Privacy Policy

Last updated: January 22, 2026

1. Introduction

Welcome to ShortFuel. This Privacy Policy explains how HootCodes LTD ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you use ShortFuel (the "Service").

We are committed to protecting your privacy and ensuring transparency in how we handle your data. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller:

HootCodes LTD
Sofia Center, Aleksandar Stamboliyski Blvd 55, 4
Sofia, 1000, Bulgaria
Email: [email protected]

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name (optional), and password (encrypted)
  • Payment Information: Processed securely through Polar; we do not store your full credit card details
  • Content You Create: Scripts, text inputs, and settings you use to generate videos
  • Communication Data: Messages you send to our support team

2.2 Information Automatically Collected

  • Usage Data: Features used, videos created, credits consumed, session duration
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP addresses, access times, pages viewed, referring URLs
  • Security Data: IP address history, approximate geolocation (country), and login patterns for fraud prevention and account security
  • Cookies: Session management, preferences, and analytics (see Cookie Policy below)

2.3 Security and Fraud Prevention Data

Account Security Measures:

To protect our service and users from fraud and abuse, we collect and store:

  • IP Address History: We maintain a record of IP addresses used to access your account
  • Country/Region: Approximate geographic location based on your IP address
  • Login Timestamps: When and from where your account is accessed

This data is used to detect multiple accounts, prevent fraud, and enforce our Terms of Service.

2.4 Generated Content

Note: Videos and audio generated through ShortFuel are temporarily stored for processing and delivery. Generated content is automatically deleted from our servers after 30 days unless you choose to keep it in your library (when available).

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To generate AI videos, voiceovers, and provide all platform features
  • Account Management: To create and manage your account, track credits
  • Payment Processing: To process subscriptions and one-time purchases
  • Communication: To send service updates, security alerts, and support messages
  • Analytics: To understand usage patterns and improve our service
  • AI Improvement: To improve our AI models (using anonymized, aggregated data only)
  • Security: To detect, prevent, and address technical issues and fraud
  • Legal Compliance: To comply with legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interest: To improve our service, prevent fraud, and ensure security
  • Consent: For marketing communications (you can withdraw consent anytime)
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

  • Polar: Payment processing (subject to Polar's Privacy Policy)
  • Cloud Hosting: Servers and infrastructure providers (AWS, Fly.io, etc.)
  • AI Services: Third-party AI providers for text, voice, and image generation
  • Analytics Services: Usage statistics and performance monitoring

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent for processing based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Account Data: Retained while your account is active and for 90 days after deletion
  • Generated Content: Automatically deleted after 30 days unless saved to library
  • Usage Data: Retained for up to 24 months for analytics purposes
  • Payment Records: Retained for 7 years for tax and accounting compliance
  • Communication Records: Retained for 3 years or as required by law

7.1 Account Deletion and Email Hash Retention

What happens when you delete your account:

When you delete your account, we permanently erase your personal information, including your email address, name, and all associated content. However, to prevent abuse of our free credit system and promotional offers, we retain a one-way cryptographic hash of your email address indefinitely.

What is a one-way hash?

  • A hash is a unique mathematical fingerprint generated from your email address
  • It is cryptographically irreversible — we cannot determine your email address from the hash, nor can anyone else
  • Even we cannot see which email addresses have been hashed or match them to individuals
  • The only purpose of the hash is to detect if the same email attempts to register again

Why we do this:

This prevents users from repeatedly deleting their account and re-registering to abuse free credits, referral bonuses, or promotional offers. This practice ensures fair use of the service for all users while maintaining your privacy, as the hash contains no personally identifiable information.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security audits and vulnerability assessments
  • Employee training on data protection
  • Incident response and breach notification procedures

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for the Service to function (authentication, session management)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how users interact with the Service

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality.

10. International Data Transfers

HootCodes LTD is based in Bulgaria (EU). If you access ShortFuel from outside the EU, your data may be transferred to and processed in the EU. We ensure adequate safeguards are in place for such transfers in compliance with GDPR.

When using third-party AI providers located outside the EU, we ensure appropriate data protection agreements are in place.

11. Children's Privacy

ShortFuel is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

HootCodes LTD
Data Protection Officer
Email: [email protected]
Address: Sofia Center, Aleksandar Stamboliyski Blvd 55, 4
Sofia, 1000, Bulgaria

This Privacy Policy is part of our commitment to transparency and your privacy rights under GDPR.