StoryboardCanvas — Legal & Data Processing Terms

Version: v1.4 · 4 June 2026 Repository: the full Markdown source of this document lives at docs/LEGAL_TERMS.md in the StoryboardCanvas repository. Every change to our obligations arrives as a public commit with timestamp + author.

For any query about these terms, please contact admin@storyboardcanvas.ai.

Table of contents

1. Definitions
2. About us · how to contact us
3. Acceptance of these terms
4. Eligibility
5. Your account
6. Plans, credits, payment and cancellation
7. Acceptable Use Policy
8. Your content
9. AI features and AI-generated content
10. Intellectual property
11. Privacy and data protection
12. Confidentiality
13. Availability and changes to the service
14. Suspension and termination
15. Disclaimers and warranties
16. Limitation of liability
17. Indemnification
18. Governing law and disputes
19. Miscellaneous
20. Privacy Policy
21. Data Processing Addendum (DPA)
22. Cookie Policy
23. AI Addendum
24. Know-Your-Customer, Anti-Money-Laundering and Sanctions Statement
25. Children's Online Privacy
26. Changes to these terms

1. Definitions

In these terms:

• "Account" means the user account you register with us to access the

Service.

• "Acceptable Use Policy" or "AUP" means Section 7 of these terms.
• "AI Features" means the artificial intelligence functionality

available within the Service, including text-generation, image-generation, voice-transcription, text-to-speech, video-assembly, image-editing, search and other model-powered tools.

• "AI Output" means content produced by an AI Feature in response to

your input.

• "Cast Content" means personal data of cast members, crew members,

contributors or third parties that you upload to the Service in connection with managing a production (including names, contact details, photographs, scanned identity documents where you choose to upload them, availability calendars, deal-memo information and similar).

• "Confidential Information" has the meaning set out in Section 12.
• "Controller" has the meaning given by the UK GDPR / EU GDPR.
• "Credits" means the metered units you spend to access certain

AI Features.

• "Customer Data" means all data you submit to or generate within the

Service, including projects, scripts, breakdowns, shotlists, storyboards, schedules, call sheets, budgets, Cast Content, generated images, animatics and reports.

• "DPA" means the Data Processing Addendum in Section 21.
• "Order" means your selection of a plan and your payment

authorisation through our payment processor.

• "Personal Data" has the meaning given by the UK GDPR / EU GDPR.
• "Plan" means the subscription tier you select (Hobbyist, Solo, Team,

Studio, Agency, Network, Broadcaster or Enterprise) or any successor tier we make available. The Broadcaster tier is offered on a Contact- Sales basis; the remaining tiers are available for self-serve sign-up.

• "Processor" has the meaning given by the UK GDPR / EU GDPR.
• "Service" means the StoryboardCanvas web application and any

StoryboardCanvas-branded API, browser extension, desktop application, documentation, support service or related software made available by us.

• "Subscriber" means the person or organisation that pays for the

Service and whose name appears on the Order.

• "Team Member" means any user added to a Subscriber's Account who

consumes a seat against the Subscriber's plan or is granted read-only viewer access.

• "User Content" has the same meaning as Customer Data for the

purposes of these terms.

• "Viewer" means any user invited to a Subscriber's Account with

read-only access. Viewers do not consume a seat against the Plan.

• "we" / "us" / "our" means StoryboardCanvas, the operating company

that provides the Service.

• "you" / "your" means (a) the natural person opening an Account where

you are an individual user, or (b) the Subscriber organisation and each Team Member and Viewer added to that Subscriber's Account, as the context requires.

2. About us

StoryboardCanvas is a software-as-a-service platform for filmmakers, production companies and creative professionals.

Contact us about these terms or our use of your data:

• General: admin@storyboardcanvas.ai
• Privacy / data protection: privacy@storyboardcanvas.ai
• Legal / DMCA / takedown: legal@storyboardcanvas.ai
• Security disclosures: security@storyboardcanvas.ai

The admin@storyboardcanvas.ai address is monitored daily and reaches us for any of the categories above.

3. Acceptance of these terms

By creating an Account, paying for a Plan, or otherwise using the Service, you confirm that:

• you have read, understood and agreed to be bound by these terms;
• if you are accepting these terms on behalf of an organisation, you have

the authority to bind that organisation;

• you are entering into a legally binding agreement with us.

If you do not agree to these terms, you must not access or use the Service. We may require you to re-accept these terms after a material change (see Section 26).

4. Eligibility

You may use the Service only if you:

• are at least 18 years old, or the legal age of majority in your

jurisdiction (whichever is higher);

• have the legal capacity to enter into a contract;
• are not located in, established in, or a national or resident of any

country, region or territory subject to comprehensive UK, EU, US, UN or other applicable sanctions, embargoes or trade restrictions;

• are not on any UK, EU, US Treasury OFAC, US Commerce BIS or UN

sanctions or designated-persons list, and are not owned or controlled by any such person;

• have not previously been suspended or removed from the Service.

By creating an Account, you confirm each of the above is true and remains true throughout your use of the Service.

5. Your account

5.1 Registration and identity

You register for an Account through our identity provider. You must provide accurate, current and complete information about yourself or your organisation and keep it up to date.

5.2 Security

You are responsible for keeping your login credentials secure. You must notify us at security@storyboardcanvas.ai (or the general contact above until the mailbox is live) without undue delay if you suspect your Account has been compromised. You are responsible for all activity performed through your Account except activity arising from an unauthorised access that you reported to us promptly and that we confirmed.

5.3 Seats and viewers

The Subscriber's Plan determines how many editable Team Member seats the Account may have at any one time. Viewers are read-only and are not counted against the Subscriber's seat limit. The Subscriber and each Team Member with an admin role can invite, remove, suspend or modify the role of any other Team Member or Viewer at any time.

5.4 Owner-gated access

The Subscriber owner controls which apps within the Service each Team Member or Viewer can open and which actions each can take. The owner may change those permissions at any time. Permission changes take effect on the next page load or session refresh for the affected user.

5.5 One person per Account

You must not share Account login credentials with another person. Each human user must register their own Account or be invited as their own Team Member or Viewer.

6. Plans, credits, payment and cancellation

6.1 Plans

We offer Plans on a recurring monthly or annual subscription basis. The current plans, the seat counts, the Credit allowances and the prices are published on /pricing. The self-serve roster is Hobbyist, Solo, Team, Studio, Agency and Network; the Enterprise and Broadcaster tiers are offered on a Contact-Sales basis to organisations with bespoke seat, storage, white-labelling or compliance requirements. We may change the Plan structure at any time on notice (see Section 26). Subscriptions in force at the time of a Plan change continue at the previously-agreed price for the remainder of the then-current billing period.

6.2 Credits

Credits meter the consumption of certain AI Features. Each Plan includes a monthly Credit allowance. Unused Credits may roll over up to a cap disclosed on /billing. You may purchase additional Credit packs at any time. Credits have no cash value and are not refundable except to the extent expressly required by law or by Section 6.5 below.

6.3 Payment processor

We use a third-party payment processor to handle all payment-card and direct-debit transactions. We do not store full payment-card numbers on our servers. By placing an Order, you agree to the payment processor's own terms of service. You authorise us and our payment processor to charge the payment method you provided for the recurring fees and any Credit-pack purchases until you cancel.

6.4 Renewals

Subscriptions renew automatically at the end of each billing period unless cancelled before the renewal date. You may cancel at any time from the Account billing page. On cancellation the Subscriber's Account remains active until the end of the then-current billing period.

6.5 Refunds

Pre-order payments accepted before the public release of the Service are refundable on request at any time before the Service is made available to the general public. After the public release of the Service, recurring subscription fees are paid in advance and are not refundable for unused time within a billing period except where required by applicable consumer-protection law. Credit-pack purchases are refundable for the unused portion of the pack within fourteen (14) days of purchase except where the Credits in question have already been spent.

Beyond the cases set out above, all refund requests are considered on a case-by-case basis and any refund is granted at our sole discretion, as a gesture of goodwill and without any admission of liability or obligation to grant the same or a similar refund in any other case. A decision to grant or refuse a refund in one instance does not create any entitlement, precedent or course of dealing. Nothing in this Section 6.5 limits any non-excludable refund or cancellation rights you have under the consumer-protection law of your country of residence.

6.5A Changes to prices and packages

We may change our prices, plan tiers, plan composition (including seat allowances, credit allocations, storage and feature packaging), credit costs for individual AI actions, and booster packs at any time at our sole discretion, without being required to give reasons. Changes apply as follows:

• changes to subscription prices or plan composition take effect for an

existing Subscriber from the start of their next billing period; we will give existing Subscribers reasonable advance notice (by email or in-product) of any price increase to a plan they are subscribed to, and a Subscriber who does not wish to continue at the changed price may cancel before the renewal date under Section 6.4;

• changes to credit costs for individual AI actions, to booster packs,

and to promotional or introductory pricing may take effect immediately for purchases and actions occurring after the change;

• no change reduces Credits already in your balance or removes paid

functionality for time you have already paid for.

Nothing in this Section 6.5A limits any non-excludable rights you have under applicable consumer-protection law.

6.6 Failed payments

If a payment fails we will retry the charge and notify you. We may suspend access to AI Features and to other paid functionality if a payment remains overdue for more than seven (7) calendar days, and we may terminate the Account if a payment remains overdue for more than thirty (30) calendar days.

6.7 Taxes

Plan prices are quoted exclusive of VAT and similar transaction taxes unless stated otherwise. Where the Subscriber is established in a territory in which we are required to charge VAT or an equivalent tax, that tax will be added at checkout.

7. Acceptable Use Policy

You agree that you will not, and will not permit any Team Member, Viewer or other person acting through your Account to:

7.1 Unlawful content and conduct

• Use the Service to create, store, send, request or facilitate any

material that is unlawful in any applicable jurisdiction.

• Use the Service to create or distribute child sexual abuse material in

any form, real or generated.

• Use the Service to create non-consensual intimate imagery of any

person.

• Use the Service to create AI-generated depictions of a real,

identifiable person without that person's verifiable consent.

• Use the Service in connection with fraud, deception, market

manipulation, illegal gambling, or the violation of sanctions or export-control laws.

7.2 Rights of others

• Upload, generate or distribute content that infringes the intellectual

property, publicity, privacy or moral rights of any third party.

• Upload images, recordings or biographical information of any person

(including cast, crew or contributors) without lawful basis or, where required, that person's informed consent.

• Use the Service for harassment, hate speech, doxing, stalking, or any

conduct that targets a person on the basis of a protected characteristic.

7.3 Platform integrity

• Attempt to gain unauthorised access to any part of the Service, any

other user's Account, or any underlying infrastructure.

• Reverse-engineer, decompile, disassemble or attempt to extract the

source code of the Service, except to the extent expressly permitted by mandatory law.

• Probe, scan, load-test or stress-test the Service except with our

prior written consent.

• Use bots, scrapers or automated agents against the Service except via

documented public APIs and within published rate limits.

• Bypass, disable or interfere with any security, authentication,

metering, watermarking or content-moderation control.

• Resell the Service, sub-license access, or use the Service to operate

a competing service.

7.4 Misuse of AI

• Submit prompts intended to make the Service produce content that is

illegal, that violates the AUP, or that targets identifiable real persons for impersonation or defamation.

• Use the Service's image-generation features to produce depictions of

any minor.

• Use AI-generated voice synthesis, image generation or video generation

to impersonate a real person without that person's explicit consent.

• Use the Service to train, fine-tune or evaluate any other AI model

except your own first-party model on your own first-party data.

7.5 Enforcement

We may, at our discretion:

• remove or restrict access to any content that we have reason to

believe violates the AUP;

• warn, suspend or terminate any Account that we have reason to believe

has violated the AUP;

• preserve and disclose information about an Account or its activity to

the extent required by a valid legal request or to protect the rights or safety of any person.

We do not pre-screen User Content. We will respond to verified takedown notices in accordance with Section 10.4.

8. Your content

8.1 Ownership

You retain all rights you have in your User Content. Nothing in these terms transfers any ownership of your User Content to us.

8.2 Licence to us

You grant us a worldwide, non-exclusive, royalty-free licence to host, copy, transmit, display, process, sub-license to our service providers, and modify (only as technically required) your User Content for the sole purpose of operating, securing, maintaining and improving the Service for you. This licence ends when you or we delete the User Content from the Service, subject to backup retention as described in Section 20.

8.3 Your warranties about User Content

You warrant that you have all rights, licences, permissions, releases and consents necessary to upload, store, generate, share and use the User Content on the Service in the manner contemplated, including:

• copyright, trademark, design-right, moral-right and database-right

clearances for any pre-existing material you upload;

• name-and-likeness, publicity-right and biometric-data consents for any

photographs, recordings or reference images of identifiable people you upload;

• consents from the parents or legal guardians of any minors whose

personal data you upload (which should be limited to circumstances contractually required by your production and never to images used for AI-generation reference);

• the right to grant the licence in Section 8.2.

8.4 Cast Content special rules

Cast Content frequently includes Personal Data and may include special- category Personal Data such as photographs (biometric) and health or accessibility notes. Where you upload Cast Content, the Subscriber acts as the Controller of that Personal Data and we act as Processor under the Data Processing Addendum in Section 21. The Subscriber is responsible for the lawful basis on which Cast Content is processed (typically the performance of a production contract, the legitimate interest of the production, or explicit consent).

8.5 Removal

You may delete your User Content from the Service at any time using the in-app delete functions or by requesting a full account deletion. Some User Content may remain in encrypted backups for up to ninety (90) days after deletion before being purged on the normal backup-rotation cycle.

8.6 We do not use your content to train AI models

We do not use your User Content to train, fine-tune or evaluate any machine-learning model. We do not share your User Content with any AI model provider for the purpose of that provider's model improvement. We require our AI sub-processors to confirm in writing that prompts and outputs originating from the Service are not retained for model training or evaluation. See Section 23 for further detail on AI processing.

9. AI features and AI-generated content

9.1 Nature of AI output

AI Features generate content based on statistical patterns. AI Output may be inaccurate, biased, offensive or otherwise unsuitable for your intended use. You are responsible for reviewing AI Output before using it in any context where accuracy, safety or legal compliance matters.

9.2 Ownership of AI Output

To the extent permitted by applicable law and by the underlying AI model provider's terms, we assign to you, free of additional charge, any ownership rights we may have in AI Output you generate from your Account, on the conditions that:

• your Account was in good standing at the time of generation;
• the prompt and the surrounding use did not violate the AUP;
• you and we acknowledge that AI Output may not attract copyright

protection in some jurisdictions, and we make no warranty as to the copyrightability of AI Output.

9.3 Style-lock reference images and biometric data

The AI Artist and related image-generation features accept reference images uploaded by you that the Service uses to lock the style of generated images for the duration of your project. Where reference images contain identifiable faces of real individuals, you must have obtained the explicit, informed, prior consent of each such individual to:

• the upload of their image;
• the analysis of their biometric features by an AI model for the

purpose of style locking;

• the generation of new images that incorporate their likeness or

derived features.

If you cannot obtain such consent, you must not upload reference images of identifiable people. The Subscriber indemnifies us against any claim arising from a failure to obtain the consents required by this section.

9.4 Watermarking and provenance

Some AI Output may carry visible or invisible watermarks or provenance metadata that identify the content as machine-generated. You must not remove or attempt to defeat such watermarks or metadata where they have been applied to comply with applicable law or industry standards.

9.5 Hallucination warning for on-set use

The Service auto-generates daily production reports, call sheets, budget forecasts, schedule suggestions, continuity flags, scene summaries and similar production documents from AI models. These outputs are decision-support tools, not authoritative records. You must verify any AI-generated production document before relying on it for on-set safety, payroll, insurance, bond-company reporting, or any other purpose where an error could cause harm.

9.6 Moderation

We may apply content moderation to prompts submitted to AI Features and to AI Output. We may block, redact or refuse to generate output that our moderation systems flag as potentially in breach of the AUP. We do not guarantee that our moderation systems are accurate or complete.

9.7 Credit accounting

Each AI Feature is metered in Credits. The per-action Credit cost is displayed in the application at the point of use. Credits are deducted on successful completion of an action. Where a generation fails for a reason within our control, the Credit is not deducted or is refunded.

10. Intellectual property

10.1 Platform IP

The Service, including all software, source code, designs, copy, graphics, logos, sounds, templates, default brushes, default style references, the StoryboardCanvas trademark and the DollyAI™ trademark, remains the intellectual property of Mitchell James Hughes, Storyboard Canvas AI, and its founder Mitchell Hughes (or our licensors where applicable), and is protected by intellectual property laws. Except for the limited licence granted to you in Section 10.2, no rights in the Service are granted to you.

The Service is built on proprietary engines, systems, models, pipelines, data structures, prompt designs, user interfaces and methods developed in-house by Storyboard Canvas AI (together, the "Proprietary Technology"). The Proprietary Technology — including its architecture, algorithms, parameter sets, prompt engineering, training-free style-locking methods, and the manner in which the engines interoperate across the Service — constitutes our confidential information and trade secrets and is protected by copyright, database right, and applicable trade-secret and unfair-competition laws. Without limiting the foregoing, the Proprietary Technology includes (but is not limited to) the following named engines and systems, each of which is claimed as a trademark of Storyboard Canvas AI whether or not marked with ™:

• DollyAI™ — our cross-application AI director and project-context

engine, together with its underlying intelligence architecture: the DollyAI™ Production Memory (our durable, cross-session memory of a production's decisions, the user's standing preferences, the creative bible and the production's status); the DollyAI™ Agentic Tool Layer (our function-calling system that lets DollyAI™ query live project data and propose changes behind a human confirmation gate); the DollyAI™ Reflection Engine (our self-critique-and-revise loop that scores and improves AI output against a project's real data before delivery); the DollyAI™ Vision system (our frame- and asset-aware visual review and director's-notes capability); and the DollyAI™ Watch system (our ambient production watch-loop, scheduled briefing, proposal inbox and plan-then-execute goal engine);

• the DollyAI™ Family — our named, in-character specialist AI personas

and the orchestration system that routes work between them. Each persona name is claimed as a trademark of Storyboard Canvas AI whether or not marked with ™, including DollyAI™ (creative director and orchestrator), MarloweAI™ (script editor), SableAI™ (line producer), CassAI™ (1st assistant director), IndraAI™ (casting director), VeeAI™ (script supervisor / continuity) and MitchellAI™ (our AI artist and signature house illustrator) — together with the corresponding short-form persona names as used in the product and its materials (Dolly, Marlowe, Sable, Cass, Indra, Vee, Mitchell), each of which is likewise claimed. The names, personalities, voices, role definitions, system prompts, hand-off protocol and the manner in which the personas collaborate are part of the Proprietary Technology;

• the Style-Lock Engine and AI Style Sync — our project-scoped

visual style-bible compiler, vision-based style synchronisation and quality-assurance scorer — together with Ascension™, the name and curated prompt specification of our signature house illustration style;

• the AI Image Engine — our context-aware, multi-mode storyboard

image-generation system;

• the Character Continuity Graph — our identity-embedding and

multi-source continuity-merge system that keeps cast on-model across frames;

• Canvas Draw and the ABR Engine — our GPU-accelerated,

browser-based drawing engine, our proprietary Adobe-brush (.abr) parser, descriptor mapper and brush-asset model, our in-app brush tip and paper-texture creator studios, and the .sbcd brush file format (the StoryboardCanvas brush package — its name, structure, manifest schema and asset-re-homing import method);

• the Cross-App Spine — our shared single-project-file architecture

and the automated data bridges that propagate breakdown, cast, props, vehicles, schedule and call-sheet data across applications;

• the Producer Intelligence Engine — our daily hot-cost,

overtime-prediction, schedule-risk, crew-reliability, daily-production-report, stripboard-to-budget and purchase-order routing systems;

• the Carbon (Albert) Engine — our production carbon-estimation

system;

• the IATSE Turnaround Engine — our rest-period / turnaround

compliance system;

• the Compliance Engine — our jurisdiction-aware production

compliance system: the rules evaluator, the per-cast-member document vault, the expiry-ladder notification system, the call-sheet dispatch pre-flight check, and our curated jurisdiction rules packs (a proprietary database compilation protected by database right);

• the Talent Identity Spine — our cross-production talent identity,

work-history and crew-network system, including the producer-confirmed identity-linking method;

• the Cinema Bridge — our on-set media intelligence system,

including camera-metadata extraction, capture-time auto-filing against shoot days, and continuity-stills tooling;

• Frame Brain — our per-frame, context-aware animatic intelligence;
• the Brand Kit Engine — our brand-asset and export-branding

system;

together with our screenplay, breakdown, scheduling-intelligence (daylight, weather-swap, conflict-resolution and natural-language scheduling), animatic (frame tweening, voice / character text-to-speech, onion-skin and editorial round-trip) and continuity / compliance engines, and all related models, pipelines, prompts, schemas, interfaces, documentation and the look and feel of the Service. The foregoing list is non-exhaustive; additional proprietary engines, systems and components form part of the Proprietary Technology whether or not expressly named here. Nothing in these terms transfers any right, title or interest in the Proprietary Technology to you. You must not copy, modify, reverse-engineer, decompile, disassemble, scrape, benchmark for competitive purposes, or attempt to derive the source code, structure, parameters or underlying methods of any part of the Service, nor build a competing product or service using the Proprietary Technology, except and only to the extent such restriction is prohibited by applicable law.

10.2 Licence to use the Service

We grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Service in accordance with these terms during the period for which you have an active Account.

10.3 Feedback

If you send us suggestions, ideas, enhancement requests, feedback, recommendations or other input about the Service, you grant us a perpetual, irrevocable, worldwide, royalty-free licence to use that feedback for any purpose without restriction.

10.4 Copyright takedown

We respond to verified takedown notices alleging copyright infringement of material hosted on the Service. To submit a notice, contact legal@storyboardcanvas.ai and include:

• identification of the copyrighted work claimed to have been infringed;
• identification of the allegedly infringing material on the Service

(with a URL where possible);

• your contact details (full name, address, telephone, email);
• a statement of good-faith belief that the use is not authorised by

the copyright owner, its agent or the law;

• a statement, under penalty of perjury in jurisdictions that recognise

the concept, that the information in the notice is accurate and that you are authorised to act on behalf of the rights holder;

• your physical or electronic signature.

We will action verified notices in accordance with applicable law, including the United States Digital Millennium Copyright Act where relevant, and we will notify the user whose content was the subject of the notice. Counter-notices may be submitted to the same address.

11. Privacy and data protection

Our handling of Personal Data is governed by the Privacy Policy in Section 20 and, where you are acting as a Controller of Personal Data hosted on the Service, the Data Processing Addendum in Section 21. The Privacy Policy and the DPA form part of these terms and are incorporated by reference.

In summary:

• We do not sell your Personal Data.
• We do not use your User Content to train AI models.
• We use a small number of named sub-processors (listed in the DPA)

whose services are required to operate the Service.

• Where Personal Data is transferred outside the UK or the EEA, we rely

on the Standard Contractual Clauses (with the UK Addendum where applicable) or another approved transfer mechanism.

• You have the rights set out in the UK GDPR / EU GDPR including

access, rectification, erasure, restriction, portability, objection and the right to lodge a complaint with the ICO or your local supervisory authority.

12. Confidentiality

"Confidential Information" means any non-public information disclosed by one party to the other (whether marked confidential or not) that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure. Your User Content is treated as your Confidential Information. Our Service roadmap, internal pricing logic, security architecture documents and non-public business plans are treated as our Confidential Information.

Each party agrees to:

• protect the other party's Confidential Information using the same

degree of care it uses to protect its own confidential information of like importance (and in any event no less than a reasonable degree of care);

• use Confidential Information only to perform its obligations or

exercise its rights under these terms;

• restrict disclosure to employees, contractors and advisers who need to

know and who are bound by confidentiality obligations no less protective than these.

These obligations do not apply to information that the receiving party can demonstrate was already known without obligation of confidence, was or becomes public through no fault of the receiving party, is independently developed without use of the disclosing party's Confidential Information, or is required to be disclosed by a court, regulator or competent authority (with prompt notice where lawful).

13. Availability and changes to the service

13.1 Best-efforts availability

We use commercially reasonable efforts to make the Service available twenty-four hours a day, seven days a week. We do not guarantee any specific uptime except where stated in a separate written service-level agreement with you. Planned maintenance, software updates, hosting- provider incidents and force-majeure events may interrupt availability.

13.2 Beta and pre-release features

We may make Service features available on a "beta", "preview" or "experimental" basis. Such features are provided "AS IS", may be modified, suspended or removed at any time, and are excluded from any service-level commitment we may otherwise have made.

13.3 Changes to the Service

We continuously develop the Service. We may add, change or remove features at any time. We will not remove a material feature on which the Plan you paid for materially depends without offering you either a comparable replacement or a pro-rated refund of unused subscription fees.

14. Suspension and termination

14.1 Termination for convenience

You may terminate your subscription at any time from the Account billing page. Termination takes effect at the end of the then-current billing period.

We may terminate or non-renew an Account for any reason on thirty (30) days' written notice. In that case we will refund a pro-rated portion of any prepaid Plan fee covering the period after termination.

14.2 Termination for cause

Either party may terminate immediately on written notice if the other party:

• materially breaches these terms and fails to cure within fourteen

(14) days of being notified of the breach (where the breach is capable of cure);

• becomes insolvent, files for bankruptcy or has a receiver appointed.

We may suspend or terminate an Account immediately and without notice where we reasonably believe:

• the Account is being used to violate the AUP;
• the Account or its content presents an immediate risk of harm to any

person or to the Service;

• a payment is more than thirty (30) days overdue;
• continued provision of the Service to the Account would violate any

law, regulation, sanctions regime or court order.

14.3 Effect of termination

On termination of an Account:

• your right to use the Service ends immediately;
• we will make your User Content available for export for thirty (30)

days following termination, after which we will delete it from active systems (subject to backup retention as described in Section 20);

• accrued payment obligations survive;
• sections that by their nature should survive (including 8.3, 10, 12,

15, 16, 17, 18, 19, 20 and 21) survive termination.

14.4 Right to request your data on termination

You may at any time before or within thirty (30) days after termination request a structured export of your User Content using the "Request my data" feature on the Account download page or by emailing the privacy contact in Section 2.

15. Disclaimers and warranties

15.1 Service "AS IS"

To the maximum extent permitted by applicable law, the Service is provided "AS IS" and "AS AVAILABLE". We disclaim all warranties, whether express, implied, statutory or otherwise, including any warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, completeness, security, or quiet enjoyment.

15.2 AI Output

Without limiting Section 15.1, we make no warranty that AI Output will be accurate, complete, lawful, suitable for any particular production, fit for any safety-critical purpose, or free from bias or error. The Service is a decision-support tool, not a substitute for the professional judgment of producers, directors, accountants, lawyers, first assistant directors, script supervisors, health-and-safety advisers or any other production professional.

15.3 Consumer rights

Nothing in this Section 15 limits any non-excludable statutory rights you have as a consumer under the law of your country of residence.

15.4 Your productions and local law

The Service is a software toolkit for planning, organising and documenting productions. Your productions are yours. You — not StoryboardCanvas — are solely responsible for the conduct and legality of every production you plan, schedule, document or run using the Service, including (without limitation) compliance with all laws, regulations, permits, licences, collective-bargaining and union agreements, employment and engagement law, child-performer rules, working-time and rest-period rules, health-and-safety obligations, insurance requirements, immigration and right-to-work requirements, tax and social-security obligations, and filming/location permissions applicable in each jurisdiction in which you operate. The Service is operated from the United Kingdom and offered to a global user base; where you access or use the Service from, or run productions in, any other jurisdiction, you are responsible for ensuring that your use and your productions comply with the laws of that jurisdiction.

15.5 Production-compliance and scheduling features

Some features of the Service surface compliance-related information — for example permit and document expiry reminders, call-sheet pre-flight checks, turnaround and meal-break calculations, child-performer prompts, and jurisdiction-based rules data. These features are organisational and informational aids built from general industry practice. They do not constitute legal, tax, accounting, insurance, immigration, employment or other professional advice; they are not a substitute for the advice of qualified professionals engaged for your production; and using them does not transfer to us any responsibility or liability for your production's compliance with applicable law, which remains yours under Section 15.4 at all times. Rules and reference data may not reflect the most recent changes in every jurisdiction, and you are responsible for verifying any compliance decision before relying on it.

15.6 Information about your cast and crew

Where you record information about cast, crew, contributors or other individuals in the Service (including contact details, availability, engagement terms, documents and work history), you are responsible for having a lawful basis to collect and record that information, for providing those individuals with any notice required by applicable data-protection law, and for keeping it accurate. The roles and obligations of the parties in respect of such personal data are set out in Section 11 (Privacy and data protection) and Section 21 (Data Processing Addendum): for personal data you upload about third parties, you are the controller and we process it on your behalf.

16. Limitation of liability

16.1 Cap

Subject to Section 16.2 and to the extent permitted by applicable law, each party's total aggregate liability arising out of or in connection with these terms, whether in contract, tort (including negligence), breach of statutory duty or otherwise, in any twelve-month period, is limited to the greater of:

• the total fees paid by the Subscriber to us under these terms in the

twelve months immediately preceding the event giving rise to the liability; or

• £100 (one hundred pounds sterling).

16.2 Excluded liability and excluded damages

To the extent permitted by applicable law, neither party is liable to the other for:

• loss of profit, revenue, business, anticipated savings, goodwill or

reputation;

• loss or corruption of data not stored on the Service;
• indirect, consequential, special, exemplary or punitive damages.

16.3 Carve-outs

Nothing in these terms limits or excludes:

• liability for death or personal injury caused by negligence;
• liability for fraud or fraudulent misrepresentation;
• liability that cannot be limited or excluded under applicable law,

including non-excludable consumer rights;

• the Subscriber's payment obligations;
• liability arising from a party's breach of confidentiality

obligations in Section 12;

• liability arising from your indemnification obligation in Section 17.

16.4 Mitigation

Each party will use reasonable efforts to mitigate any loss for which it may seek to claim against the other party.

17. Indemnification

You agree to defend, indemnify and hold harmless StoryboardCanvas and its officers, directors, employees, agents, contractors and licensors from and against any third-party claim, demand, suit, proceeding, damage, loss, cost or expense (including reasonable legal fees) arising out of or relating to:

• your User Content (including any claim of infringement, defamation,

privacy violation or right-of-publicity violation);

• your breach of the AUP;
• your breach of the warranties you give in Section 8.3;
• your breach of the consent obligation in Section 9.3;
• your productions, including any claim arising from your failure to

comply with laws, permits, licences, union or collective agreements, employment, child-performer, working-time, health-and-safety, insurance, immigration or tax obligations applicable to a production you plan, document or run using the Service (Sections 15.4–15.6);

• personal data you record about cast, crew or other third parties

without a lawful basis or required notice (Section 15.6);

• your breach of any applicable law in connection with your use of the

Service.

We will give you prompt notice of any claim and reasonable cooperation in the defence. You may not settle any claim that imposes any obligation or admission on us without our prior written consent.

18. Governing law and disputes

18.1 Governing law

These terms and any dispute arising out of or in connection with them are governed by the law of England and Wales.

18.2 Jurisdiction

Subject to Section 18.3, the courts of England and Wales have exclusive jurisdiction over any dispute arising out of or in connection with these terms.

18.3 Consumers

If you are a consumer (acting outside your trade, business, craft or profession) and you are resident in a country other than the United Kingdom, you may bring proceedings either in the courts of England and Wales or in the courts of the country in which you are resident, and the mandatory consumer-protection laws of your country of residence apply.

18.4 Informal resolution

Before commencing court proceedings, the parties agree to attempt in good faith to resolve any dispute by negotiation. A party intending to commence proceedings must first send written notice to the other party setting out the substance of the dispute and a proposed resolution.

19. Miscellaneous

19.1 Entire agreement

These terms (together with the Privacy Policy, DPA, Cookie Policy, AI Addendum and any Order) form the entire agreement between you and us in relation to their subject matter and supersede any prior agreement or understanding.

19.2 No waiver

A failure or delay by us to enforce a right under these terms is not a waiver of that right.

19.3 Severability

If any provision of these terms is held by a court of competent jurisdiction to be invalid or unenforceable, that provision is severed to the minimum extent necessary and the remaining provisions remain in full force.

19.4 Assignment

You may not assign or transfer any of your rights or obligations under these terms without our prior written consent. We may assign or transfer our rights and obligations to a successor entity, including in connection with a merger, acquisition, reorganisation or sale of substantially all of our assets, on notice to you.

19.5 Force majeure

Neither party is liable for any delay or failure to perform caused by an event beyond its reasonable control, including acts of God, war, terrorism, riot, embargo, government act, fire, flood, accident, strike or shortage of transportation or fuel.

19.6 Third-party rights

A person who is not a party to these terms has no right to enforce any term except where expressly provided.

19.7 Notices

Notices to us must be sent to the contact addresses in Section 2. Notices to you will be sent to the email address registered to your Account.

19.8 Language

The English-language version of these terms is the controlling version. Any translation is provided for convenience only.

20. Privacy Policy

This Privacy Policy describes how we collect, use, store, share and protect Personal Data when we act as a Controller (for example in relation to your Account, billing and direct communications with us). Where we process Personal Data on your behalf (for example Cast Content you upload), we act as Processor under the DPA in Section 21.

20.1 Controller

For Personal Data processed as Controller, the data controller is StoryboardCanvas. The privacy contact is privacy@storyboardcanvas.ai.

20.2 Categories of Personal Data we collect

• Account data: name, email address, password hash (managed by our

identity provider), profile photograph if you upload one, organisation name and role.

• Billing data: name, billing address, VAT number, partial payment-

card identifier (last four digits and card brand only — full numbers are held by our payment processor), payment history.

• Identity-provider data: the subject identifier issued by our

identity provider and the email address associated with that identifier.

• Usage data: logs of features used, projects accessed, AI actions

taken, credit consumption, timestamps, IP addresses, browser and device strings, language and timezone.

• Support data: the content of any support tickets, emails or chat

messages you send to us.

• Cookies and similar technologies: as described in the Cookie

Policy in Section 22.

20.3 Lawful bases

We process the above on the following lawful bases under Article 6 UK GDPR / EU GDPR:

• Performance of a contract for the Account, billing, support and

identity-provider data;

• Legitimate interest in operating, securing and improving the

Service for the usage and cookie data (where strictly necessary cookies are concerned, the relevant basis under the Privacy and Electronic Communications Regulations is "strictly necessary");

• Consent for any non-essential cookies, marketing emails and any

special-category Personal Data we process about you as Controller.

• Compliance with a legal obligation for tax records, anti-money-

laundering and sanctions screening.

20.4 Purposes

We use Personal Data to:

• provide and operate the Service;
• authenticate you and maintain the security of your Account;
• charge fees and issue invoices;
• comply with our tax, accounting and regulatory obligations;
• respond to your support requests;
• detect, prevent and respond to fraud, security incidents and AUP

violations;

• improve the Service through aggregated, de-identified usage analysis;
• communicate about the Service, including operational notices, security

alerts and (with separate consent) product updates.

We do not use Personal Data for automated decision-making with legal or similarly significant effects.

20.5 Sub-processors and sharing

We share Personal Data only with:

• our sub-processors, listed in the DPA in Section 21, who process it

on our instructions and under written contracts;

• our professional advisers (accountants, lawyers, auditors) bound by

confidentiality;

• a successor entity in connection with a merger, acquisition or sale

of substantially all of our assets;

• a court, regulator, or other competent authority where we are legally

required to disclose, or where disclosure is necessary to protect the rights or safety of any person.

We do not sell Personal Data, we do not share Personal Data for cross- context behavioural advertising, and we do not allow any sub-processor to use the data we share with them for any purpose other than providing the contracted service.

20.6 International transfers

Some of our sub-processors are established outside the UK and the EEA. Where Personal Data is transferred outside the UK or the EEA we rely on:

• a UK adequacy regulation or EU adequacy decision where one applies;
• the Standard Contractual Clauses (with the UK International Data

Transfer Addendum where applicable);

• another transfer mechanism recognised by the relevant supervisory

authority.

You may request a copy of the safeguards in place for a specific transfer by emailing the privacy contact.

20.7 Retention

We retain Personal Data only for as long as necessary for the purpose for which it was collected:

• Account data: for as long as the Account is active, plus thirty

days for grace-period reactivation, plus up to ninety days in encrypted backup before purging on the normal backup-rotation cycle.

• Billing data: for six years after the end of the tax year in

which the transaction occurred, in line with our HMRC record-keeping obligation.

• Usage logs: for thirteen months, after which they are aggregated

and de-identified.

• Support data: for twenty-four months after closure of the

ticket.

• Audit logs (for compliance): for seven years where required to

evidence a regulatory obligation; otherwise for thirty-six months.

• Cast Content and Customer Data: for as long as you keep it on

the Service, plus the deletion window described in Sections 8.5 and 14.3.

20.8 Security

We implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage. These measures include encryption in transit and at rest, access controls scoped to the principle of least privilege, owner-gated permission matrices, audit logging on every mutation, magic-byte content validation on uploads, rate limiting, content moderation on AI inputs, multi-factor authentication on administrative access, and periodic review of our security posture. No system is perfectly secure and we cannot guarantee the security of Personal Data, but we will notify affected users and the relevant supervisory authority of any reportable breach in accordance with applicable law (within seventy-two hours of becoming aware in the case of UK and EU notifiable breaches).

20.9 Your rights

Under the UK GDPR / EU GDPR you have the right to:

• request access to the Personal Data we hold about you (Article 15);
• request rectification of inaccurate Personal Data (Article 16);
• request erasure of Personal Data ("right to be forgotten")

(Article 17);

• request restriction of processing (Article 18);
• request portability of Personal Data you provided to us in a

structured, commonly used and machine-readable format (Article 20);

• object to processing based on our legitimate interest (Article 21);
• not be subject to a solely automated decision that has a legal or

similarly significant effect on you (Article 22);

• withdraw any consent at any time without affecting the lawfulness of

processing carried out before withdrawal;

• lodge a complaint with the Information Commissioner's Office (ICO)

in the UK or with the supervisory authority in your country of residence.

To exercise any of these rights, contact privacy@storyboardcanvas.ai or use the "Request my data", "Delete account" and "Update profile" controls within the Account settings of the Service. We will respond without undue delay and in any event within one month, with a possible two-month extension for complex requests.

20.10 California, Colorado, Virginia, Connecticut and Utah residents

If you reside in a US state with a comprehensive privacy law we will honour state-specific rights including the right to know, the right to delete, the right to correct, the right to opt out of sale or sharing (noting that we do not sell or share Personal Data), and the right to non-discrimination. The contact details in this Section 20 apply for state-law requests.

20.11 Children

The Service is not directed to children under the age of 16 (or any higher minimum age in your jurisdiction) and we do not knowingly collect Personal Data from children. See Section 25.

21. Data Processing Addendum (DPA)

This DPA applies whenever the Subscriber, acting as Controller, uploads or otherwise causes Personal Data to be processed in the Service. We act as Processor for that Personal Data. This DPA forms part of the contract between the Subscriber and us. Where there is a conflict between this DPA and the body of the terms with respect to processing of such Personal Data, this DPA prevails.

21.1 Subject matter, duration, nature and purpose of processing

• Subject matter: hosting and operation of the Service for the

Subscriber, including storage of Customer Data, generation of AI Output, generation of production documents (call sheets, schedules, reports), and provision of collaboration features.

• Duration: for the duration of the Subscriber's Account plus the

retention windows in the Privacy Policy.

• Nature: storage, organisation, structuring, retrieval,

consultation, use, disclosure by transmission and erasure.

• Purpose: to provide the Service to the Subscriber in accordance

with these terms.

21.2 Categories of data subjects

• The Subscriber's owners, employees, contractors and other Team

Members and Viewers;

• Cast members, crew members, contributors and other production

personnel whose data the Subscriber uploads;

• Any natural person whose photograph, recording or biographical

information the Subscriber chooses to upload as project content.

21.3 Categories of Personal Data

• Identification and contact details (name, email, phone, address);
• Professional details (role, department, agency, day rate);
• Schedule and availability data;
• Photographs and other images (which may constitute biometric data

when processed by AI Features for style locking);

• Audio recordings (voice notes, transcriptions, voice clones if the

Subscriber configures them);

• Health and accessibility notes where the Subscriber chooses to record

them (special-category Personal Data);

• Bank account details where the Subscriber chooses to record them for

paying cast or crew (financial data);

• Identity-document copies if the Subscriber chooses to upload them

(special-category Personal Data in some jurisdictions);

• Children's data where the production involves minors (special

category — requires explicit guardian consent).

21.4 Controller and Processor obligations

The Subscriber, as Controller:

• determines the purposes and means of processing of the Personal Data

it uploads;

• warrants that it has a lawful basis for each category of processing;
• warrants that, where required by Article 9 GDPR or local equivalents,

it has obtained explicit consent for special-category data;

• is responsible for responding to data-subject rights requests, with

our reasonable assistance as set out below;

• will not instruct us to process Personal Data in any manner that

violates applicable data-protection law;

• agrees that processing under our standard documented instructions is

not such a violation.

We, as Processor, will:

• process Personal Data only on the Subscriber's documented

instructions, including with respect to transfers, except where required to do otherwise by a law to which we are subject (in which case we will notify the Subscriber unless that law prohibits notice);

• ensure that personnel authorised to process the Personal Data are

under a duty of confidence;

• implement the technical and organisational measures described in

Section 20.8 and Schedule 1 below;

• engage sub-processors only on the terms described in Section 21.5;
• assist the Subscriber, by appropriate technical and organisational

measures and taking into account the nature of the processing, in responding to data-subject requests under Articles 15 to 22 GDPR;

• assist the Subscriber with the obligations in Articles 32 to 36 GDPR

(security of processing, notification and communication of breaches and data-protection impact assessments) taking into account the nature of processing and information available to us;

• notify the Subscriber without undue delay and in any event within

forty-eight (48) hours of becoming aware of a Personal Data breach affecting the Subscriber's Personal Data;

• on the Subscriber's choice, delete or return all Personal Data after

the end of the provision of the Service, subject to the retention windows in the Privacy Policy and any legal obligation to retain;

• make available to the Subscriber all information necessary to

demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, on the terms set out in Section 21.7.

21.5 Sub-processors

The Subscriber generally authorises us to engage sub-processors for processing as part of the Service. The current list of sub-processors, the location of each, and the category of processing performed, is available on request from privacy@storyboardcanvas.ai.

When we add or replace a sub-processor we will give the Subscriber fifteen (15) days' notice. The Subscriber may object to the change on reasonable data-protection grounds. If the objection cannot be resolved the Subscriber may terminate the affected portion of the Service with a pro-rata refund.

We require each sub-processor to enter into a written contract with us on terms no less protective than this DPA, including the same obligations regarding security, sub-processing, international transfers and audit.

21.6 International transfers

Where this DPA involves a transfer of Personal Data outside the UK or the EEA, the parties agree that:

• where required, the Standard Contractual Clauses (controller-to-

processor module) approved by the European Commission apply, with the UK International Data Transfer Addendum where the data exporter is established in the UK;

• the parties incorporate the SCCs and the UK Addendum by reference and

agree to populate the relevant docking clauses (selection of options, Annexes I, II and III) consistently with this DPA and the Privacy Policy;

• where a destination country becomes subject to an adequacy regulation

the SCCs cease to be required for that destination.

21.7 Audit

The Subscriber may request, no more than once in any twelve-month period, that we provide a written response to a reasonable data- protection-compliance questionnaire and a copy of our then-current security overview and any third-party audit reports (such as a SOC 2 Type II report once available). For audits beyond this, the parties will agree in writing the scope, methodology, audit team and any reasonable fees, with mandatory law (Article 28(3)(h) GDPR) being preserved.

21.8 Liability under this DPA

The liability cap in Section 16 of these terms applies to the performance of this DPA, except where Article 82 GDPR or other mandatory law imposes a higher liability for breaches by the Processor.

21.9 Schedule 1 — Technical and organisational measures (summary)

• Pseudonymisation and encryption: TLS 1.2+ for data in transit;

AES-256 for data at rest at our hosting providers; secrets management through a dedicated secret store; PII fields restricted to least privilege.

• Confidentiality, integrity, availability and resilience: role-

based access control across the application; per-seat permission matrix enforced server-side; audit logs on every mutation; rate limiting per user; magic-byte content validation on uploads; daily backups with at least 30-day retention; service-level high- availability provided by our hosting provider's multi-zone architecture.

• Restoration of availability: documented disaster-recovery plan

with target restore time of four hours and target restore point of twenty-four hours for active production data.

• Testing and evaluation: continuous integration test suite,

dependency-vulnerability scanning, and periodic penetration testing performed at least annually.

• Personnel measures: confidentiality undertaking from all

personnel; least-privilege access to production; multi-factor authentication on administrative access.

22. Cookie Policy

We use cookies and similar storage technologies for limited purposes:

• Strictly necessary cookies: for authentication, session

management, security (CSRF protection, rate-limit fingerprints) and load balancing. These are set without consent because they are required for the Service to function. They include the session cookies set by our identity provider.

• Functional cookies: to remember your UI preferences (theme,

recently-opened project, sidebar state).

• Analytics cookies: to measure aggregated, de-identified use of

the marketing site. Where we use a privacy-preserving analytics provider that does not set persistent identifiers, this category may not require consent in some jurisdictions; we will surface a consent banner where required by the law of your country of residence.

We do not use advertising, cross-context behavioural-advertising or social-tracking cookies. We do not sell or share cookie identifiers with data brokers.

You can clear cookies and similar storage at any time via your browser settings. Doing so may sign you out of the Service.

23. AI Addendum

23.1 What our AI Features do

The Service provides AI-powered tools across the production workflow, including script analysis, breakdown generation, shotlist suggestion, schedule optimisation, call-sheet drafting, storyboard frame generation, animatic timing suggestions, image inpainting, voice-to-text transcription, text-to-speech, continuity scoring and document summarisation.

23.2 Model providers

We use third-party large-language-model and image-generation providers to deliver AI Features. We do not publicly disclose the specific model providers we use in this document because the choice is operational and may change. The list of AI sub-processors is maintained as part of the DPA sub-processor list, available on request from privacy@storyboardcanvas.ai, and we will give notice of changes per Section 21.5.

23.3 No training on your data

We require each AI sub-processor to contractually commit, before we use them, that prompts and outputs we route through them on your behalf:

• will not be retained for the provider's own model training or

evaluation;

• will not be used to improve the provider's general-purpose models;
• will be retained only for the operational minimum required to deliver

the response (typically zero retention after the response is returned), unless we explicitly opt in to a logging window required for the provider's abuse-monitoring obligations.

23.4 Inputs we send to AI providers

To deliver an AI Feature we typically send the AI provider:

• the prompt or selection you submitted;
• the relevant slice of your project context required to answer

(for example the scene you selected, the cast list for that scene, the schedule for the relevant week);

• system-prompt and policy instructions we have authored;
• moderation-classification metadata.

We avoid sending more of your Customer Data than is required to answer. We do not include credentials, billing identifiers or sub-processor API keys in prompts.

23.5 Moderation

We apply pre-call content moderation to user-typed AI inputs to detect content that is illegal or in serious violation of the AUP. We may block or redact inputs that fail moderation. We do not log the full content of blocked inputs beyond what is required to evidence the moderation decision.

23.6 Style-lock biometric reference images

The AI Artist style-lock and custom-artist features use reference images you upload. Where those images contain identifiable faces, the images are processed by an AI model that extracts visual style characteristics (line weight, palette, lighting style, composition). This processing may incidentally derive biometric features. We treat this as special-category Personal Data under Article 9 GDPR. You must have obtained the explicit consent of each person whose face appears in a reference image you upload, with separate consent specifically for the AI-style-lock processing. See Section 9.3.

23.7 Voice clones

If you configure a per-character voice for the Read-Through feature or similar, the audio output is synthesised from a generic voice library and is not a clone of any specific real person unless you have explicitly uploaded that person's voice as a reference and obtained their written consent. We do not enable per-individual voice cloning by default.

23.8 Provenance

We embed provenance metadata in some AI Output (for example C2PA-style content credentials in generated images) where the AI provider supports it. You agree not to remove provenance metadata from AI Output where this would mislead viewers about the machine-generated nature of the content.

23.9 Accuracy disclaimer for production-critical AI output

AI-generated DPRs, call sheets, hot-cost calculations, budget forecasts, schedule risk assessments, continuity flags and overtime predictions are decision-support tools. You must verify each such output before relying on it for on-set safety, payroll, insurance reporting, financier reporting or any other purpose where an error could cause harm.

24. Know-Your-Customer, Anti-Money-Laundering and Sanctions

24.1 KYC at registration

We rely on our payment processor's identity verification to onboard paying Subscribers. Where the payment processor flags a Subscriber for enhanced due diligence we may require the Subscriber to provide additional information (company registration number, beneficial- ownership disclosure, proof of address for the registered office, purpose-of-account declaration) before allowing further use of the Service.

24.2 Sanctions screening

We screen Subscribers and payment counterparties against UK, EU, US Treasury OFAC, US Commerce BIS, EU consolidated and UN sanctions lists at registration and periodically thereafter. We may suspend or terminate an Account that matches a sanctions list or that we have reasonable grounds to suspect is being used to evade sanctions.

24.3 Transaction monitoring

We monitor for patterns of payment activity that may indicate money laundering, terrorist financing, fraud or other illicit conduct. We may suspend, decline or reverse transactions that we reasonably suspect involve such activity, and we may report the activity to the National Crime Agency or another competent authority where required by law.

24.4 Record keeping

We retain KYC and transaction records for six years after the end of our business relationship with the Subscriber, in line with our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and HMRC's record-keeping requirements.

24.5 Disclosure

We may disclose KYC, transaction-monitoring and sanctions information to law-enforcement authorities, regulators and our payment processor as required by law or to comply with sanctions regimes. We may not be able to notify you of such a disclosure where the law prohibits us from doing so.

25. Children's Online Privacy

25.1 Minimum user age

The Service is not directed to children. You may not register an Account, accept these terms or use the Service if you are under 18 (or the legal age of majority in your jurisdiction, whichever is higher).

25.2 Children in production

You may, with the explicit written consent of a parent or legal guardian and in compliance with all applicable child-performer laws, record administrative details of a child performer (name, role, guardian contact details, schedule, day rate) on the Service.

You must not:

• enter login credentials for a child on the Service;
• upload images, audio or video of a child for the purpose of AI-

generated reference, voice cloning or style locking;

• upload sensitive personal data of a child (medical records, identity

documents) without explicit guardian consent and a lawful basis.

25.3 Notification to parents and guardians

Where you have a contractual obligation to notify the parents or legal guardians of a child performer about the processing of that child's data, you remain responsible for that notification. We provide a standard summary of how the Service processes child-performer data that you may share with parents and guardians on request from the privacy contact.

25.4 Removal

If we become aware that we have inadvertently collected Personal Data from a child under 16 contrary to this Section, we will delete that data promptly and notify the parent or guardian where contact details are available.

26. Changes to these terms

We may amend these terms from time to time. The current version always appears at the URL referenced from the footer of the Service and the marketing site.

For a material change that adversely affects your rights, we will give you at least thirty (30) days' notice before the change takes effect, by email to the Account email address and by prominent in-app notice. You may terminate the Account before the change takes effect; in that case the change does not apply to you and we will pro-rate any refund in line with Section 14.1.

For a non-material change (clarifications, formatting, typographic corrections, new sub-processor notifications under Section 21.5, AI sub-processor list updates), we will publish the change with an updated version date and you will be deemed to have accepted the change by continuing to use the Service after publication.

Closing notice

This document is published openly so that any user, partner, regulator or journalist can review what we believe our obligations are. We welcome feedback at the contact addresses in Section 2.

A PDF copy of this document is available for download from the footer of the marketing site and from the Account legal page within the Service. Each PDF download stamps the version and the download date so you can prove which version you accepted.

— end of document —