← LX3 Studio

Legal

Privacy Policy

Last updated: 27 June 2026

This Privacy Policy explains how Persephone Pictures Limited ("LX3 Studio", "we", "us") collects, uses, stores, and shares personal data when you use the LX3 Studio web application (the "Service"). We act as the data controller for the personal data described below. This policy is written to comply with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

1. Data we collect

Account data (you provide)

  • Email address and password (the password is hashed by our auth provider; we never see it in clear text).
  • Optional display name derived from your sign-up details.

Subscription & billing data (you provide via Stripe)

  • Stripe customer ID, subscription ID, plan, status, current period dates, and cancellation flag.
  • Card details and billing address are collected and stored by Stripe, not by us.

Content you submit to the Service

  • Creative briefs (logline, director's intent, references, genre, country, radius, budget, crew size, INT/EXT, day/night, location type).
  • Screenplay PDF files you choose to upload (processed in-memory by our AI provider to extract scenes; not retained server-side).
  • Reverse-Scout reference images you choose to upload (sent to the AI provider for visual analysis).
  • Custom "location types" you save to your personal database.

Trial & preference data

  • Your 5-day free trial start date is stored on our servers, linked to your account, so the limit is enforced consistently across browsers and devices.
  • UI state (e.g. sidebar open/closed) stored in a first-party cookie.

Data we do not collect

We do not run third-party analytics, advertising trackers, or social-media pixels. We do not collect IP-based geolocation, device fingerprints, or behavioural profiles.

2. How we use your data

  • To provide the Service (generate location recommendations, parse screenplays, render maps).
  • To authenticate you and keep your session active.
  • To process subscription payments and provide customer support.
  • To enforce trial limits and prevent abuse.
  • To comply with legal obligations (tax, accounting, responding to lawful requests).

3. Legal bases (GDPR Art. 6)

  • Contract — to deliver the Service you signed up for and to process payments.
  • Legitimate interest — to secure the Service, prevent fraud, and improve features.
  • Legal obligation — to keep billing records and comply with tax law.
  • Consent — for any non-essential cookies or features that require explicit opt-in (see Cookie Policy).

4. Third-party processors

We rely on the following sub-processors to operate the Service. Each is bound by a Data Processing Agreement.

  • Supabase (via Lovable Cloud) — authentication, Postgres database, server-side functions. Hosts your account, subscription rows, and saved location types.
  • Stripe Payments Europe, Ltd. — payment processing, card storage, billing portal, tax calculation. See stripe.com/privacy.
  • Google LLC — Gemini API (via Lovable AI Gateway) — processes your briefs, screenplay text, and reference images to generate location suggestions and synthetic preview frames.
  • Google LLC — Maps & Fonts — embedded map tiles on result pages and Google Fonts (Instrument Sans, Source Serif 4, JetBrains Mono).
  • Lovable — hosting and serverless runtime for the application.

5. International transfers

Some processors above are based in the United States. Transfers rely on the European Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

6. Data retention

  • Account data — kept while your account is active and for up to 30 days after deletion.
  • Subscription & billing records — retained for the period required by tax law (typically 7–10 years).
  • Briefs, uploaded PDFs, and uploaded reference images — not persisted server-side; processed in-memory by the AI provider and then discarded. Only the textual results you receive remain in your browser session.
  • Custom location types — kept until you delete them.

7. Your rights (GDPR / UK GDPR)

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent at any time. To exercise these rights, email aquilaoutlook@gmail.com. You may also lodge a complaint with your local supervisory authority.

8. Security

Transport is encrypted with TLS. Passwords are hashed by Supabase Auth. Row-Level Security policies restrict database access so that you can only read and modify your own rows. Stripe is PCI-DSS Level 1 certified.

9. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

10. Changes & contact

We will post material changes here and update the "Last updated" date. Controller: Persephone Pictures Limited, 119 Fernwood, Glanmire, Co. Cork, Ireland T45Y963, Ireland. Contact: aquilaoutlook@gmail.com.

Persephone Pictures Limited · 119 Fernwood, Glanmire, Co. Cork, Ireland T45Y963 · aquilaoutlook@gmail.com