Tailorix Privacy Policy

Last updated: 4 May 2026

Tailorix builds bespoke video pipelines for businesses. We help product, growth, and marketing teams generate personalized video at scale for onboarding, in-app moments, and advertising. This policy explains what personal data we collect when you use our website and services, why we collect it, who we share it with, and the rights you have over it.

By using our website or engaging us as a service provider you accept the practices described here. If you do not agree, please do not use the service.

Who we are

The data controller responsible for the personal data described in this policy is [Tailorix legal entity name], registered at [registered address] ("Tailorix", "we", "us"). For privacy questions, data subject requests, or to reach our data protection contact, email us at [privacy@tailorix.com].

The roles we play

Tailorix is a business-to-business service. We act in two different roles depending on whose data we are handling:

• Controller — for personal data we collect about visitors to our website, prospects who contact us, and the individuals at our customers who administer the service (for example, billing or account contacts).
• Processor — for personal data our customers send into the pipeline so that we can generate videos on their behalf. This typically includes audience or viewer information, names, language preferences, account attributes, and any other variables a customer chooses to inject. In this role we act on the documented instructions of our customer, who remains the controller. Where required, we sign a data processing addendum that governs this relationship.

Information we collect and why

Account, contact and business information

When you contact us, request a quote, or enter into an engagement, we collect your name, business email, employer, role, country, the contents of your communications, and any project details you share. We use this information to respond to you, scope and deliver the service, manage the customer relationship, and meet our legal and accounting obligations. The legal basis is performance of a contract or our legitimate interest in running our business.

Customer inputs

To set up and operate a pipeline, customers share materials such as brand kits, scripts, prompts, footage, images, sample voices, voice talent recordings, audience segments, key moments, and other production assets. These materials may incidentally contain personal data (for example, names of employees featured in source footage, or sample data used to test a personalization variable). We process these inputs only to deliver the contracted service.

Viewer and end-user data sent through the pipeline

When a customer integrates Tailorix to render personalized videos for their own users (for example, a portfolio review for a named recipient, or a localized variant for a known account), the customer sends us the variables required to personalize each video. We process this data strictly as a processor on the customer's instructions. We do not sell it, do not use it to build profiles, and do not use it to train AI models.

Usage, device, and error data

When you use our website or service we collect technical information such as IP address, browser and device type, pages and features used, timestamps, and diagnostic logs. If something fails we collect error reports that may include the function in use, the state of the application at the moment of the error, and a device identifier. We use this data to operate, secure, debug, and improve the service. The legal basis is our legitimate interest, or, where required, your consent.

Billing information

Payment details (card data, billing address, VAT number) are collected and processed by Stripe, our payment provider. We receive only the metadata we need to issue invoices and reconcile accounts; we do not store full card numbers on our systems.

AI providers and what they receive

Tailorix uses third-party AI services to generate scripts, images, voice-overs, and other elements of each video. Inputs you or your customer-side users provide may be transmitted to these providers in order to produce the output. We use them under business or enterprise terms that, to the best of our knowledge at the date of this policy, do not permit your inputs or our outputs to be used to train their generally available models.

If a customer requires that specific data never leave a particular region, or never be sent to a specific provider, we agree those constraints in writing as part of the engagement.

Voice, image, and likeness

Some pipelines include synthetic voices, voice clones, or AI-generated representations of a real person's likeness. Where a pipeline includes a voice clone or likeness of an identifiable individual, we require the customer to confirm in writing that they have obtained appropriate, informed consent from that individual covering the intended use. Voice and biometric samples are stored only for as long as required to operate the customer's pipeline and are deleted on request or when the engagement ends.

Generated videos and access

Videos generated through a customer pipeline belong to the customer and are made available through the delivery mechanism agreed with them — for example signed URLs with a limited lifetime, embedded delivery into the customer's product, or upload to advertising or social platforms specified by the customer. We do not publish customer-generated videos on our own marketing channels unless the customer has given us written permission.

Sub-processors

We rely on a small number of trusted sub-processors to operate the service. They are bound by written agreements that require appropriate technical and organizational measures and limit their use of data to what is necessary to provide their service to us. The current list is:

• Amazon Web Services — cloud infrastructure, storage, and compute used to run our pipelines.
• OpenAI — large language models used for script and prompt generation.
• Google (Gemini) — generative models used for text, image, and multimodal generation.
• ElevenLabs — text-to-speech and voice synthesis.
• Stripe — payment processing.

If we add or replace a sub-processor we will update this list. Customers under an active engagement can request advance notice of material sub-processor changes as part of their data processing addendum.

How long we keep data

We keep personal data only as long as we need it for the purposes described above. Customer inputs and viewer data are deleted within a reasonable period after the end of the engagement, unless a longer period is required by law (for example, tax records) or has been agreed in writing. Diagnostic logs are retained for a short rolling window for debugging and security. You can ask us to delete your data sooner where we are not legally required to keep it.

International transfers

Our infrastructure and our sub-processors may process data outside your country, including in the United States. Where personal data is transferred out of the European Economic Area, the United Kingdom, or another jurisdiction with similar transfer rules, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (or the UK addendum) together with supplementary measures where needed. You can request a copy of the relevant transfer mechanism by contacting us.

Your rights

Subject to applicable law, you have the right to access the personal data we hold about you, to ask us to correct or delete it, to object to or restrict its processing, to receive a portable copy, and to withdraw consent where processing is based on consent. Residents of the EEA and UK can lodge a complaint with their local supervisory authority; residents of California and other US states with comprehensive privacy laws have additional rights including the right to opt out of sale or sharing — Tailorix does not sell personal data and does not share it for cross-context behavioural advertising.

If your personal data was provided to us by one of our customers as part of their pipeline, please direct your request to that customer (the controller). We will support them in responding within the timelines required by law.

Security

We apply technical and organizational measures appropriate to the nature of the data we process, including encryption in transit, encryption at rest for stored assets, access controls and least-privilege principles for our team, audit logging, and supplier due diligence. No system is perfectly secure; if we become aware of a personal data breach affecting you we will notify you and, where required, the relevant authority within the legally mandated timeframe.

Cookies and website analytics

Our website uses a small number of cookies and similar technologies that are strictly necessary to operate it (for example to remember your language preference). Where we use optional analytics or marketing cookies we ask for your consent first and you can withdraw it at any time through the cookie settings on the site.

Children

Tailorix is a service for businesses and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. When we make material changes we will update the date at the top of this page and, where appropriate, give active customers advance notice through their usual contact channel.

Contact

Questions, requests, or complaints about this policy or our handling of personal data can be sent to [privacy@tailorix.com]. We will reply within a reasonable period and in any case within the timelines required by applicable law.