Privacy Policy

Last updated: May 6, 2026

WorkLess ("we", "us", or "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information.

1. Information We Collect

We collect information you provide directly:

  • Account Information: Email address, name, password (hashed)
  • Payment Information: Processed securely via Stripe (we don't store card numbers)
  • Content You Create: Scripts, character configurations, generated videos
  • Usage Data: Job history, credit transactions, feature usage

We automatically collect:

  • Device Information: IP address, browser type, operating system
  • Log Data: Pages visited, timestamps, referrer URL
  • Analytics: Feature usage patterns (anonymized)

2. How We Use Your Information

  • Provide and improve our video generation service
  • Process payments and manage your credit balance
  • Send transactional emails (job completion, failures, receipts)
  • Send security alerts (login from new device, password changes)
  • Respond to support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do NOT: Sell your personal information, use your content for training AI models without consent, or share your data with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services to operate WorkLess:

Service Purpose Data Shared
Stripe Payment processing Email, purchase amount
Resend Email delivery Email address
OpenAI Script processing Script content (temporary)
FAL.AI Image generation Image prompts (temporary)
Cloudflare CDN & Security IP address, requests

Each service has its own privacy policy. Your content processed by AI services is used only for your requests and is not retained for training.

4. Cookies & Tracking

Essential Cookies: Required for authentication and security.

  • session - Keeps you logged in
  • csrf_token - Protects against cross-site attacks
  • cookie-consent - Stores your cookie preference

Optional Cookies: Used for analytics (only if you accept).

You can decline non-essential cookies using our cookie banner. Your choice is stored locally and won't affect functionality.

5. Your Rights (GDPR)

Under GDPR and similar regulations, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Object: Opt out of certain processing activities
  • Restrict: Limit how we use your data

To exercise these rights, contact us at privacy@workless.build. We will respond within 30 days.

6. Data Retention

  • Account data: Retained while your account is active, plus 30 days after deletion
  • Generated videos: Automatically deleted 30 days after completion
  • Job logs: Retained for 90 days
  • Payment records: Retained for 7 years (legal requirement)
  • Security logs: Retained for 1 year

7. Security Measures

We implement industry-standard security measures:

  • TLS/HTTPS encryption for all connections
  • Passwords hashed with bcrypt (never stored in plain text)
  • Rate limiting to prevent brute-force attacks
  • Progressive account lockout after failed login attempts
  • Session management with secure, httpOnly cookies
  • Regular security audits

8. Contact Us

For privacy-related inquiries:

We will respond to all privacy inquiries within 30 days.

→ Terms of Service → Refund Policy → FAQ