Privacy Policy
Last Updated: January 8, 2026
1. Introduction
Welcome to Sundra. Sundra ehf. ("we," "our," or "us"), located at Stórhöfða 33, 110 Reykjavík, Iceland, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and disclose information through our website (www.sundra.io) and our video processing platform.
As an Icelandic company, we process personal data in accordance with the Icelandic Data Protection Act and the EU General Data Protection Regulation (GDPR).
2. Data We Collect
We collect information that you provide directly to us and information generated through your use of the platform:
- Account Data: Name and email address.
- User Content: Video files, audio files, text or any type of document and the resulting transcripts/translations you upload or generate.
- Metadata: We process metadata associated with your uploaded files (e.g., file size, duration, creation date) unless you strip it prior to upload.
- Technical & Log Data: IP addresses, browser type, Internet Service Provider (ISP), date/time stamps, and device information for security, analytics, and troubleshooting.
- Payment Data: Payments are handled by Paddle. We do not store your credit card details; Paddle provides us only with transaction confirmations and subscription status.
3. How We Use Your Data
We use your data to:
- Provide transcription, translation, and video processing services.
- Manage your account and subscriptions.
- Improve, personalize, and expand our website.
- Communicate with you for customer service, updates, and marketing/promotional purposes directly or via partners like Kit.
- Process transactions and manage your subscription.
- Find and prevent fraud and maintain platform security.
AI Processing & Training:
We use sub-processors (including OpenAI and Google) to process your audio and video for transcription and translation.
- User Content: We do not use your uploaded video, audio, or transcripts to train our machine learning models or those of our sub-processors.
- System Improvements & Feedback: To improve accuracy for your specific account and our general service, we may use "Service Feedback" to train our models. This includes:
- Manual Corrections: Changes you make to transcripts or translations.
- Glossaries & Wordbanks: Terms and definitions you provide to the system.
- Product Interactions: Data on how you use our editing tools.
- Future Use: If we decide to use data for model training to improve our AI, we will update this policy and provide users with clear notice and a mechanism to opt-out of such processing.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), our legal basis for collecting and using the personal information described above depends on the context:
- Contractual Necessity: To provide the service you signed up for.
- Consent: For marketing communications (newsletters) and non-essential cookies.
- Legitimate Interest: For platform security, analytics, and basic business operations.
5. Data Sharing and Sub-processors
We share data with trusted third-party service providers who assist in operating our platform:
- Hosting: AWS, operating on regions within the EU.
- AI Processing: OpenAI, Google Cloud AI, AWS.
- Payments: Paddle.
- Marketing & Analytics: ConvertKit, Google Analytics, and Webflow.
- Integrations: If you connect a third-party integration (such as Vimeo), we process data from those platforms as instructed by you. Use of these integrations is also subject to the third party's privacy policy (e.g., Vimeo Privacy Policy).
International Transfers: While our primary hosting is in the EU, some sub-processors (like OpenAI) are based in the USA. We ensure that Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms are in place to protect your data.
6. Data Retention
- Active Accounts: We store your content as long as your account is active.
- Cancelled Accounts: If you cancel your subscription, we retain your video data for 30 days before permanent deletion to allow for account recovery.
- Account Deletion: If you delete your account entirely, all personal data and content are purged from our active databases within 30 days, subject to legal requirements (like keeping invoices for tax purposes).
7. Your Rights
GDPR (Europe)
Under GDPR, you have the right to:
- Access/Export: Request a copy of your data.
- Rectify: Correct inaccurate data.
- Erase: Request deletion of your data (which you can also do manually via the dashboard).
- Object/Restrict: Object to certain types of processing (like marketing).
- Data Portability: Receive your data in a structured, machine-readable format.
CCPA/CPRA (California, USA)
If you are a California resident, you have the right to:
- Request disclosure of the categories and specific pieces of personal data collected.
- Request deletion of your personal data.
- Opt-out of the "sale" or "sharing" of personal information (Note: Sundra does not sell your personal data).
To exercise these rights, contact our Data Protection Officer at admin@sundra.io.
8. Cookies and Tracking
We use cookies to optimize your experience and analyze site traffic.
- Essential Cookies: Required for secure login and platform functionality.
- Analytics Cookies: We use Google Analytics to understand how visitors interact with our site. You can manage your preferences via our cookie consent banner.
9. Children's Information
Sundra does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you believe your child has provided this information on our website, please contact us immediately, and we will remove such records.
10. Security
We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (SSL/TLS) and at rest.
11. Contact Us
For any questions regarding this policy or your data, please contact:
Sundra ehf.
Stórhöfða 33, 110 Reykjavík, Iceland
Email: admin@sundra.io
