Privacy Policy — RetroCast

1. Who we are

RetroCast (retrocast.delivery) is operated by The Not Boring Company (Pty) Ltd, a company registered in South Africa ("we", "us"). We are the "responsible party" under the Protection of Personal Information Act, 2013 (POPIA) and the "data controller" under the EU and UK General Data Protection Regulation (GDPR) for the personal information described in this policy.

Information Officer: Stuart Shapiro. For any privacy question, request, or complaint, use our contact form (topic: Privacy) and we will respond by email.

2. What we collect

Account information. When you sign in with Google we receive your name, email address, and profile photo from your Google account. We do not see or store your password.
Team rosters and photos. You can upload names and photographs of your team members to cast them in rendered frames. These are personal information about the people in them — see section 4.
Reel data. Your retro method and film selections, team name, facilitator name, and a history of completed reels (titles and dates). The generated frame images themselves are stored locally in your browser, not on our servers — with one exception: when you export a contact sheet, a copy is stored on our infrastructure for 90 days so you can re-download it from your account, after which it is automatically deleted. Stored exports are accessible to your signed-in account and, solely for support and quality purposes, to our Information Officer — every such access is logged.
Support requests and feedback. If you contact support in-app or rate a reel, we store your message, rating and the technical context (reel, film, app version) to resolve your issue and improve the product.
Usage and security logs. When you use the app we record session data including your IP address, approximate location (country and city, derived from your IP at our hosting provider's edge), browser type, app version, features used, frames rendered, generation times, models used, and errors encountered.
Credit and purchase records. Your credit balance and usage. When paid credit packs launch, payments will be processed by Paddle as merchant of record — your card details go to Paddle, never to us. We receive confirmation of the transaction and the pack purchased.

3. Why we collect it

To provide the service (performance of our contract with you): authentication, storing your rosters, rendering frames, tracking your credit balance.
To render frames: photos and scene prompts are sent to Google's Gemini API for image generation — see section 5.
Security and abuse prevention (legitimate interest): usage logs, rate limits, and credit enforcement protect the service and other users.
Legal compliance: transaction records, responding to lawful requests.

We do not sell personal information, we do not use it for advertising, and we do not use your photos or content to train AI models.

4. Team photos — your responsibilities and ours

Before uploading a photo of a colleague, you must have their permission. By uploading, you confirm each person has agreed to their photo being used in RetroCast to generate film-style frames for your team's retrospective. The app asks you to confirm this each time you build a cast.

Photos are used solely to render frames for the reel you cast them in. They are not used for any other purpose.
Photos are stored in your private roster, readable only by your signed-in account, and are sent to Google's Gemini API at render time (section 5).
Anyone who appears in an uploaded photo may ask for their image to be removed via our contact form (topic: Remove my photo); we will remove it and ask the uploading account holder to refrain from re-uploading it.
Do not upload photographs of anyone under 18.

5. Who processes data on our behalf

We use a small number of service providers ("operators" under POPIA, "processors" under GDPR):

Google Firebase (Google LLC) — sign-in and our database. Your account data, rosters, photos, history, and credit balance are stored in Google Cloud.
Google Gemini API (Google LLC) — image generation. At render time, the relevant cast photos and a scene description are sent to Gemini and an image is returned. We use Google's paid API tier, under which Google does not use submitted content to train its models.
Netlify, Inc. — website hosting and the serverless functions that power the app. Netlify processes request metadata (including IP addresses) to serve the site.
Paddle (Paddle.com Market Ltd) — when paid credit packs launch, Paddle will act as merchant of record for payments and will be an independent controller of the payment data you give them, under their own privacy policy.

Cross-border transfers. These providers store data on servers that may be located outside South Africa (including the EU and United States). We rely on contractual safeguards with each provider consistent with section 72 of POPIA and, for EU/UK users, GDPR-recognised transfer mechanisms.

6. How long we keep it

Rosters, photos, history, settings, credits: until you delete them or delete your account.
Usage and security logs: up to 24 months, then deleted or anonymised.
Transaction records: as required by tax and financial law.
Generated frames: stored in your browser's local storage; clear your browser data to remove them. Exported contact sheets stored for re-download: 90 days, then automatically deleted (also removed immediately if you delete your account).
Support tickets and feedback: up to 24 months, then deleted or anonymised.

7. Your rights

Under POPIA (and, for EU/UK users, GDPR) you have the right to:

access the personal information we hold about you;
have inaccurate information corrected;
have your information deleted — use Delete my account in the app's account menu, which permanently removes your account, rosters, photos, history, and credits;
object to processing, and (GDPR) receive a portable copy of data you provided;
complain to a regulator. In South Africa: the Information Regulator — inforegulator.org.za. EU/UK users may contact their local supervisory authority.

To exercise any of these, use the in-app tools or our contact form (topic: Privacy). We respond within 30 days.

8. Cookies and local storage

RetroCast uses no advertising or third-party analytics cookies. We use only what is strictly necessary to make the app work: Google's authentication state (so you stay signed in) and your browser's local storage (your in-progress reel and settings). Because nothing beyond strictly necessary storage is used, no cookie consent banner is required.

9. Security

All traffic is encrypted in transit (TLS). Data is isolated per account and protected by database security rules — no user can read another user's data. AI requests are made server-side: our API keys never reach your browser, and every render request is authenticated. No system is perfectly secure; if a breach affects your personal information we will notify you and the Information Regulator as POPIA requires.

10. Children

RetroCast is a workplace tool for adults. It is not intended for anyone under 18, and photos of under-18s must not be uploaded.

11. Changes

If we make material changes to this policy we will update the effective date above and note the change in the app. Continued use after a change means you accept the updated policy.