CHITRAVAN

Privacy Policy

Effective date: 18 April 2026  ·  Last updated: 18 April 2026

Chitravan Technologies ("Company", "we", "us", or "our") operates Chitravan Studio. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

1.1 Information you provide

  • Account data: email address, display name, profile picture (when signing in via Google).
  • Payment data: payment method details are processed directly by Razorpay. We store only the transaction ID and amount — never your card or UPI details.
  • User-generated content: prompts, scripts, scene plans, episode metadata, and other project data you create within the Service.
  • User-uploaded assets: audio files, keyframe images, video clips, and character/avatar reference images that you explicitly upload to a project. These are validated for file type and size, stored on our object storage (Amazon S3), and used only to produce your own generations.
  • Support conversations: if you use the in-app support chat (powered by Crisp), the messages and any attachments you send are processed by Crisp on our behalf.

1.2 Information collected automatically

  • Usage data: pages visited, features used, generation requests made, credit transactions.
  • Device & log data: IP address, browser type, operating system, timestamps of actions.
  • Approximate location: our CDN (Amazon CloudFront) appends a two-letter country code derived from your IP so we can show prices in your local currency (INR for users in India, USD otherwise). We do not store precise location.
  • Cookies & local storage: session tokens and theme preferences stored locally in your browser.

1.3 Information from connected YouTube channels

If you choose to connect your YouTube channel to Chitravan, we use Google OAuth 2.0 to request two read-only scopes — youtube.readonly and yt-analytics.readonly. With your explicit consent, we read:

  • Your channel ID, channel title, and the list of your most recently uploaded videos (used to let you pick which uploaded video maps to which Chitravan episode).
  • Per-video analytics for videos you have explicitly linked to a Chitravan episode: views, likes, comments, shares, watch time, average view duration, average view percentage, Stayed %, impressions, click-through rate, and subscribers gained/lost.

We never upload, modify, delete, or read other users' data via the YouTube API. Chitravan's use of YouTube API Services is subject to the YouTube Terms of Service, and Google's use of information received from those APIs adheres to the Google Privacy Policy. You can revoke Chitravan's access at any time from your Chitravan profile ("Disconnect"), or from your Google Account permissions page.

YouTube access and refresh tokens are encrypted at rest (Fernet/AES-128) before being stored. Analytics metrics are stored as timestamped snapshots on your Chitravan account at defined ingest windows (immediate on request, T+24h, T+7d, T+30d after a video is linked) so you can view performance trends over time.

2. How We Use Your Information

  • To create and manage your account and authenticate your sessions.
  • To process credit purchases and track credit usage.
  • To provide, operate, and improve the AI generation features of the Service.
  • To display your connected YouTube channel's performance metrics back to you inside your own Chitravan dashboard.
  • To send transactional emails (account confirmation, password reset, purchase receipts).
  • To detect and prevent fraud, abuse, and violations of our Terms of Service.
  • To analyse aggregate, anonymised usage patterns to improve the platform.
  • To respond to your support requests.

We do not sell your personal data to third parties. We do not share data received from YouTube APIs with third parties outside the processors listed in Section 3, and we do not use YouTube-derived data to train advertising models.

3. Third-Party Service Providers

To deliver the Service, we work with the following trusted third-party processors. Each is given access only to the data necessary to perform its specific function and is bound by appropriate data processing agreements. We do not sell your data to any third party.

  • Amazon Web Services (AWS): cloud hosting, object storage (S3), CDN (CloudFront), secrets management.
  • Google / YouTube: sign-in via OAuth; YouTube Data API v3 and YouTube Analytics API v2 when you connect a channel.
  • Razorpay: payment processing for credit purchases.
  • Anthropic (Claude): large-language-model inference for scripts, scoring, and recommendations.
  • fal.ai: image generation (FLUX) and video generation (Wan 2.2).
  • ElevenLabs: text-to-speech voiceover generation.
  • HeyGen: avatar/lip-sync video generation (only when a project uses the optional avatar feature).
  • Replicate & Kling: alternative AI model providers used optionally.
  • Crisp: in-app support chat widget.
  • Pixabay: royalty-free curated music library for background tracks.

4. Data Retention

  • Account data is retained for as long as your account is active.
  • Generated media files and user-uploaded assets (audio, images, clips, video) are stored on Amazon S3. You may delete projects at any time from your account.
  • YouTube OAuth tokens are retained until you disconnect the channel; upon disconnection they are deleted within 24 hours.
  • Analytics snapshots are retained for as long as the associated episode exists; deleting an episode deletes its snapshots.
  • Payment transaction records are retained for 7 years as required by Indian accounting law.
  • Log data (IP addresses, request metadata) is retained for up to 90 days.
  • Support chat transcripts are retained by Crisp according to its own retention policy; we do not control Crisp's retention.

5. Data Security

We implement industry-standard security measures including HTTPS/TLS 1.2+ encryption in transit, encryption at rest for sensitive data (OAuth tokens are encrypted with Fernet/AES-128, S3 objects with AES-256 SSE), role-based access control on all internal systems, and regular security reviews. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Your Rights

Under applicable Indian law (Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Erasure: Request deletion of your account and associated personal data (subject to legal retention obligations).
  • Revoke third-party access: Disconnect a linked YouTube channel at any time from your Chitravan profile; this revokes our tokens and stops further reads. You may also revoke access directly from your Google Account permissions page.
  • Grievance redressal: Lodge a complaint with our Grievance Officer (see Section 9).

To exercise any of these rights, contact us at support@chitravan.co.in.

7. Cookies

We use session cookies (required for authentication) and local storage for theme preferences. We do not use third-party advertising cookies or tracking pixels. You can disable cookies in your browser settings, but this will prevent you from signing in.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

9. Grievance Officer

In accordance with the Information Technology Act, 2000, the name and contact details of our Grievance Officer are:

Name: Akash Deep
Response time: Within 30 days of receipt

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or a prominent banner on the Service. Your continued use after the effective date of changes constitutes acceptance.

Privacy Policy | Chitravan Studio