Tailslate

Legal

Privacy Policy

Last updated: 9 July 2026

1. Controller

Tailslate is provided by Oclo Labs AB, a Swedish limited liability company (aktiebolag) with organisation number 559169-7478 and postal address c/o Johannes Herrmann, Elsebergsvägen 4, 459 31 Ljungskile, Sweden.

Oclo Labs AB is the controller for personal data processed as described in this Privacy Policy. You can contact us at privacy@tailslate.ai or by post at the address above.

2. Scope

This Privacy Policy explains how we process personal data when you use the Tailslate website, application, AI-assisted video creation tools, accounts, workspaces, and related services (the “Service”).

This Policy is written to reflect the EU General Data Protection Regulation (“GDPR”), Swedish data protection law, and related Swedish rules on electronic communications and cookies.

3. Personal data we process

Depending on how you use the Service, we may process:

  • Account data: name, email address, login method, user ID, authentication data, and account settings.
  • Workspace and project data: project titles, descriptions, scripts, prompts, comments, references, storyboards, generated takes, edits, exports, and related metadata.
  • Uploaded or generated media: images, video, audio, source references, and files you add to projects or create with the Service.
  • Technical data: IP address, device and browser information, log events, session identifiers, security events, request metadata, and approximate location derived from network information.
  • Usage data: feature usage, generation job status, errors, performance data, and product interactions.
  • Communications: support messages, feedback, bug reports, and other information you send us.
  • Billing data: if paid features are introduced, subscription, invoice, transaction, and payment metadata. Full card details are normally processed by payment providers, not by us.

4. Special categories and sensitive content

Tailslate is a creative tool, so user-provided scripts, prompts, references, and media may include personal data about you or others. Do not upload or generate sensitive personal data, confidential business information, biometric identifiers, or likenesses of real people unless you have a lawful basis and all necessary rights and permissions.

5. Why we process personal data and legal bases

  • To provide the Service, including accounts, workspaces, project storage, generation jobs, edits, exports, and support. Legal basis: performance of a contract.
  • To secure and operate the Service, including fraud prevention, rate limiting, abuse detection, debugging, backups, and reliability monitoring. Legal basis: legitimate interests and, where applicable, legal obligation.
  • To improve Tailslate, including product analytics, feature evaluation, and quality improvements. Legal basis: legitimate interests or consent where required.
  • To communicate with you, including service notices, security alerts, support replies, and administrative messages. Legal basis: performance of a contract and legitimate interests.
  • To process payments, if paid features are offered. Legal basis: performance of a contract and legal obligation.
  • To comply with law, including accounting, tax, regulatory requests, dispute handling, and enforcement of our Terms. Legal basis: legal obligation and legitimate interests.

6. AI processing and model providers

When you use AI features, prompts, source material, media, and related metadata may be sent to model providers or infrastructure providers so they can generate, transform, store, or deliver outputs. We aim to send only the information needed to provide the requested feature.

Do not submit personal data or confidential material to AI features unless you are comfortable with that material being processed by the providers needed to perform the generation.

7. Cookies and local storage

We use strictly necessary cookies, session storage, and local storage to provide authentication, security, routing, project-start flows, and core functionality. See our Cookie Policy for more details.

8. Who we share data with

We may share personal data with:

  • hosting, storage, database, observability, and security providers;
  • authentication and identity providers, such as Google if you sign in with Google;
  • AI model and media-processing providers used to fulfil generation requests;
  • payment and billing providers if paid features are used;
  • professional advisers, auditors, insurers, or legal representatives;
  • authorities, courts, or regulators where required by law or necessary to protect rights, safety, and security; and
  • a successor or buyer in connection with a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate safeguards.

We do not sell your personal data. We do not use your private projects in public marketing unless you give us permission.

9. International transfers

We are based in Sweden, but some providers may process personal data in other countries, including countries outside the EU/EEA. Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as adequacy decisions, the European Commission’s Standard Contractual Clauses, and supplementary measures where required.

10. Retention

We keep personal data only for as long as needed for the purposes described in this Policy, unless a longer retention period is required by law.

  • Account data is generally kept while your account is active and for a reasonable period after deletion if needed for security, disputes, or legal compliance.
  • Project content and media are generally kept until you delete them, close your account, or request deletion, subject to backup and legal retention limitations.
  • Technical logs and security records are kept for limited periods appropriate to security, troubleshooting, and abuse prevention.
  • Accounting and billing records are kept as required by Swedish accounting and tax law.

11. Security

We use technical and organisational measures designed to protect personal data, including access controls, encrypted transport, provider security controls, and monitoring. No online service can be guaranteed to be completely secure, so you should also protect your account and be careful with sensitive content.

12. Your GDPR rights

Subject to the conditions and limits in GDPR, you have the right to:

  • request access to your personal data;
  • request correction of inaccurate personal data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • request data portability;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) or another competent supervisory authority.

To exercise rights, contact privacy@tailslate.ai. We may need to verify your identity before responding.

13. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact us so we can take appropriate action.

14. Changes to this Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you. The updated version applies from the date shown at the top of the Policy.

15. Contact

For privacy questions or GDPR requests, contact Oclo Labs AB at privacy@tailslate.ai or by post at c/o Johannes Herrmann, Elsebergsvägen 4, 459 31 Ljungskile, Sweden.