Privacy Policy
Last Updated: 1 November 2025
This Privacy Policy ("Policy") explains how TabSpace AI Pte. Ltd. and its affiliates (collectively, "TabStudio", "we", "our", or "us") collect, use, disclose, store, transfer, and protect personal data in connection with our websites, applications, products, and services, including AI-generated video and creative production tools (the "Services").
This Policy applies globally and is designed to comply with leading privacy regulations, including the EU General Data Protection Regulation (GDPR), UK GDPR, California CCPA/CPRA, Singapore PDPA, Malaysia PDPA, Brazil LGPD, Canada PIPEDA, and other applicable laws. Where local laws provide stronger protections, we will follow the stricter requirement.
By accessing or using our Services, you acknowledge that you have read and understood this Policy.
1. WHO WE ARE
For purposes of applicable data protection laws:
| Role | Entity | Responsibility |
|---|---|---|
| Data Controller (Global, including EU/UK) | TabSpace AI Pte. Ltd. (Singapore) | Determines the purposes and means of processing personal data |
| Regional Processor / Sub-Processor | TabSpace Technologies Sdn. Bhd. (Malaysia) | Processes personal data on behalf of the Controller |
Primary Contact (DPO/Privacy Office):
Email: privacy@tabspace.ai
2. SCOPE
This Policy covers personal data we process when you:
- Use TabStudio applications, websites, and platforms
- Create an account or user profile
- Upload content or assets
- Communicate with us
- Participate in beta programmes, promotions, or training features
This Policy does not apply to third-party platforms that integrate with TabStudio. Their privacy policies govern their data.
3. PERSONAL DATA WE COLLECT
We may collect the following categories of data:
| Category | Examples |
|---|---|
| Account Data | Name, email, password, profile data, organisation |
| Authentication & Security Data | Login metadata, IP, device identifiers |
| Payment & Billing | Billing name, card token, invoices (processed via PCI-compliant processors such as Stripe) |
| User Content (Your Assets) | Storyboards, scripts, photos, video, audio, animation assets |
| AI Processing Data | Temporary inference data generated to fulfil requests |
| Usage & Analytics Data | Interactions, logs, crash reports, performance metrics |
| Device/Technical Data | Browser, OS, timezone, cookies, network metadata |
We do not collect special-category data unless you intentionally upload it.
4. PURPOSES AND LEGAL BASES (GDPR Art. 6)
We process data for:
| Purpose | Legal Basis |
|---|---|
| Provide and operate the Services | Contractual necessity (Art. 6(1)(b)) |
| Account creation, authentication, support | Contractual necessity |
| AI processing to generate outputs | Contractual necessity |
| Improve features, analytics | Legitimate interests (Art. 6(1)(f)) |
| Marketing with consent (where required) | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
5. DATA RESIDENCY & TRANSFERS
TabStudio follows an EU-first data residency principle, meaning:
- EU/UK user personal data is stored and processed within the EEA or UK
- Non-EU users may be stored in other regions as necessary for service delivery and redundancy
- Temporary compute processing (e.g., GPU nodes) may occur outside the EU, but long-term storage will not, unless you consent or request it
For cross-border transfers, we rely on:
- Standard Contractual Clauses (SCCs)
- Art. 46 GDPR transfer safeguards
- Encryption and access controls
6. AI TRAINING POLICY
TabStudio follows a strict privacy-first AI training approach:
- We DO NOT use your personal data or uploaded content to train our AI models by default.
- If we ever use data for model improvement, it is only with your explicit opt-in consent.
- You may withdraw consent at any time.
This applies to all user-generated content, including photos, scripts, voice, and video.
7. USER RIGHTS
Depending on your jurisdiction, you have rights to:
- Access your data (Art. 15 GDPR)
- Rectify inaccurate data (Art. 16)
- Erase data ("Right to be forgotten", Art. 17)
- Restrict processing (Art. 18)
- Port your data (Art. 20)
- Object to processing (Art. 21)
- Not be subject to automated decision-making (Art. 22)
Submit requests via privacy@tabspace.ai. We will respond within 30 days (or statutory period).
8. DATA RETENTION
We retain data only as long as necessary:
| Data Type | Retention |
|---|---|
| Account data | For the life of the account |
| User content | Until deleted by you |
| Inference/cache data | Short-lived; automatically purged |
| Billing records | 7 years (compliance) |
| Logs | 90–365 days (security/diagnostics) |
You may delete your account or content at any time.
9. DATA SHARING & SUB-PROCESSORS
We do not sell personal data.
We may share data with:
- Cloud infrastructure providers (e.g., AWS, Nebius)
- Payment processors (e.g., Stripe)
- Analytics providers
- Enterprise support vendors
All sub-processors are bound by DPA + SCCs.
10. COOKIES
We use:
- Strictly necessary cookies (login, session)
- Analytics cookies (only with consent — compliant with GDPR + ePrivacy)
You may manage cookies via our Consent Banner.
11. SECURITY
We implement industry-standard controls, including:
- Encryption at rest and in transit (TLS, AES-256)
- Role-based access (RBAC)
- Audit logging
- Secure development practices
- Incident response plan aligned to Art. 33 GDPR (72-hour breach rule)
12. CHILDREN'S DATA
The Service is not intended for children under 13, and under 16 for EU users. We do not knowingly collect children's data.
13. POLICY CHANGES
We may update this Policy periodically. We will provide notice of material changes.
14. CONTACT
For questions or Data Subject Requests (DSR):
Data Protection Officer — TabStudio
Email: privacy@tabspace.ai
END OF POLICY