Closed BetaCurtyn is in closed beta. to join an upcoming group of productions.

CURTYN
PRIVACYINT. YOUR DATA

Privacy policy.

Effective date: 1 May 2026

Curtyn is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it.

1. Data we collect

We collect the following categories of data:

  • Account data: email address and password hash when you register.
  • Project content: briefs, video and image files, comments, and cast/crew lists you create or upload.
  • Usage data: share-link view events and comment timestamps.
  • Billing data: processed securely by Mollie; we do not store your credit card or bank account numbers on our servers.
  • Server logs: standard access logs (including IP addresses and timestamps) for security, abuse prevention, and debugging.

2. How we use your data

  • Provide, maintain, and improve the Curtyn service.
  • Process video files (transcoding and thumbnail generation).
  • Send transactional emails (notifications, receipts, collaborator invites).
  • Detect and prevent fraudulent or abusive use of our infrastructure.

3. Our Role (GDPR)

When you use Curtyn to store information about your clients, cast, or crew (such as names, emails, or phone numbers in crew lists or contact records), you are the Data Controller and we are the Data Processor. You are responsible for ensuring you have the legal right to collect and upload their data to our platform.

4. Data sharing & Sub-processors

We never sell your data. We share data only with the following sub-processors strictly required to run the service:

  • Supabase: database hosting and authentication (EU region).
  • Backblaze: encrypted cloud file storage.
  • Hetzner / Vultr: ephemeral video processing and transcoding servers.
  • Cloudflare: Content Delivery Network (CDN) and security routing.
  • Vercel: frontend hosting and edge network.
  • Mollie: payment processing and subscription management.
  • Resend: transactional email delivery.

5. Cookies

We use strictly necessary cookies for authentication and session management. We do not use advertising, retargeting, or third-party marketing tracking cookies.

6. Data retention

Project data is retained for as long as your account is active. When you delete an item, it is flagged for deletion and permanently removed on the following schedule:

  • Files: permanently destroyed from our storage servers within 30 days.
  • Projects, clients, invoices, and other business records: permanently deleted within 90 days.

When you close your account, all of your data is flagged for deletion immediately and permanently removed within 90 days, in line with the windows above.

7. Your rights

Under the GDPR and applicable data protection laws, you have the right to access, correct, export, or delete your personal data. To exercise these rights, email us at support@curtyn.com.

8. Security

All data is encrypted in transit (TLS) and at rest. Access to production systems is strictly limited. However, no internet transmission is 100% secure; you upload data at your own risk.

9. Changes to this policy

We will notify you of material changes by email or in-app notice at least 14 days before they take effect.