Privacy Policy | Sora2Videos — Sora 2 Guides, Demos, Prompts, and API

IMPORTANT DISCLAIMER AND INDEPENDENCE STATEMENT

Sora2Videos is an independent service provider and is NOT affiliated, associated, authorized, endorsed by, or in any way officially connected with OpenAI, Inc., ChatGPT, Sora, or any of their subsidiaries or affiliates. The names OpenAI, ChatGPT, and Sora, as well as related names, marks, emblems, and images are registered trademarks of their respective owners. Any reference to these names is purely for informational purposes to describe the type of technology or services offered.

This Privacy Policy ("Policy") was last updated on October 8, 2025, and is effective immediately.

1. DATA CONTROLLER INFORMATION

Legal Entity: Sora2Videos Service Contact Email: help@sora2videos.com Website: https://sora2videos.com

We are committed to protecting your privacy and complying with applicable data protection laws worldwide, including but not limited to:

General Data Protection Regulation (GDPR) - European Union
California Consumer Privacy Act (CCPA) - United States
Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
Data Protection Act 2018 - United Kingdom
Lei Geral de Proteção de Dados (LGPD) - Brazil

2.1 Scope of This Policy

This Policy applies to all personal data processed by Sora2Videos through:

Our website (sora2videos.com and all subdomains)
Our video generation services and applications
Our customer support channels
Our marketing and communication activities

By using our services, you acknowledge that you have read, understood, and agree to the data practices described in this Policy. We process your personal data based on the following legal grounds:

Consent: For optional services and marketing communications
Contract Performance: To provide our services and process payments
Legitimate Interests: For service improvement and fraud prevention
Legal Obligations: To comply with applicable laws and regulations

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account Information

Full name and display name
Email address
Password (encrypted)
Profile picture (optional)
Country/region
Language preference
Time zone

Payment Information

Billing name and address
Payment card details (processed securely through Stripe)
Transaction history
Subscription status
VAT/Tax identification number (where applicable)

Content and Usage

Text prompts and inputs for video generation
Uploaded images and media files
Generated video content
User preferences and settings
Feedback and ratings

Communications

Support tickets and inquiries
Email correspondence
Newsletter subscriptions
Survey responses

3.2 Information Collected Automatically

Technical Data

IP address and approximate geolocation
Device type, operating system, and browser information
Screen resolution and device identifiers
Network information
Language settings

Usage Analytics

Pages visited and features used
Time spent on the platform
Click patterns and navigation paths
Service performance metrics
Error logs and crash reports

Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

Maintain session state and authentication
Remember user preferences
Analyze service usage and performance
Provide targeted advertising (with consent)
Prevent fraud and enhance security

For detailed information, see Section 9 (Cookie Policy).

3.3 Information from Third Parties

OAuth Providers: When you sign in using Google
Payment Processors: Transaction verification from Stripe
Analytics Services: Aggregated insights from authorized providers
Marketing Partners: With your explicit consent only

4. HOW WE USE YOUR INFORMATION

4.1 Service Provision

Create and manage your account
Process your video generation requests
Provide customer support and respond to inquiries
Process payments and manage subscriptions
Send service-related notifications

4.2 Service Improvement

Analyze usage patterns to enhance features
Conduct A/B testing and user research
Fix bugs and improve performance
Develop new features and services
Train and improve our AI models (using anonymized data only)

4.3 Legal and Security

Comply with legal obligations and court orders
Detect, prevent, and address fraud and abuse
Enforce our Terms of Service and policies
Protect rights, property, and safety
Respond to legal requests and prevent harm

4.4 Marketing and Communications

With your consent, we may:

Send promotional emails and newsletters
Provide personalized recommendations
Display targeted advertisements
Conduct market research and surveys

5.1 Service Providers

We share data with carefully selected third-party providers:

Stripe: Payment processing (PCI DSS compliant)
Cloudflare: Cloud infrastructure, storage,content delivery and DDoS protection
Resend: Email delivery services
Google Analytics: Usage analytics (anonymized)

5.2 Legal Requirements

We may disclose information when required to:

Comply with applicable laws and regulations
Respond to valid legal processes (subpoenas, warrants)
Protect our rights and property
Prevent illegal activities or violations of our terms
Ensure the safety of our users and the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you before any such transfer and any changes to this Policy.

5.4 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably identify you for research, marketing, or other business purposes.

We will not sell, rent, or share your personal information with third parties for their marketing purposes without your explicit consent.

6. DATA RETENTION

6.1 Retention Periods

We retain your personal data only as long as necessary for the purposes outlined in this Policy:

Account Data: Active for the duration of your account, plus 30 days after deletion
Payment Records: 7 years for tax and accounting purposes
Generated Content: 30 days after creation
Support Communications: 2 years from last interaction
Analytics Data: 26 months in aggregated form
Marketing Data: Until you withdraw consent

6.2 Deletion and Anonymization

After retention periods expire, we either:

Permanently delete the data from our systems
Anonymize it for statistical or research purposes
Archive it securely if required by law

7. YOUR RIGHTS AND CHOICES

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure ("Right to be Forgotten"): Request deletion of your data
Restriction: Limit how we process your data
Portability: Receive your data in a machine-readable format
Object: Opt-out of certain processing activities
Automated Decision-Making: Request human review of automated decisions

7.2 Rights Under CCPA (California Users)

Know: What personal information we collect, use, and share
Delete: Request deletion of your personal information
Opt-Out: Decline the sale of personal information (we do not sell data)
Non-Discrimination: Equal service regardless of privacy choices

7.3 How to Exercise Your Rights

To exercise any of these rights:

Email us at help@sora2videos.com
Include your account email and specific request
Provide proof of identity if required
We will respond within 30 days (or as required by law)

7.4 Communication Preferences

You can manage your communication preferences:

Emails: Unsubscribe link in every marketing email
Account Settings: Update notification preferences
Browser: Manage cookie preferences
Support: Contact help@sora2videos.com

8. DATA SECURITY

8.1 Technical and Organizational Measures

We implement industry-standard security measures:

Encryption: TLS/SSL for data in transit, AES-256 for data at rest
Access Controls: Role-based access with multi-factor authentication
Infrastructure: Secure cloud hosting with regular security audits
Monitoring: 24/7 threat detection and incident response
Training: Regular security awareness for all personnel

8.2 Data Breach Notification

In the event of a data breach that poses risk to your rights and freedoms:

We will notify affected users within 72 hours of discovery
We will inform relevant supervisory authorities as required
We will provide information about the breach and mitigation steps
We will document all breaches and remedial actions taken

8.3 Your Security Responsibilities

Keep your password strong and confidential
Enable two-factor authentication when available
Report suspicious activities immediately
Keep your contact information updated
Review your account activity regularly

9.1 Types of Cookies We Use

Essential Cookies

Session management and authentication
Security tokens and fraud prevention
Load balancing and service functionality

Functional Cookies

Language and region preferences
User interface customization
Feature usage tracking

Analytics Cookies

Google Analytics (anonymized IP)
Performance monitoring
Error tracking and debugging

Advertising campaign effectiveness
Remarketing and behavioral targeting
Social media integration

9.2 Managing Cookies

You can control cookies through:

Browser settings (block or delete cookies)
Our cookie consent banner
Third-party opt-out tools
Do Not Track signals (we honor these)

Note: Disabling essential cookies may impact service functionality.

10. INTERNATIONAL DATA TRANSFERS

10.1 Cross-Border Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Binding corporate rules for intra-group transfers
Appropriate technical and organizational measures

10.2 Data Localization

Where required by local laws, we:

Store data within specified jurisdictions
Limit cross-border transfers
Provide local data access mechanisms
Comply with data sovereignty requirements

11. CHILDREN'S PRIVACY

11.1 Age Requirements

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

11.2 Parental Rights

If you believe we have collected information from a child under 16:

Contact us immediately at help@sora2videos.com
We will promptly investigate and delete such information
We will implement additional age verification if necessary

12. THIRD-PARTY SERVICES AND LINKS

12.1 Third-Party Integrations

Our service may integrate with third-party platforms:

Social media sharing features
Payment processors (Stripe)
Authentication providers (Google, GitHub)
Analytics services

12.2 External Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

13. AI AND AUTOMATED PROCESSING

13.1 AI Model Training

We use anonymized and aggregated data to improve our AI models
Personal content is not used for training without explicit consent
You can opt-out of contributing to model improvements

13.2 Automated Decision-Making

We use automated systems for:

Content moderation and safety filters
Fraud detection and prevention
Service recommendations You have the right to request human review of automated decisions that significantly affect you.

14. CHANGES TO THIS POLICY

14.1 Updates and Notifications

We may update this Policy to reflect:

Changes in our data practices
New legal requirements
Service enhancements
User feedback

14.2 Notification Methods

We will notify you of material changes through:

Email to your registered address
Prominent notice on our website
In-app notifications
Request for renewed consent where required

Data Protection Officer: Sora2Videos DPO Email: help@sora2videos.com

This Privacy Policy is provided in English. In case of any discrepancy between the English version and any translation, the English version shall prevail.

Last reviewed by legal counsel: October 8, 2025