transactional notifications, product updates if you opt in).
Comply with legal obligations (tax reporting, DMCA, law-enforcement requests).
Improve the Service via aggregate analytics and A/B testing.

4. Legal basis (EU/UK residents)

Contract: account creation, content delivery, payments.
Legitimate interest: fraud prevention, platform security, aggregate analytics, AI QA review of uploads.
Consent: marketing emails, non-essential cookies, optional analytics.
Legal obligation: tax reporting, DMCA, law-enforcement orders.

5. Sub-processors we use

We share data with vetted third parties strictly for the listed purposes. This list is the canonical sub-processor inventory — other SINAI documents reference this section rather than repeat it. We update it when sub-processors change.

Sub-processor	Role	Data sent	Region
Supabase	Database + auth	Account data, content metadata, comments	US (Frankfurt option)
Cloudflare Stream	Video hosting + delivery + signed URLs	Uploaded video files	US + global edge
Google (OAuth + Gemini 2.5)	Sign-in + QA scoring	Email / name / photo at sign-in; full video to Gemini for QA	US
Anthropic Claude	Translation + QA post-processing + dispute verification	Project notes, captions, QA reports (text)	US
AssemblyAI	Caption transcription (Universal-2)	Full audio track of uploaded videos	US
Hive	CSAM + explicit-content safety classifier	Flagged frames from uploaded videos	US
Resend	Transactional email	Email address + message body	US
Vercel	App hosting + analytics	Request logs, IP addresses	US + global edge
Inngest	Background workflows (QA + captions)	Workflow event payloads	US
Sentry	Error tracking	Crash logs + limited user identifiers	US (EU option)
Stripe	Payments (Tokens, subscriptions, future creator payouts)	Payment details	IE for EU users; US for US users

We do not sell your personal data.

6. International transfers

All sub-processors in the table above marked "US" involve transfers of personal data outside Israel and the EU/UK. For US transfers SINAI relies on the EU-US Data Privacy Framework (where the sub-processor is certified) or the 2021 Standard Contractual Clauses, Module 2 (controller-to-processor), supplemented by a Transfer Impact Assessment available on request to privacy@sinaicinema.com.

Israel benefits from a European Commission adequacy decision (2011/61/EU); transfers between Israel and the EU/EEA are recognized as offering equivalent protection under that framework. For UK transfers we rely on the UK Information Commissioner's addendum to the EU SCCs (the UK IDTA where applicable).

7. Retention

Account data: kept while account is active, deleted within 30 days of an account-deletion request.
Published content: kept while published; creator can delete at any time.
View events: individual events retained 24 months, then aggregated.
QA reports: retained for the life of the project; deleted when the project is deleted (audit metadata may persist 90 days).
Payment records: retained 7 years for tax/accounting compliance under Israeli law.
Backups: may persist up to 90 days after deletion from production.

8. Your rights

Depending on your jurisdiction (Israel Protection of Privacy Law, GDPR, UK GDPR, Brazil LGPD, South Africa POPIA, CCPA), you may have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your account and personal data ("right to be forgotten").
Export your data in a portable format.
Object to or restrict certain processing.
Withdraw consent for consent-based processing at any time.
Lodge a complaint with your supervisory authority (the Israeli Privacy Protection Authority for Israeli residents; your national DPA in the EU/UK).

To exercise these rights, email privacy@sinaicinema.com. We respond within 30 days.

9. California residents (CCPA/CPRA)

California residents have the right to know what personal information is collected, to request deletion, and to opt out of the "sale" or "sharing" of personal information. SINAI does not sell personal information. To exercise rights: privacy@sinaicinema.com.

10. Brazilian residents (LGPD)

Brazil's Lei Geral de Proteção de Dados (LGPD, Law 13,709/2018) applies to the processing of personal data of individuals located in Brazil, regardless of where the controller is established. Brazilian residents have the right to:

Confirm whether we process your personal data and access it.
Correct incomplete, inaccurate, or outdated data.
Anonymize, block, or delete unnecessary or excessive data.
Port your data to another service provider, on request.
Delete personal data processed with your consent.
Receive information about public and private entities with which we share your data.
Receive information about the consequences of refusing to provide consent.
Withdraw consent at any time.
Lodge a complaint with Brazil's data protection authority: ANPD (Autoridade Nacional de Proteção de Dados).

The legal bases we rely on under LGPD mirror those in §4 above (contract performance, legitimate interest, consent, legal obligation). To exercise your rights: privacy@sinaicinema.com. We respond within 15 days as required by LGPD.

11. South African residents (POPIA)

South Africa's Protection of Personal Information Act (POPIA, Act 4 of 2013) applies when SINAI processes personal information of data subjects in South Africa. South African residents have the right to:

Be notified that personal information about them is being collected.
Request access to personal information held about them.
Request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained.
Object to the processing of personal information (on reasonable grounds).
Submit a complaint to the Information Regulator of South Africa.

To exercise your rights under POPIA: privacy@sinaicinema.com. We respond within 30 days.

12. Children

The Service is not intended for children under 13 (or under 16 in the EU/UK). We do not knowingly collect data from children. If a child has provided personal data, contact privacy@sinaicinema.com and we will delete it.

Creators tag projects as "Made for kids" where applicable. Personalized advertising is disabled on kids content; comments are moderated more strictly.

13. Security

We use industry-standard safeguards: TLS in transit, encryption at rest, least-privilege access controls, Row-Level Security policies on the database, signed URLs for video delivery. No system is 100% secure — if we discover a breach affecting your data we will notify you and relevant authorities as required by law (within 72 hours under GDPR; promptly under Israel Privacy Protection Regulations).

14. Accessibility

SINAI works to comply with the Israeli accessibility standard (Israeli Standard 5568) and WCAG 2.1 AA. If you encounter an accessibility issue, email accessibility@sinaicinema.com.

15. Changes

We may update this Policy. Material changes will be announced via email or in-product notice at least 14 days before taking effect.

16. Contact

Questions? Email privacy@sinaicinema.com.