Sume

Privacy Policy

Last updated: April 9, 2026

1. Overview

This Privacy Policy explains how Sume (“we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you use the Sume website, AI influencer video generation services, and related features (collectively, the “Services”). By using the Services, you consent to the practices described in this policy.

2. Information We Collect

A. Information you provide directly

  • Account information — email address, name, and authentication credentials when you sign up
  • Generation inputs — reference images, motion clips, prompts, and other content you upload or provide for video generation
  • Payment information — when you subscribe, Stripe collects your payment details. We receive your Stripe customer ID and subscription status but do not store your full card number

B. Information collected automatically

  • Website analytics — page views, page leave events, product interaction events, session-scoped context, user-profile properties, and session replay data used to understand onboarding, creator-entry funnels, pricing, and product reliability
  • Job metadata — timestamps, generation parameters, and processing status for your video generation jobs
  • IP address — used transiently for analytics and abuse prevention; not stored with your identity

C. Information generated by the Services

  • AI-generated videos — motion-controlled video content created from your inputs
  • Usage metrics — generation counts, rate-limit state, and subscription status

3. How We Use Your Information

  • To generate and deliver AI-powered video content based on your inputs
  • To process payments and manage your subscription
  • To enforce rate limits, usage policies, and our Terms of Service
  • To detect, prevent, and respond to abuse, fraud, and security incidents
  • To improve generation quality and the overall Services
  • To analyze aggregate usage patterns (not individually identifiable)

4. AI Processing of Your Data

Your reference images, motion clips, and prompts are processed by third-party AI model providers to generate video content. These providers process your data under data processing agreements with us. We select providers that commit to not using your data to train their models without consent.

5. Third-Party Services & Data Sharing

We integrate with the following third-party services:

  • Stripe — payment processing. Subject to Stripe's Privacy Policy
  • Vercel — website hosting and privacy-friendly analytics
  • PostHog — product analytics for page views , product interaction events, richer funnel analysis, and session replay routed through our first-party ingest path
  • Cloudflare — infrastructure and content delivery
  • AI model providers — video generation and motion control

We do not sell your personal information to third parties.

6. Data Storage & Retention

  • Generated content — retained for as long as necessary to provide the Services
  • Payment records — retained as required by applicable regulations
  • Analytics data — retained in aggregate form
  • Account data — retained until you request deletion

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS), access controls, and secure infrastructure. Payment information is handled entirely by Stripe and never touches our servers.

8. Your Rights

Depending on your jurisdiction (including under CCPA, GDPR, and other applicable laws), you may have the right to:

  • Access — request a copy of the personal information we hold about you
  • Deletion — request deletion of your personal data
  • Correction — request correction of inaccurate personal information
  • Portability — receive your data in a structured, machine-readable format
  • Opt out — opt out of certain data processing activities

To exercise any of these rights, email dev@sumelabs.com. We will respond within 30 days.

9. Children's Privacy

The Services are strictly for users aged 18 and older. We do not knowingly collect personal information from anyone under 18.

10. Cookies & Tracking

The Sume website uses product analytics and session replay to understand page flow, creator conversion, onboarding drop-off, reliability issues, and product usage behavior. This may include automatic pageview, pageleave, and interaction capture, along with replay of product sessions. We configure masking and blocking controls to avoid recording sensitive inputs and protected UI regions.

To measure the performance of our advertising on Meta platforms (Facebook, Instagram), we also operate the Meta Pixel together with the Meta Conversions API. This sends a limited set of standard events — page views, content views, lead form submissions, account registrations, and purchases — to Meta. For logged-in users we include SHA-256 hashed identifiers (email address and an opaque account ID) so Meta can match the event to an existing user and attribute it to the ad that drove the visit. Raw email addresses are never transmitted. We also use the standard Meta cookies _fbp and _fbc to deduplicate browser and server events; when our server receives a request without an _fbp cookie we generate one in the standard Meta format and set it on your browser so subsequent events are consistent.

You can opt out of Meta-driven advertising at any time through your Meta account settings, and you can block these cookies through your browser settings or a tracker-blocking extension.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the “Last updated” date at the top of this page. Your continued use of the Services after changes constitutes acceptance of the updated policy.

12. Contact

For questions about this Privacy Policy, contact us at:

Sume
Email: dev@sumelabs.com