CASTMINT

Privacy Policy

Last updated: June 13, 2026

This policy explains how we process your personal data when you use CASTMINT, in accordance with the EU General Data Protection Regulation (GDPR / RODO).

1. Data Controller

The controller of your personal data is TestPoint Lidia Bućko, Poland, NIP 7752621292, REGON 540507749. We have not appointed a Data Protection Officer. For any privacy matter, reach us through our contact form.

2. What Data We Collect

  • Account data: name, email address, password (stored hashed).
  • Billing data: subscription and payment status (card data is handled by Stripe, not by us).
  • Content data: the prompts you submit and the videos, images and audio generated for you.
  • Technical data: log data, device and usage information needed to run and secure the Service.
  • Abuse-prevention signals: your IP address and a device fingerprint, used to detect and limit fraudulent or repeated free-account creation.

3. Purposes and Legal Bases

  • To provide the Service and your account — performance of a contract (Art. 6(1)(b) GDPR).
  • To process payments and keep accounting records — contract and legal obligation (Art. 6(1)(b) and (c)).
  • To secure the Service, prevent abuse and moderate content — our legitimate interest (Art. 6(1)(f)).
  • To send marketing messages — only with your consent (Art. 6(1)(a)), which you may withdraw at any time.

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing (Art. 22 GDPR). Content moderation may use automated screening, but suspensions and account decisions involve human assessment.

4. Recipients and Processors

We share data only with service providers that process it on our behalf under data-processing agreements:

  • Stripe — payments and subscriptions.
  • Neon and Upstash — database and queue hosting.
  • Cloudflare R2 — storage of generated media.
  • Vercel — application hosting.
  • OpenAI, fal.ai, ElevenLabs — AI generation of scripts, visuals and voiceover.
  • Resend — transactional and contact emails.
  • Google — optional sign-in (OAuth), if you choose it.

5. International Transfers

Some providers are located outside the European Economic Area (e.g. in the United States). Where this is the case, transfers are safeguarded by appropriate mechanisms such as the European Commission's Standard Contractual Clauses.

6. Retention

We keep account and content data for as long as your account is active. After you delete your account we remove or anonymise your data, except where we must retain certain records to meet legal obligations — in particular accounting and invoice records, which we keep for 5 years from the end of the relevant tax year as required by Polish law.

7. Your Rights

You have the right to access, rectify, erase and port your data, to restrict or object to processing, and to withdraw consent at any time. To exercise these rights, use our contact form. You also have the right to lodge a complaint with the Polish supervisory authority, the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, PUODO).

8. Cookies

We use cookies that are strictly necessary to run the Service (such as session and authentication cookies). Any non-essential cookies are used only with your consent. See our Cookie Policy for details.

9. Changes

We may update this policy and will post the new version with an updated date. For material changes we will notify registered users.