Skip to content

legal

Privacy Policy

Last updated: June 12, 2026

Terms of ServicePrivacy PolicyRefund PolicySoftware License (EULA)

Short version: we collect the minimum needed to sell you the plugin and hand you the download - an email, a password hash, purchase records, license activations. No ad trackers, no analytics pixels, no selling data. Ever.

1. Who is responsible

Data controller: [YOUR LEGAL NAME / BUSINESS NAME], [YOUR ADDRESS]. Contact: support@captionplug.com.

2. What we collect and why

DataWhy (legal basis)
Email + password (hashed)Your account: login, download access, password resets (contract).
Purchase recordsDelivering what you bought, refunds, tax/accounting obligations (contract, legal obligation).
License key + machine activation hashesEnforcing the 3-machine license and fighting piracy (legitimate interest). The hash is a fingerprint the plugin computes; we never see your files or hardware details.
Download log (IP, browser user-agent, time)Abuse and fraud tracing on signed download links (legitimate interest).
Support emailsAnswering you (legitimate interest).

Payment card data goes directly to Stripeand never touches our servers. Stripe acts as its own controller for payment processing; see Stripe's privacy policy.

3. What the plugin itself sends

The Caption Plug plugin runs locally inside Premiere Pro. When you transcribe, your selected audio is sent directly from your machine to the provider you chose (OpenAI or Groq) using your own API key - it does not pass through our servers. The plugin contacts our servers only for license activation/validation (license key + machine hash) and to check for updates.

4. Cookies

Only strictly-necessary cookies: the Supabase authentication session that keeps you logged in. No advertising or analytics cookies, which is why there is no consent checkbox circus - just a notice. Blocking these cookies means login won't work.

5. Where data lives and who processes it

  • Supabase - database, authentication, file storage (processor).
  • Stripe - payments (independent controller for the transaction).
  • Vercel - website hosting and request logs (processor).

Transfers outside the EEA/UK rely on the processors' Standard Contractual Clauses / Data Privacy Framework participation.

6. Retention

  • Account data: until you delete your account.
  • Purchase records: as long as tax law requires (typically 6-10 years).
  • Download logs: 12 months.
  • Support emails: 24 months.

7. Your rights (GDPR / UK GDPR / CCPA)

You can ask for access, a copy (portability), correction, deletion, restriction, or object to processing - email support@captionplug.comand we'll act within 30 days. You can complain to your local data-protection authority. We don't sell or "share" personal information as defined by the CCPA, and we don't use it for cross-context behavioral advertising. Deleting your account removes your personal data; purchase records we're legally required to keep are retained in minimized form.

8. Security

Row-level security on every table, service-role writes only via the payment webhook, signed 5-minute download URLs, rate limiting, strict Content-Security-Policy and HSTS, passwords hashed by Supabase Auth (bcrypt). No system is perfect; if we ever detect a breach affecting you, we'll notify you as required by law.

9. Changes

We'll update this page when anything changes and bump the date at the top. See also the Terms of Service.