LogoEasySub
Legal & policies
Privacy

Privacy Policy

This policy explains what data EasySub collects, why we need it, who we share it with, and how you can review or delete it. It applies to the EasySub website, mobile apps (iOS / Android), and any other service we operate under the EasySub brand.

Last updated

Plain-English summary. We collect only what we need to run EasySub — your email to sign you in, the videos you upload to transcribe them, your caption text to save your projects, and your payment info to bill you. We never sell your data, never share it with ad networks, and never train any third-party model on your content. Source media is deleted within 24 hours; you can delete your account and everything tied to it at any time.

01Who is responsible for your data

The data controller is CET (Thailand) Co., Ltd. (Thai company registration number 0105560145831), with a registered office at 559/101 Soi Suea Yai Uthit, Chantharakasem, Chatuchak, Bangkok 10900, Thailand. You can reach us about anything in this policy at privacy@easysub.io.

02What we collect

Account. Your email address and (if you sign in with Google / Apple) your name and profile photo. We do not store passwords — sign-in is handled by Clerk.

Content you upload. Video / audio files you submit for transcription. The audio track is extracted and sent to OpenAI Whisper. Source media is deleted from our temporary storage within 24 hours of processing.

Caption text. The captions generated for your videos, edits you make, and any AI-polished or translated versions. These are saved against your account so you can re-open projects on any device.

Payment info. Name, billing address, and partial card / wallet details — collected and stored by Stripe. We receive only a Stripe customer id and a payment status; we never see or store full card numbers.

Usage data. How many seconds of audio you transcribe per month and how many AI polish / translate calls you make. We use this to bill you correctly and detect abuse.

Device + connection. Browser / app user agent, IP address (for rate limiting and to detect fraud), and crash / performance diagnostics. IPs are kept for a maximum of 30 days.

Voice samples (optional). If you choose to clone a voice for AI dub, the sample you provide is sent to ElevenLabs for voice creation. You can delete the cloned voice at any time from your account.

03Why we process your data

We rely on the following lawful bases (GDPR Art. 6 / PDPA §24):

  • Contract. Most processing is necessary to deliver the service you signed up for — transcribing your videos, saving your projects, billing you for your plan.
  • Legitimate interest. Logging IPs and rate-limiting protect the service against abuse; security monitoring detects fraud and data breaches.
  • Legal obligation. Transaction and invoice records are kept as required by Thai tax law (Revenue Code).
  • Consent. Voice clone creation and any optional newsletter email — both opt-in, both revocable at any time.

04Service providers (sub-processors)

We use the following third-party services to operate EasySub. Each one is bound by a data-processing agreement (DPA) and only receives the data needed to perform its role.

ProviderPurposeData sharedRegion
OpenAISpeech-to-text transcription (Whisper) and AI caption polish / translation (GPT).Audio extracted from your uploaded video; caption text submitted for polish or translation.United States
ElevenLabsPremium text-to-speech voices for AI Dub and optional voice cloning.Text to synthesise; optional voice samples you provide for cloning.United States
Anthropic (Claude)AI Magic / Smart Cut — stylistic rewrites of caption text.Caption text you submit to AI Magic / Smart Cut. Anthropic retains submissions for up to 30 days for trust & safety and does not train models on this content.United States
StripePayment processing for subscriptions and one-time top-ups.Name, email, card / wallet details, billing address, transaction history. We never store full card numbers ourselves.United States / Singapore
ClerkIdentity provider — sign-up, sign-in, session and password management.Email, name, profile photo (if you connect Google / Apple), IP for anti-abuse.United States
Neon (Postgres)Primary application database — your account, projects, usage counters.Account metadata, project titles, caption text, usage seconds, plan / credit balance.Singapore (ap-southeast-1)
Cloudflare R2Short-lived storage for the mobile upload pipeline — files are deleted within 24 hours.Video / audio files you transcribe via the mobile app.Global (with Asia-Pacific edge)
ResendTransactional email — receipts, plan changes, account notifications.Your email address and the message contents we send to you.United States
VercelHosting + edge network for the website and API.Request logs (IP, user agent, path) for ~24 hours for security and diagnostics.Global (Edge)

We confirm that every third party listed above (including the third-party AI services OpenAI, ElevenLabs, and Anthropic) is bound by contractual terms that provide protection of your personal data equal to or greater than the protection stated in this policy and required by applicable App Store and PDPA / GDPR rules. None of them are permitted to sell your content, use it for advertising, or train their models on it.

Before any AI-backed feature (transcribe, translate, AI Polish, AI Dub, voice clone) sends content to a third-party AI service, the mobile app shows an in-app consent screen identifying every recipient and the data sent, and asks for explicit Accept. You can revoke that consent at any time from Account → Reset AI processing consent.

Several of these providers are based outside Thailand. By using the service you acknowledge international transfers of your data, governed by standard contractual clauses (SCCs) where applicable.

05App Store / Play Store data declaration

Apple's App Privacy nutrition card and Google's Play Data safety form summarise the data collection below. None of the categories are used for tracking across other companies' apps or websites, and none are linked to ad networks.

CategoryPurposeLinked to youUsed for tracking
Contact info — emailAccount creation, sign-in, transactional email.YesNo
User content — audio / videoTranscription, captioning, optional AI dub. Source media is processed and deleted within 24 hours; only the resulting captions persist.YesNo
User content — caption textSaving your projects so you can re-open them on any device.YesNo
PurchasesProcessing your subscription / top-up payment.YesNo
Usage dataCounting transcription seconds against your plan quota and detecting abuse.YesNo
DiagnosticsCrash reports and performance metrics so we can debug failures.NoNo

06How long we keep your data

  • Source video / audio. Up to 24 hours in temporary storage, then permanently deleted.
  • Caption text + projects. Kept until you delete the project or your account. We may keep the latest 50 projects per account to keep the recents list manageable.
  • Usage counters. Per-month aggregates kept indefinitely for billing audit; resettable on account deletion.
  • Invoices + receipts. 5 years after issuance, as required by Thai tax law.
  • IP addresses. Maximum 30 days.

07Your rights

Under Thailand's PDPA and the EU's GDPR you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct anything that's inaccurate or incomplete.
  • Erasure — delete your account and the data tied to it.
  • Portability — receive your projects + captions in a machine-readable format (JSON).
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — for anything we asked permission for (e.g. voice cloning).
  • Complain — lodge a complaint with Thailand's PDPC (pdpc.or.th) or your local supervisory authority.

To exercise any of these rights, email privacy@easysub.io from the email address attached to your EasySub account. We'll respond within 30 days.

You can also delete your account yourself at any time at https://easysub.io/account/delete.

08Security

  • All traffic between your device and our servers is encrypted in transit with TLS 1.2+.
  • Our database (Neon Postgres) encrypts data at rest with AES-256.
  • Sign-in is handled by Clerk with bcrypt-hashed passwords (or social OAuth — we never see your social account's password).
  • We follow least-privilege access controls; only on-call engineers can read production data, and access is logged.
  • Card data is tokenised at Stripe — it never touches our servers.

09Children

EasySub is not directed to children under 13 (or under 16 in the EEA / UK). We do not knowingly collect data from anyone in that age group. If you believe a child has created an account, email privacy@easysub.io and we will delete the account.

10Cookies and similar technologies

We use a small number of strictly-necessary cookies (and equivalent local storage):

  • Session cookies set by Clerk to keep you signed in.
  • Locale cookie (`locale`) remembers your language preference between visits.
  • CSRF token for protecting authenticated form submissions.

We do not use advertising cookies, analytics that profile users across sites, or third-party tracking pixels.

11Changes to this policy

We will update the date at the top of this page whenever this policy changes. Material changes (new categories of data collected, new processors, change of controller) will also be announced via email to active accounts at least 14 days before they take effect.

12Contact us

Privacy questions: privacy@easysub.io

Postal address: 559/101 Soi Suea Yai Uthit, Chantharakasem, Chatuchak, Bangkok 10900, Thailand