Privacy Policy

afterSora is a trading style of Blu Zetta Limited. For this policy, "afterSora", "we", "us", and "our" mean the operator of the afterSora website, checkout, dashboard, generation tools, support channels, and related services.

Our registered business address is 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. For privacy, account, billing, or support requests, contact us at [email protected] or use the contact form available from the site navigation.

Where we decide why and how personal data is processed, we act as controller. Where we process data on behalf of another organisation under written instructions, we act as processor for that organisation.

This policy applies to personal data processed through afterSora, including the public website, pricing and checkout pages, account dashboard, video and image generation workflows, character, world, preset, storyboard, remix, re-cut, loop, blend, support, email, analytics, and administrative tools.

It does not replace separate notices or terms from third-party payment processors, AI model providers, hosting providers, analytics providers, identity providers, or platforms you use to access or share afterSora content. Those third parties may process personal data under their own terms and privacy notices.

We collect and generate different categories of personal data depending on how you use afterSora.

• Account data: email address, password hash, login status, account identifiers, account settings, credits balance, plan, purchase history, support status, and authentication metadata.
• Checkout and billing data: selected plan, credit pack, promotion code, payment status, payment processor identifiers, transaction timestamps, billing name, billing country, order value, currency, card brand, card checks, failure reasons, refund records, and fraud or risk signals. We do not intentionally store full card numbers or CVV codes.
• Creative workspace data: prompts, optimized prompts, drafts, storyboards, timeline settings, generation settings, aspect ratio, duration, model choice, quality choice, seed settings, character records, worlds, presets, uploaded images, uploaded videos, reference media, active world images, custom preset images, generated media, thumbnails, downloads, share links, and related metadata.
• Technical and usage data: IP address, device type, browser type, approximate location derived from IP, referring URLs, pages viewed, buttons clicked, timestamps, error logs, generation job status, model responses, rate limits, security events, cookies, local storage, and similar identifiers.
• Support and communication data: name, email, message content, screenshots, files, order dates, issue descriptions, correspondence, support outcomes, and preferences.
• Marketing and promotion data: promo links used, source, campaign, claimed or unclaimed status, referral source, consent status, email preferences, and interactions with promotional pages.
• Information from third parties: payment confirmations, webhook events, fraud checks, analytics events, email delivery events, model provider job data, storage events, or information you authorise another service to send to us.

afterSora is a creative AI product and is not designed for processing highly sensitive personal data. Unless we specifically ask for it, do not submit special category data, health data, biometric data for identification, criminal offence data, government identifiers, payment card secrets, passwords for other services, confidential third-party information, or personal data about children.

If your prompt, upload, world, preset, character, or support message contains personal data about another person, you are responsible for having a lawful basis, consent, licence, release, or other permission to use it. This is especially important for likenesses, voices, private images, minors, clients, employees, performers, and copyrighted or confidential material.

• Directly from you when you create an account, buy credits, enter prompts, upload media, configure settings, submit support requests, or use the dashboard.
• Automatically from your browser or device through server logs, cookies, local storage, analytics events, security tools, and generation job telemetry.
• From service providers such as payment processors, email providers, hosting providers, analytics providers, fraud prevention providers, and AI model infrastructure providers.
• From public or third-party sources where you use a social, referral, promotion, or campaign link that identifies the source of your visit.

We use personal data only where we have a lawful basis under applicable data protection law.

• To provide the service and perform our contract with you: create accounts, authenticate users, process checkout, allocate credits, run generations, show media, maintain libraries, provide downloads, process support, and manage credits.
• For legitimate interests: secure the service, prevent fraud and abuse, debug failures, monitor reliability, improve product performance, understand feature usage, protect our rights, enforce terms, and operate business reporting. We balance these interests against your rights and expectations.
• To comply with legal obligations: keep accounting and tax records, respond to lawful requests, comply with consumer, payment, sanctions, anti-fraud, data protection, and regulatory obligations, and preserve evidence where required.
• With consent: send optional marketing where consent is required, use non-essential cookies or similar technologies where consent is required, or process data for a specific purpose you agree to.
• To protect vital interests or public interests: only in rare cases, for example where a serious safety issue or legal emergency requires action.

To generate or transform media, afterSora may transmit your prompts, uploads, reference images, reference videos, active world images, custom preset images, character data, storyboard panels, settings, and relevant metadata to AI model providers, infrastructure providers, moderation systems, storage providers, or job queues. This is necessary to deliver the generation features you request.

AI providers and infrastructure providers may process inputs and outputs to perform generation, safety checks, abuse prevention, troubleshooting, billing, rate limiting, reliability monitoring, and compliance. Some providers may retain limited operational logs or media for defined periods under their own terms, policies, or legal obligations.

Generated output can be unpredictable. We may use automated systems to reject, block, moderate, or fail requests that appear unsafe, unlawful, infringing, abusive, technically invalid, unsupported by a model, or inconsistent with provider rules. We may store failure reasons and relevant prompt context so we can support users and improve reliability.

Payments are processed through payment service providers such as Square or any replacement processor we use. We receive payment status, transaction IDs, card brand, country, checks, failure reasons, and related order data, but the processor handles sensitive card details. Do not send card numbers, CVV codes, or bank credentials to support.

We use checkout, account, promotion, IP, device, and payment metadata to prevent fraud, verify orders, allocate credits, manage refunds, respond to disputes, keep accounting records, and protect live users from service abuse.

We use cookies, local storage, and similar technologies to keep you signed in, remember settings, support checkout, protect accounts, improve reliability, measure usage, and understand how people use afterSora. Some technologies are strictly necessary for the site to work. Others, such as analytics or marketing tools, may require consent depending on your location and the technology used.

You can control cookies through your browser and, where available, site consent controls. Blocking essential cookies may prevent login, checkout, dashboard features, media playback, or security checks from working correctly.

We do not sell personal data in the ordinary meaning of selling customer data. We share personal data only where reasonably necessary for the service, compliance, security, or business operations.

• AI model and infrastructure providers for generation, transformation, safety review, moderation, reliability, and job processing.
• Payment processors for checkout, refunds, payment authentication, fraud checks, and disputes.
• Hosting, database, CDN, storage, logging, backup, email, analytics, support, and security providers.
• Professional advisers such as accountants, lawyers, insurers, auditors, and compliance consultants.
• Regulators, law enforcement, courts, payment networks, or other authorities where legally required or where necessary to protect rights, users, systems, or the public.
• A buyer, investor, lender, successor, or restructuring party if the business, assets, or service are involved in a merger, acquisition, financing, sale, insolvency, or reorganisation.
• Other users or the public only where you choose to share content, create public links, publish media, or otherwise make content available.

We are based in the United Kingdom, but our providers, users, processors, model infrastructure, and storage locations may be in the UK, European Economic Area, United States, or other countries. Where personal data is transferred internationally, we use appropriate safeguards where required, such as adequacy regulations, standard contractual clauses, UK international data transfer agreements or addenda, contractual protections, technical safeguards, or another lawful transfer mechanism.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law. Retention periods vary by data type.

• Account records are usually kept while your account remains active and for a reasonable period afterwards for support, security, audit, and legal purposes.
• Order, payment, refund, tax, and accounting records may be kept for at least six years or longer if required by law, dispute, audit, or payment network rules.
• Generated media, uploads, prompts, drafts, worlds, presets, characters, storyboards, and logs may be retained while needed to provide your library, downloads, support, safety, abuse prevention, debugging, and product reliability.
• Failed generation context and error logs may be retained for troubleshooting, abuse prevention, support, and quality improvement.
• Support records may be kept for a reasonable period after resolution so we can evidence decisions and respond to follow-up questions.
• Backups may retain data for a limited period after deletion from live systems before they are overwritten.

We use administrative, technical, and organisational measures designed to protect personal data, including access controls, authentication, logging, transport security, environment separation, least-privilege access, backup practices, and service monitoring. No online service can guarantee absolute security, so you must keep your password secure, use a unique password, and tell us immediately if you suspect unauthorised access.

Depending on your location and the data involved, you may have rights to request access, correction, deletion, restriction, portability, objection to certain processing, withdrawal of consent, and review of certain automated decisions. These rights are not absolute and may be subject to exemptions, verification, legal retention duties, fraud prevention, or the rights of others.

To exercise rights, email [email protected] from your account email where possible. We may need to verify your identity and clarify your request. If you are in the UK, you also have the right to complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint.

afterSora is not intended for children. You must not create an account or use the service if you are under the minimum age required to enter into these terms in your country. Do not upload images, videos, voices, likenesses, or personal data of children unless you have the necessary authority, consent, and lawful basis, and the content is lawful, safe, and permitted by our terms and provider rules.

We use automated systems for login security, abuse prevention, generation routing, moderation, payment risk signals, rate limits, error handling, and credit allocation. These systems can block or fail requests, limit account actions, or require manual review. We do not intend to make solely automated decisions that produce legal or similarly significant effects unless permitted by law and subject to appropriate safeguards.

We may update this policy when the service, providers, legal requirements, or data practices change. If changes are material, we will take reasonable steps to bring them to your attention, such as posting a notice on the site, updating the date above, or contacting account holders where appropriate. Continued use after an update means the updated policy applies from its effective date.

For privacy requests, account questions, billing issues, support, or complaints, contact afterSora at [email protected]. You can also use the contact form from the site navigation.