Privacy Policy

1. Introduction

Sides ("Sides," "we," "our," or "us") provides this Privacy Policy to describe how we collect, use, disclose, and otherwise process personal information in connection with our AI-powered audition coaching platform and related offerings (the "Service"), including audition analysis, dashboards, subscriptions, Scene Partner rehearsal tools, and marketing sites that link here.

This policy supplements our Terms of Service where those documents overlap. Capitalized terms we do not define here have the meanings given in the Terms of Service where applicable.

2. Information we collect

2.1 Account and profile details

When you create or manage an account, we process identifiers and credentials via our authentication provider (Clerk), including your email address, name when you provide it, unique user identifiers, and session/device tokens needed to maintain secure sessions. We store reconciled copies in our application database (PostgreSQL) such as linked Clerk identifiers, billing plan status, subscription period metadata, usage counters (including submission and chat message usage within your billing period), and Stripe customer linkage.

2.2 Video, audio, scripts, and related uploads

When you upload audition videos or other media permitted by the Service, associated files typically reside in object storage protected by authenticated access mechanisms (AWS S3 and similar infrastructure). Our systems store references (for example keys, submission IDs), processing status, and derived outputs—including transcriptions/diarization, structured AI feedback scoring and narrative summaries, thumbnails or processing artifacts when generated, diagnostic pipeline events, and related metadata—in our primary database when needed to operate the Service.

When you organize takes by production and character, associate scripts, or annotate roles, those role fields (including script excerpts, uploaded script attachments, character names, statuses, notes) may persist in our database.

Scene Partner. If you paste or upload scripts for rehearsal, your script text travels to our application servers over TLS. Parsing may use structured output from OpenAI APIs; synthesized reader audio uses ElevenLabs text-to-speech; real-time speech-to-text runs through ElevenLabs Scribe streams only after an active rehearsal session begins and microphone access is granted locally. Parsed script portions may be held transiently for the request lifecycle and echoed back to your browser—the exact durability depends on your workflow (for example linking parsed content with saved roles versus session-only rehearsals).

2.3 Billing information

Subscription purchases are predominantly processed via Stripe & our payment integrations. Stripe receives payment card numbers and issuer details you supply at checkout or in the Stripe customer portal—we generally receive limited billing metadata (identifiers, invoices, masked payment fingerprints, renewal events) needed to reconcile entitlements with your account. We process Stripe-hosted webhooks to update plan status inside our database (for example renewal, cancellation, overdue states).

2.4 AI coaching chat and prompts

If you interact with conversational coaching features inside the Service, we process your prompt text and model outputs to fulfill the coaching experience, enforce usage limits tied to subscription tiers, and troubleshoot issues. Automated analysis jobs over uploaded media may similarly route audio/video-derived features (including multimodal payloads) through model providers documented below.

2.5 Usage, analytics, diagnostics, session identifiers

We collect telemetry and contextual records for product reliability, personalization, attribution, experimentation, auditing, anomaly detection—examples include:

• Page views & in-app journeys (explicit page_view instrumentation); application feature usage such as upload lifecycle, transcription status, analyses, checkout milestones, cancellations, referrals,
• pseudonymous identifiers we store in browser localStorage/sessionStorage (such as anonymous and session IDs), UTM attribution parameters copied from inbound links where present, referrers, environment labels on events, linked user IDs once you authenticate,
• deduplicated delivery receipts for downstream analytics ingestion pipelines,
• optional server-side echoes of materially identical events,

These analytics payloads are primarily processed through Mixpanel and PostHog; PostHog may also ingest unhandled client exceptions when enabled. Server and edge logs (for example from our hosting providers) routinely include IP addresses, timestamps, request paths and status codes, and coarse device or client hints emitted by proxies.

2.6 Error monitoring

We use error reporting (currently Sentry) to capture crashes, breadcrumbs, sanitized tags describing components and operations—for example uploads may attach non-identifying file metadata such as MIME type and size tiers. We strive to omit raw performance media from breadcrumbs.

2.7 Support communications

Messages you send to hello@offbend.com retain their contents alongside ordinary email headers/metadata we need to coordinate responses.

3. Purposes & legal bases

We rely on contract performance and Terms enforcement for core provisioning, legitimate interests—including secure operations, aggregated analytics tempered by safeguards, preventing abuse—or consent where mandated (such as discretionary marketing notices). Microphones are accessed only via your device permission prompts tied to initiating capture (for example Scene Partner rehearsal).

4. AI model providers

Audition analysis features send audio, video-derived inputs, transcripts, and prompts to model providers—primarily OpenAI today—to generate structured feedback and scores. Scene Partner sends script text for parsing through OpenAI APIs (structured outputs) and audio to ElevenLabs for synthesized reader voices and microphone-driven speech-to-text while a rehearsal is active on your device.

These vendors act as subprocessors. Processing locations and safeguards are governed by their terms and supplemental documentation; data may transit or be temporarily processed outside your home region depending on routing and failover.

5. Disclosure & other recipients

We disclose information where necessary—to payment processors (Stripe), authentication (Clerk), infrastructure (including Vercel, databases and object stores such as AWS S3, background workers where used), analytics (Mixpanel, PostHog), observability/error reporting (Sentry), model providers cited above (OpenAI, ElevenLabs), headless CMS for marketing content (Sanity), communications providers supporting email—as well as advisers, regulators, auditors, successors in mergers or asset sales subject to safeguards, when compelled legally, or with your consent. Aggregate or de-identified summaries may depart our systems absent direct identifiers tied to individuals. We do not sell your personal information for money (see Section 10).

6. Cookies & local storage controls

Our websites and SPA shell rely on Strictly-Necessary Clerk session cookies plus analytics scripts writing localStorage/sessionStorage pseudonymous identifiers and consent tokens mirrored into PostHog/Mixpanel. PostHog also ships exception capture—you may mitigate via browser privacy extensions, though degraded debugging may inhibit support.

You can revisit browser-wide cookie controls—but authentication cookies remain necessary for accessing paid areas.

7. Retention

We retain identifiable content while your account is active unless deleted sooner. You can delete individual submissions from your dashboard where supported; deletes trigger backend cleanup of database rows and best-effort removal of associated stored media objects. When you delete your account, we remove associated rows and orchestrated object-store cleanup subject to lawful retention backups rolling off according to lifecycle policies. Operational logs and analytics aggregates may persist longer without direct identifiers tied to individuals. Stripe and card networks impose their own bookkeeping retention beyond what displays in-product.

8. Security

We implement administrative, contractual, cryptographic, redundancy, patching, intrusion monitoring, anomaly detection—not exhaustive—for hosted infrastructure. Sensitive transport uses TLS externally; selective fields receive additional encryption envelopes where architected accordingly. No internet-connected system achieves absolute immunity—assume residual risk persists.

9. Your rights

Depending where you live, you may have rights to access or export categories and specific records, rectify inaccuracies, restrict or object to certain processing, request deletion subject to carve-outs (for example fraud prevention), receive portable subsets in machine-readable form, or escalate appeals where regulators allow additional review. Automated coaching outputs augment human-facing features; contact support if you believe an AI-only outcome materially harmed you—we review good-faith escalations. California consumers may designate authorized agents—we verify identities before honoring sensitive requests.

Where permission is the sole basis for optional processing such as discretionary marketing notices, unsubscribing terminates future transmissions without invalidating lawful prior sends.

Submit requests—including appeal escalations—to hello@offbend.com referencing "Privacy Request".

10. U.S.: we do not sell personal information

We do not sell covered personal information for monetary consideration within the ordinary meaning applied by state privacy laws including California CPRA/CCPA regimes. Certain analytics integrations may constitute "sharing" under California law when used for cross-context behavioral advertising; review analytics vendor settings and universal opt-outs they honor.

11. International transfers

We principally host and process United States workloads. Visitors from regions with cross-border transfer rules may rely on standard contractual clauses, adequacy mechanisms, or other lawful instruments our vendors propagate—reach out referencing "Transfer inquiry" if corporate procurement requires attestations beyond what those vendors publish commercially.

12. Children

The Service is not directed to children under 13, and our Terms prohibit accounts without appropriate permission for minors where applicable. If you believe we collected a child's personal information improperly, notify us—we will promptly investigate and delete information as required once verified.

13. Third-party destinations

Marketing pages link to independent sites we do not operate; review those policies separately before submitting information.

14. Updates

When we materially change this Privacy Policy we update the Last updated date and, where warranted, notify you via email or prominent in-product notice.

15. Contact

Questions, complaints, regulatory correspondence: email hello@offbend.com with subject line Privacy Policy Inquiry. We attempt acknowledging consumer rights requests within statutory windows where applicable.