← Greenroom

Privacy Policy

Last updated: July 13, 2026

1. Who we are

Greenroom (greenroom.stage5.com) is operated by Stage5 Productions, LLC, a Texas limited liability company, located at 3267 Bee Caves Rd #154 Ste 107, Austin, TX 78746-9996, USA. We are the data controller for the personal data described in this policy. Contact: support@stage5.com.

The short version: we collect what the studio needs to run, we send your prompts and images to our AI provider only to run the generations you request, our payment partner handles all card data, we do not sell your data, we do not run ads, and we do not use your content to train AI models.

2. What we collect

Account data: your name, email address, and password hash, or your Google account identifier if you sign in with Google.

Content: your projects, prompts and briefs, uploaded reference images, and generated images.

Billing data: Paddle, our Merchant of Record, processes payments; we never see or store card details. We keep Paddle transaction identifiers and a token ledger (purchases, spends, releases, refunds) so your balance is always auditable.

Technical data: session cookies for sign-in state, and IP addresses and request logs used for security and abuse prevention such as signup throttling and flag cooldowns.

3. How we use it

We use this data to provide and secure the Service (run generations, maintain your canvas and token balance, prevent abuse), to process purchases and refunds through Paddle, to send transactional email such as verification and receipts, and to comply with legal obligations. Where a legal basis is required, we rely on performance of our contract with you, our legitimate interests in securing and improving the Service, and compliance with law. We do not use your content for advertising or model training, and we do not sell or share personal data for advertising purposes.

4. Who processes it

We share personal data only with the processors that run the Service:

  • Paddle (Merchant of Record): payment, tax, and receipt processing. Paddle acts as its own controller for checkout data under its privacy policy at paddle.com/legal/privacy.
  • fal.ai (AI inference): your prompts and reference images are sent there to run the generations you request.
  • Google Cloud (hosting, database, and image storage).
  • Resend (transactional email such as verification messages).

We may also disclose data where the law requires it, or as part of a merger, acquisition, or sale of assets, in which case this policy continues to apply to it.

5. Cookies

We use session cookies for sign-in state only. We do not use advertising or cross-site tracking cookies, which is why the site has no cookie banner.

6. International transfers

We are a U.S. company and process data in the United States through the providers above. If you use the Service from outside the U.S., your data is transferred to and processed in the U.S. Where required, we rely on our processors' safeguards, such as standard contractual clauses and Data Privacy Framework certifications.

7. Retention and deletion

Your content stays until you delete it: deleting a project deletes its generations and images, and deleting your account removes your projects, generations, and stored images. We retain the token ledger and purchase records as long as needed for accounting, tax, and fraud prevention, and security logs for a limited period. Email support@stage5.com for account deletion or a copy of your data.

8. Your rights

Depending on where you live (for example under the GDPR, UK GDPR, or U.S. state privacy laws including the Texas Data Privacy and Security Act), you may have rights to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to complain to your local supervisory authority. To exercise any of these, email support@stage5.com; we respond within the timelines your law requires and we do not discriminate against you for exercising your rights. Since we do not sell personal data or use it for targeted advertising, there is nothing to opt out of on that front.

9. Security

We protect your data with industry-standard measures: encryption in transit, hashed passwords, secrets kept server-side, access limited to what the Service needs, and an append-only ledger for anything that touches your balance. No system is perfectly secure; if a breach affects your personal data we will notify you as the law requires.

10. Children

The Service is not directed to children and we do not knowingly collect personal data from children under 13. If you believe a child has an account, contact support@stage5.com and we will delete it.

11. Changes

We will post any changes on this page and update the "last updated" date. For material changes we will notify account holders by email or in the app.