1. Introduction
Clone U Studios, LLC ("Clone U," "we," "us," or "our") operates a memory preservation service that records voices, creates AI avatars, and stores personal stories. We are headquartered in Oakland, California.
This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website, services, and Memory Capsule products. By using our services, you acknowledge that you have read and understood this policy.
If you have questions about this policy, contact us at hello@cloneustudios.com.
2. Information We Collect
We collect information in the following categories:
2.1 Information You Provide Directly
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, phone number, mailing address | Account creation, service delivery, communication |
| Voice Recordings | Audio captured during your preservation session | Voice clone creation, story archiving |
| Photos and Video | Photographs and video captured during sessions | Avatar creation, Memory Capsule content |
| Personal Stories | Narratives, memories, and responses shared during sessions | Story preservation, Memory Capsule content |
| Payment Information | Credit card details (processed by Stripe; we do not store card numbers) | Processing payments for services |
| Session Preferences | Story themes, special instructions, language preferences | Customizing your session experience |
2.2 Biometric Data
Biometric Data Notice: Our voice cloning service uses ElevenLabs to process voiceprint data, and our avatar creation service uses HeyGen to process facial geometry data. Both constitute biometric identifiers under applicable law. We collect biometric data only with your explicit written consent. For complete details, see our Biometric Data Policy.
2.3 Automatically Collected Information
- Device and browser information (type, operating system, screen resolution)
- IP address and approximate geographic location
- Pages visited, time spent on pages, and referring URLs
- Cookies and similar tracking technologies (see Section 7)
3. How We Use Your Information
We use your personal information for the following purposes:
- Delivering Memory Capsule services, including voice cloning, avatar creation, and story preservation
- Processing payments and managing your account
- Communicating session updates, delivery notifications, and service information
- Improving our services, training our Session Directors, and conducting quality assurance
- Complying with legal obligations, including BIPA, CCPA, and GDPR requirements
- Sending marketing communications (only with your opt-in consent)
- Detecting and preventing fraud or misuse of our services
4. Data Sharing and Service Providers
We do not sell your personal information. We share data only with the following service providers who are necessary to deliver our services:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Name, email, payment card details |
| SendGrid (Twilio) | Transactional and marketing emails | Name, email address |
| ElevenLabs, Inc. | AI voice cloning | Voice recordings, voiceprint data |
| HeyGen, Inc. | AI avatar creation | Photographs, video, facial geometry data |
| Supabase, Inc. | Database hosting and file storage | All account and capsule data (encrypted at rest) |
Each service provider operates under a data processing agreement that limits their use of your data to the purposes described above. We may also disclose information when required by law, court order, or governmental regulation.
5. Data Storage and Security
Your data is stored on Supabase infrastructure with the following protections:
- Encryption in transit using TLS 1.3
- Encryption at rest using AES-256
- Row-level security (RLS) ensuring you can only access your own data
- Role-based access controls for all Clone U staff
- Background checks for all employees with data access
- Regular security audits and penetration testing
Biometric consent records are stored separately from booking and session data in compliance with BIPA requirements.
6. Data Retention
- Active accounts: Your Memory Capsule data (voice clones, avatars, stories, photos) is retained for the duration of your portal access period (1 year, 3 years, or lifetime, depending on your package).
- Raw session recordings: Retained for 90 days after capsule delivery for quality assurance, then permanently deleted unless you request extended retention.
- Account information: Retained for the duration of your account plus 12 months after cancellation for billing and legal purposes.
- After cancellation: All personal data and capsule content is retained for 90 days following cancellation to allow for reactivation, then permanently deleted.
- Biometric data: Deleted within 30 days of consent revocation or account termination, whichever comes first. See our Biometric Data Policy for details.
7. Cookies and Tracking
We use cookies and similar technologies for the following purposes:
- Essential cookies: Required for site functionality, authentication, and security. Cannot be disabled.
- Analytics cookies: Help us understand how visitors use our site. You may opt out of analytics cookies through your browser settings.
- Marketing cookies: Used only with your consent to deliver relevant content and measure advertising effectiveness.
We do not use cookies to track biometric data. Voice and facial data are processed only during active sessions and are not associated with cookie identifiers.
8. Children's Data
Future Founder Service: Our Future Founder service line is designed for children and young adults. When a session subject is under 18 years of age, we require verifiable parental consent before collecting any personal information or biometric data, in compliance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. 6501-6506).
For minor subjects, additional safeguards apply:
- A parent or legal guardian must provide written consent for all data collection
- The parent/guardian maintains full control over the minor's data and capsule access
- Voice clones and avatars of minors are accessible only to family members explicitly authorized by the parent/guardian
- Parents may request deletion of all of their child's data at any time
- We do not knowingly collect personal information from children under 13 without verifiable parental consent
9. Your Rights
9.1 Rights Under CCPA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect about you and how it is used
- Access your personal information in a portable format
- Delete your personal information, subject to certain exceptions
- Opt out of the sale of your personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
9.2 Rights Under GDPR (EU/EEA Residents)
If you are located in the EU or EEA, you have additional rights including:
- Right to rectification of inaccurate personal data
- Right to restriction of processing
- Right to data portability
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
9.3 Right to Deletion
Request deletion at any time. Email hello@cloneustudios.com with "Data Deletion Request" in the subject line. We will verify your identity and process your request within 30 days. Deletion includes all personal data, voice clones, avatars, stories, photos, and biometric data associated with your account.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (using the address associated with your account) and by posting a notice on our website at least 30 days before the changes take effect. Your continued use of our services after the effective date constitutes acceptance of the updated policy.
11. Contact Us
Clone U Studios, LLC
Oakland, California
Email: hello@cloneustudios.com
For privacy-specific requests: hello@cloneustudios.com with "Privacy" in the subject line.
We aim to respond to all privacy inquiries within 10 business days.