Privacy Policy

Effective Date: 24 April 2026

1. Introduction

This Privacy Policy describes how KGoh Studios (“we”, “us”, or “our”), operator of Dregs (dregs.app), collects, uses, discloses, and protects personal data.

We comply with:

  • Singapore Personal Data Protection Act 2012 (PDPA)
  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act (CCPA)

By using Dregs, you consent to the practices described.

2. Data We Collect

2.1 Account Data (via Google OAuth)

  • Email address
  • Display name
  • Google profile image URL (if provided)
  • Google account ID

We do NOT receive your Google password. Authentication is handled by Google.

2.2 Payment Data (via Stripe)

Stripe collects and processes payment information. We do NOT store full credit card numbers or CVV codes. We receive:

  • Subscription status
  • Billing email
  • Last 4 digits of payment card
  • Card brand
  • Country of card issuer

2.3 Service Usage Data

  • Videos you generate (stored in Firebase Storage)
  • Scripts and voiceovers generated on your behalf (stored in Firebase Firestore)
  • Generation history and credit usage
  • Story category selections
  • Voice selections
  • Timestamps of account activity

2.4 Technical Data

  • IP address (for security and rate limiting)
  • Browser type and version
  • Device type
  • Pages visited within the Service

We do NOT currently use third-party analytics trackers (Google Analytics, PostHog, Mixpanel). We may add analytics in the future; this policy will be updated with 30 days’ notice.

2.5 Communications

Support communications are retained for record-keeping.

3. How We Use Your Data

3.1 Service Delivery

  • Account authentication
  • Video generation
  • Subscription and billing
  • Content library storage
  • Usage limit enforcement

3.2 Service Operation

  • Fraud prevention and security
  • Debugging
  • Support responses
  • Legal compliance

3.3 Communications

  • Service notifications
  • Occasional feature updates (opt-out available)

We do NOT sell personal data. We do NOT use your data for advertising.

4. Third-Party Data Processors

ProviderPurposeData SharedLocation
Google Cloud / FirebaseAuthentication, database, storage, video processingEmail, account ID, generated contentUS, EU
StripePayment processingBilling email, payment infoUS
AnthropicAI story and script generationGeneration prompts (no user PII)US
ElevenLabsText-to-speech voice generationGenerated script textUS
PexelsStock video footageSearch keywords onlyWorldwide
VercelWebsite and API hostingIP address, request dataUS, EU

Each provider is bound by their own privacy obligations under applicable laws.

5. Data Retention

5.1 Active Accounts

Retained while your account is active.

5.2 Deleted Accounts

  • Personal data deleted within 30 days of account deletion
  • Generated content deleted within 30 days
  • Backup systems may retain data up to 90 days before permanent deletion

5.3 Legal Retention

Payment records may be retained up to 5 years (Singapore tax requirements).

5.4 Inactive Accounts

Free tier accounts inactive for 12+ months may be deactivated with 30 days’ email notice.

6. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access — Request a copy of personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your data
  • Portability — Request a machine-readable export of your data
  • Restriction — Request limiting how we process your data
  • Objection — Object to certain uses of your data
  • Withdrawal of consent — Withdraw consent for processing

Email kavan.aiaa@gmail.com with subject “Privacy Request.” We respond within 30 days.

7. International Data Transfers

Your data may be transferred to and processed in:

  • Singapore (KGoh Studios base)
  • United States (primary service providers)
  • European Union (some provider facilities)

We rely on:

  • Standard Contractual Clauses for EU data transfers
  • Adequacy decisions where applicable
  • Your explicit consent where required

8. Data Security

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest (Firebase default)
  • Firebase Security Rules access controls
  • Stripe PCI DSS compliance (we do not handle raw card data)

In the event of a data breach affecting personal data, we will notify affected users within 72 hours of discovery.

9. Children’s Privacy

Dregs is not directed to children under 13. We do not knowingly collect data from children under 13. Contact us if you believe we have.

EU users: minimum age 16 (or lower per country-specific regulations with parental consent).

10. Cookies and Tracking

10.1 Essential Cookies

  • Firebase Auth session cookies (required for login)
  • Session identifiers (required for Service function)

10.2 Functional Cookies

  • User preferences (selected voices, UI state)

10.3 Third-Party Cookies

  • Stripe payment flow cookies during checkout
  • Google OAuth cookies during authentication

We do NOT use tracking or advertising cookies.

11. Marketing Communications

Occasional emails about:

  • Product updates
  • New features
  • Usage tips

Unsubscribe via link in every marketing email. Service emails (billing, security) cannot be opted out while account is active.

12. Changes to This Privacy Policy

Material changes notified by email at least 30 days before taking effect. Current “Effective Date” at top reflects latest revision.

13. Contact Us

KGoh Studios

Email: kavan.aiaa@gmail.com

Registered in Singapore: UEN 53522802C

13.1 Regulatory Complaints

Singapore: Personal Data Protection Commission Singapore — https://www.pdpc.gov.sg — Phone: +65 6377 3131

EU users: contact your local Data Protection Authority.