Privacy Policy

Last Updated: January 2025

1. Introduction

XPRO d.o.o. ("we", "our", or "us"), located at Stegne 21C, 1000 Ljubljana, Slovenia, operates Subtitle7 ("the Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our subtitle generation service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us:

  • Account information (name, email address, password)
  • Payment information (processed securely through third-party payment processors)
  • Profile information (optional preferences and settings)

2.2 Content Data

When you use our Service, we process:

  • Audio and video files you upload for subtitle generation
  • Generated subtitles and transcriptions
  • Customization preferences (font styles, colors, positioning)

2.3 Usage Information

We automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (features used, processing time, error logs)
  • Cookies and similar tracking technologies

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service Provision: To provide, maintain, and improve our subtitle generation services
  • Account Management: To manage your account and provide customer support
  • Payment Processing: To process payments and prevent fraud
  • Communication: To send you service updates, technical notices, and support messages
  • Analytics: To understand how users interact with our Service and improve performance
  • Legal Compliance: To comply with legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

Third-party vendors who perform services on our behalf (cloud hosting, payment processing, AI processing). All service providers are contractually bound to protect your data and use it only for specified purposes.

5.2 Legal Requirements

When required by law, court order, or government regulation, or when necessary to protect our rights or the safety of others.

5.3 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Secure backup and disaster recovery procedures
  • Employee training on data protection and privacy

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

  • Account data: Retained while your account is active and for 30 days after deletion
  • Uploaded content: Automatically deleted 30 days after processing unless you choose to save it
  • Payment records: Retained for 7 years for tax and accounting purposes
  • Usage logs: Retained for 12 months for analytics and security purposes

8. Your Rights (GDPR)

Under GDPR and applicable data protection laws, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@subtitle7.com. We will respond within 30 days.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate data protection
  • Binding Corporate Rules where applicable

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns and improve our Service
  • Provide personalized features

You can control cookies through your browser settings. Note that disabling cookies may limit Service functionality.

11. Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact us:

XPRO d.o.o.

Stegne 21C

1000 Ljubljana, Slovenia

Email: privacy@subtitle7.com

Data Protection Officer: dpo@subtitle7.com

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you believe our processing of your personal data violates applicable law.

For Slovenia: Information Commissioner of the Republic of Slovenia (www.ip-rs.si)