Privacy Policy

1. Google User Data We Access

Cuppa AI requests access to the following specific types of Google user data through the OAuth scopes listed below. We adhere to the principle of least privilege and only request the minimum permissions needed:

• Active Document Text Content — We read the full body text of the Google Document that is currently open and active when you explicitly trigger video generation. This is accessed via the https://www.googleapis.com/auth/documents.currentonly scope. We cannot access any other files in your Google Drive.
• Active Document Title — We read the name/title of the currently open Google Document to label your generated video. This is also accessed via the documents.currentonly scope.
• Google Account Identity (via Google Sign-In) — If you choose to sign in with Google, we receive your email address, display name, and unique account identifier (UID) from Firebase Authentication. This data is used solely for account creation and authentication.
• User Interface Interaction — We use the https://www.googleapis.com/auth/script.container.ui scope to display the Cuppa AI sidebar panel within the Google Docs interface. No user data is collected through this scope.
• External Network Requests — We use the https://www.googleapis.com/auth/script.external_request scope to transmit your document text to our secure backend API at https://cuppai.top for video generation processing.

2. How We Use Google User Data

Google user data is used exclusively for the following purposes:

• AI Video Script Generation: Your document text and title are sent to our backend where an AI language model (see Section 3) converts the text into a structured video script containing slide content, scene types, and voiceover narration.
• Video Rendering: The AI-generated script is then processed through our rendering pipeline (LaTeX/Beamer, Python diagram generators, FFmpeg) to produce a professional educational video.
• Text-to-Speech Audio: Voiceover scripts are sent to Microsoft Edge TTS to generate neural speech audio tracks for each slide.
• Account Management: Your email address and UID are used to create and manage your Cuppa AI account, track your generation credit balance, and maintain a history of your generated videos.
• Payment Processing: If you purchase credits, your email address is shared with Flutterwave (our payment processor) to process the transaction.

We do not use Google user data for advertising, remarketing, tracking, or any purpose unrelated to providing the Cuppa AI service described above.

3. Third-Party Services & Data Sharing

To deliver the video generation service, we share specific data with the following trusted third-party service providers. We do not sell, trade, or share your data with any third party for marketing or advertising purposes.

• Azure OpenAI Service (Microsoft) — Your document text is sent to Azure OpenAI (our primary AI provider) to generate structured video scripts. Microsoft's Azure OpenAI Service does not use customer data to retrain models. See: Azure OpenAI Data Privacy.
• Google Gemini API (Google) — Used as a fallback AI provider if Azure OpenAI is unavailable. Your document text may be sent to Gemini for script generation. See: Google AI Terms.
• Firebase (Google Cloud) — We use Firebase Authentication (to manage user accounts), Cloud Firestore (to store user profiles, credit balances, and generation history), and Firebase Cloud Storage (to store user-uploaded voice profile samples). All Firebase data is hosted on Google Cloud infrastructure. See: Firebase Privacy.
• Microsoft Edge TTS — Voiceover text (AI-generated narration, not your raw document text) is sent to Microsoft Edge TTS to generate audio. See: Microsoft Privacy Statement.
• Flutterwave — If you purchase credits, your email and transaction details are shared with Flutterwave for payment processing. See: Flutterwave Privacy Policy.

No other third parties receive your Google user data.

4. Data Storage & Protection

We implement the following measures to securely store and protect your data:

• Encryption in Transit: All data transmitted between the Google Docs extension and our backend servers is encrypted using HTTPS/TLS. All communications with third-party APIs (Azure OpenAI, Firebase, Flutterwave) also use encrypted channels.
• No Permanent Document Storage: Your Google Document text is held only in server memory during the video generation process. It is never written to disk and is discarded immediately after processing completes or fails.
• User Profile Data: Your email address, credit balance, and generation history (video titles, timestamps, video URLs) are stored in Google Cloud Firestore. This data is protected by Firebase Security Rules that restrict access to authenticated users viewing only their own data.
• Generated Videos: Output video files are stored temporarily on our servers (see Section 5 for retention periods) and are accessible only via unique, unguessable URLs.
• Voice Profiles: If you upload a voice sample for custom narration, it is stored securely in Firebase Cloud Storage under your user ID.
• Server Security: Our backend servers are hosted on Microsoft Azure with standard cloud security controls, including network firewalls and access management.

5. Data Retention & Deletion

We retain data for the minimum period necessary to provide the service:

• Document Text: Held in memory only during processing. Retention: zero persistent storage — discarded immediately after the video generation job completes or fails (typically within 5–15 minutes).
• Generated Video Files: Stored on our servers for up to 7 days after creation to allow downloading, then permanently deleted.
• User Account Data (email, credits, generation history): Retained for as long as your account exists. You may request deletion at any time (see Section 8).
• Voice Profiles: Retained until you request deletion or delete your account.
• Server Logs: Basic request logs (IP addresses, timestamps, error messages) are retained for up to 30 days for debugging and security monitoring, then automatically purged.

6. AI/ML Model Training Disclosure

In compliance with the Google API Services User Data Policy:

• Cuppa AI does NOT use Google user data (document text, document titles, user identity information, or any other data obtained through Google API scopes) to train, improve, or fine-tune any artificial intelligence or machine learning models.
• Google user data is used solely as input to third-party AI models (Azure OpenAI, Google Gemini) for the purpose of generating a one-time video script. The data is not retained by these providers for training purposes.
• We do not build user profiles, perform analytics, or derive insights from Google user data beyond what is necessary to deliver the requested video.

7. Children's Privacy

Cuppa AI is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at the email below and we will promptly delete that information.

8. Your Rights

You have the following rights regarding your data:

• Access: You may request a copy of all personal data we hold about you.
• Correction: You may request correction of any inaccurate data.
• Deletion: You may request complete deletion of your account and all associated data (profile, generation history, voice profiles, and any stored videos). We will process deletion requests within 30 days.
• Revoke Access: You may revoke Cuppa AI's access to your Google account at any time by visiting your Google Account Permissions page and removing the Cuppa AI add-on. This immediately stops all access to your Google Docs data.
• Data Export: You may request an export of your generation history and account data in a machine-readable format.

To exercise any of these rights, contact us at the email address below.

9. Google API Services User Data Policy Compliance

Cuppa AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We limit our use of Google user data to providing and improving the Cuppa AI video generation service.
• We do not transfer Google user data to third parties except as necessary to provide the service, as required by law, or with your explicit consent.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read Google user data unless: (a) we have your affirmative consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of Cuppa AI after changes constitutes acceptance of the updated policy.