Privacy Policy

FilmProcessor is a service operated by PSYCHÉ TROPES LIMITED (09356879), a company incorporated in England and Wales. We are registered with the Information Commissioner's Office (ICO) as a data controller (Registration No. CSN0999105).

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have questions about this policy, contact us via our contact page

FilmProcessor uses a hybrid privacy architecture. Different tools and storage classes are designed for different purposes, and they do not all provide the same privacy properties.

• Working Repository and public delivery assets are server-readable by design so that previews, share links, screening rooms, public project pages, collaboration, watermarking, access logging, and compliance workflows can function.
• Fileshare uses client-side encryption and is designed as a zero-knowledge transfer and storage flow.
• Sealed masters are encrypted client-side for zero-access storage at rest. FilmProcessor cannot read a sealed master while it remains sealed.
• Server-side processing and training jobs may temporarily handle server-readable media or derived training copies inside controlled processing infrastructure.
• We do not sell your data. We never have and never will.
• We do not use advertising trackers or third-party surveillance tools.
• We collect the minimum personal data necessary to operate the service.

3.1 Account Data

When you create a FilmProcessor account, we collect:

• Email address (used for account authentication and service communications)
• Your username / profile slug and any display identity information you choose to publish
• A hashed password if you enable password sign-in (we never store your password in plaintext)
• Registered passkey metadata and security settings if you use passkeys, recovery codes, or two-factor features
• Account preferences and settings you configure

3.2 Usage Data

We collect limited service and security data needed to operate the platform, including:

• Browser, device, and session metadata needed for authentication, security, and compatibility
• Error logs, crash diagnostics, and operational telemetry needed to keep the service reliable
• Repository activity logs, share-link access events, screening-room session logs, and billing events
• Viewer email addresses where you deliberately configure a screening room or protected delivery flow that requires them

We do not use advertising analytics or cross-site tracking.

3.3 Media Files

How FilmProcessor handles media depends on the storage class and feature you choose:

• Working Repository and public delivery assets are stored in a server-readable class so they can be previewed, streamed, shared, screened, watermarked, logged, and delivered through FilmProcessor.
• Fileshare transfers are encrypted client-side before upload. FilmProcessor does not receive the decryption key in normal Fileshare operation.
• Sealed masters are encrypted client-side before upload and remain inaccessible to FilmProcessor at rest while sealed.
• Public profile and project pages use server-readable public assets that you choose to publish.

You are responsible for choosing the storage class that matches the privacy and delivery behavior you want.

3.4 Server-Side Processing and File Transfer

Fileshare uses client-side AES-256-GCM encryption. The decryption key stays with the sender and recipient via the URL fragment, not our server. This is the FilmProcessor service that most closely follows a zero-knowledge model.

Server-side processing tools such as Repository previews, screening rooms, Transcoder, DCP Studio, and related delivery workflows may temporarily decrypt or handle server-readable media inside controlled server infrastructure in order to perform the requested function.

Emulsion model training uses server-readable training media and locked captions. If you start an Emulsion run, FilmProcessor may create derived training copies, sample previews, and metadata records, and may send training media, captions, and prompts to captioning providers and GPU or model providers acting only to perform the private run you requested.

FilmProcessor does not permit provider reuse of your training inputs. Emulsion providers are used as service processors for your requested run, not as independent recipients free to reuse your film, captions, prompts, or outputs for their own general-purpose model training or unrelated product development.

Sealed masters are not trained from directly. If you choose to use a sealed master for training, the browser must first decrypt it locally and create a separate temporary training copy in a server-readable class. That derived copy is distinct from the original sealed master.

3.5 Payment Data

If you use paid features (cloud processing or extended file storage), we accept payment via card or cryptocurrency:

• Card payments are processed by Stripe. We do not store your credit or debit card number or bank details. Stripe provides us with a transaction reference, the amount paid, and the last four digits of your card for receipt purposes only. For details on how Stripe handles your data, see Stripe’s Privacy Policy
• Cryptocurrency payments are accepted via Solana Pay (USDC stablecoin on the Solana blockchain). When you pay with cryptocurrency, we record the on-chain transaction signature, the amount in USDC, and the sending wallet address for the sole purpose of verifying payment. Blockchain transactions are publicly visible on the Solana ledger by design — we do not control or have the ability to remove on-chain transaction records. We do not store your private keys or seed phrases

Payment data (transaction references and amounts) is retained for accounting and legal compliance purposes. We do not use payment data for marketing or profiling.

3.6 Content Safety Scanning

Where FilmProcessor handles media in a server-readable class or in a server-side processing path, automated content safety checks may be performed as part of our compliance obligations under the UK Online Safety Act 2023. This section explains what data is generated, what is shared, and what is not.

What data is generated: A perceptual hash fingerprint — a short mathematical representation of visual frames — is generated locally on the ephemeral processing instance. This is not a copy of your content. It is a non-reversible numerical signature that cannot be used to reconstruct, view, or reproduce your media in any form.

What is sent externally: Only the hash fingerprint is transmitted (via encrypted HTTPS connection) to the Internet Watch Foundation (IWF) Image Intercept API for comparison against their database of known illegal material. Your actual files, video frames, audio, metadata, filenames, project titles, or any information identifying you or your project are never transmitted to the IWF or any other third party as part of this check.

What is not sent: Your content is never viewed, copied, thumbnailed, or transmitted externally. The safety check is entirely automated — no human being at FilmProcessor, the IWF, or any third party sees your footage at any point during this process.

Data retention: Hash fingerprints are generated transiently and discarded immediately after the safety check completes. They are not logged, stored, or retained by FilmProcessor. The IWF's own data retention policies govern any data received by their API.

Fileshare and sealed masters: Fileshare transfers and sealed-at-rest masters do not expose server-readable plaintext in their protected state. Because of that, blanket server-side scanning cannot be applied to them in the same way it can be applied to server-readable Repository assets and processing flows. Where a safety step is required for a sealed asset, it must occur before sealing or through a distinct user-initiated processing path.

Lawful basis: This processing is carried out under our legal obligation to comply with the UK Online Safety Act 2023 and Ofcom's codes of practice for providers of file-sharing and file-storage services (Article 6(1)(c) UK GDPR — legal obligation).

3.7 Contact Communications (PGP Encryption)

Messages sent via our contact page are encrypted in your browser using PGP (Pretty Good Privacy) before they are transmitted. Specifically:

• Client-side encryption: Your message is encrypted on your device using FilmProcessor's public PGP key and the OpenPGP standard. The plaintext of your message never leaves your browser — only the PGP-encrypted ciphertext is transmitted over the network.
• No third-party servers: The encrypted message is sent directly to FilmProcessor's own API server. No third-party email services, messaging platforms, or external relay servers are involved in the delivery of your message.
• Decryption: Only FilmProcessor can decrypt your message using the corresponding private PGP key, which is held securely and never exposed to any third party.

Your email address is collected alongside the encrypted message solely for the purpose of responding to your enquiry. It is not added to any mailing list, shared with third parties, or used for marketing purposes.

We process your personal data on the following lawful bases:

• Contract performance — to provide you with the FilmProcessor service you have signed up for
• Legitimate interests — to maintain service security, prevent fraud, and improve reliability
• Legal obligation — where required by applicable law
• Consent or explicit user instruction — where you choose optional features such as public publication, protected delivery, or third-party training/captioning providers

FilmProcessor uses strictly necessary cookies for core service behavior. These may include:

• A secure, HTTP-only Repository session cookie used for account authentication
• A short-lived protected-access cookie used to let a viewer open files behind a password-protected share link after they have successfully unlocked it

These cookies are used only for authentication or access control, contain no advertising identifiers, and are never used for tracking or profiling across sites.

We use no advertising cookies, no analytics cookies, and no third-party tracking cookies. A cookie consent banner is not required for strictly necessary cookies under UK GDPR.

We do not sell, rent, or trade your personal data. We may share data with carefully selected service providers who assist us in operating the service, subject to contractual and technical controls appropriate to the feature being used.

Depending on the feature, these providers may include hosting and object-storage providers, payment processors, email delivery providers, captioning providers, and GPU or model-processing providers used for Emulsion runs.

As described in Section 3.6, perceptual hash fingerprints (not content, personal data, or metadata) are shared with the Internet Watch Foundation (IWF) via their Image Intercept API as part of our content safety obligations under the UK Online Safety Act 2023. No personal data, file content, filenames, or identifying information is transmitted to the IWF during this process.

If you run Emulsion, we may share training media, captions, prompts, sample outputs, and run metadata with external captioning, training, or inference providers only as necessary to complete the run you requested. Those disclosures happen only in connection with the training feature you start.

FilmProcessor's policy is that these providers act only on our behalf to process your private run. They are not authorised by FilmProcessor to use your media, captions, prompts, or outputs to train their own general models, to improve unrelated services, or to make your project available to other customers.

We will disclose personal data if required to do so by law or in response to a valid legal request from a competent authority.

We retain account data for as long as your account is active. If you close your account, we will delete your personal data within 30 days, except where we are required by law to retain it for a longer period.

Working Repository assets, public delivery assets, and sealed masters are retained until you delete them or your account is closed, subject to legal retention obligations and any scheduled deletion windows you configure.

Fileshare transfers are retained only for the storage period you choose, then deleted automatically.

Emulsion datasets, captions, run records, model artifacts, and provider-side run copies may persist until you delete them, the run lifecycle completes, or provider retention windows expire.

Under UK GDPR, you have the following rights:

• Right of access — to obtain a copy of the personal data we hold about you
• Right to rectification — to correct inaccurate data
• Right to erasure — to request deletion of your data in certain circumstances
• Right to restriction of processing
• Right to data portability
• Right to object to processing based on legitimate interests

To exercise any of these rights, contact us via our contact page. We will respond within one calendar month.

You also have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• Client-side encryption for Fileshare and sealed-master flows where zero-access storage is intended
• Encrypted connections (TLS) for all communications
• HTTP-only secure session cookies
• Controlled server-readable storage classes for Repository, public delivery, and collaboration workflows
• Ephemeral or short-lived server processing environments for server-side jobs where applicable
• Access controls limiting who within our organisation can access your data

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent notice on the FilmProcessor interface. The date at the top of this document indicates when it was last revised.

PSYCHÉ TROPES LIMITED (09356879)
4th Floor, Silverstream House
45 Fitzroy Street, Fitzrovia
London, W1T 6EB
United Kingdom

Contact: contact page

For data protection enquiries, you may also write to us at the above address marked for the attention of: Data Protection.