Legal

Privacy Policy

Last updated: May 7, 2025

1. Introduction & Who We Are

This Privacy Policy explains how Scrolla Typography Engine ("Scrolla", "we", "us", or "our"), accessible at scrolla.in, collects, uses, and protects information about you when you use our service.

We are committed to protecting your privacy in accordance with the Information Technology Act, 2000 (India), the IT (Amendment) Act, 2008, and where applicable the General Data Protection Regulation (GDPR). By using Scrolla you agree to the practices described in this policy.

2. What Data We Collect

We collect the following categories of information:

Account Information

  • Full name and email address provided at registration
  • Password (stored as a cryptographic hash — never in plain text)
  • Profile preferences and onboarding responses

Payment Data

  • Subscription plan and billing status — we record which plan you are on and when it renews
  • Payment transactions are processed by Razorpay. Scrolla does not store raw card numbers, UPI handles, or bank account details. Razorpay handles PCI-DSS compliance for payment data.

Usage Data

  • Scripts, prompts, and ad copy you enter to generate videos
  • Templates selected and visual settings applied
  • Export history and rendered video metadata
  • Feature usage patterns (which tools you use most)

Device & Browser Information

  • IP address and general geolocation (country level)
  • Browser type and version, operating system
  • Referring URL and pages visited on scrolla.in

3. How We Use Your Data

We use the information we collect to:

  • Provide the service — render your videos, manage your account, enforce plan limits, and process payments
  • Communicate with you — send transactional emails such as email verification, payment receipts, and export notifications
  • Improve the product — analyse anonymized, aggregated usage data to understand which features work well and prioritise improvements
  • Security & fraud prevention — detect abuse, enforce our Acceptable Use Policy, and protect our infrastructure

We do not sell your personal data to third parties, and we do not use your video scripts or ad copy to train external AI models without explicit consent.

4. Data Storage & Security

Your data is stored on cloud infrastructure hosted primarily in India and governed by applicable Indian data protection laws. We use the following measures to protect your information:

  • All data in transit is encrypted via HTTPS/TLS
  • Passwords are hashed using bcrypt before storage
  • Access tokens use short expiry windows with secure refresh token rotation
  • Database access is restricted to authenticated application services — no direct public access
  • Exported videos are stored on Cloudinary with access controls

Despite these measures, no method of electronic transmission or storage is 100% secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.

5. Cookies

We use cookies and similar technologies for the following purposes:

Essential Cookies

Required for the service to function — these include your authentication session (httpOnly refresh token cookie) and security tokens. You cannot opt out of these while using the service.

Analytics Cookies

We use Google Analytics and Vercel Analytics to understand how users navigate the site. These cookies collect anonymized data. You can opt out by using a browser extension such as the Google Analytics Opt-out Browser Add-on.

We do not use advertising or tracking cookies that follow you across third-party websites.

6. Third-Party Services

We share data with the following third-party services only to the extent necessary to operate Scrolla:

  • Razorpay — payment processing. Your payment details are governed by Razorpay's Privacy Policy.
  • Cloudinary — cloud storage and delivery of exported videos
  • Google Gemini API — AI-based content generation from the prompts you provide. Prompts are sent to Google for processing in accordance with Google's Privacy Policy.
  • Google Analytics / Vercel Analytics — anonymized usage analytics

We require all third-party processors to maintain appropriate data security standards and only process your data for the purposes we specify.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Correction — ask us to correct inaccurate or incomplete data
  • Deletion — request that we delete your account and associated personal data (subject to legal retention obligations)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing of your data for analytics or marketing

To exercise any of these rights, email us at support@scrolla.in with the subject line "Privacy Request". We will respond within 30 days.

You can also delete your account directly from your account settings within the app, which will trigger an immediate soft-delete of your profile data.

8. Children's Privacy

Scrolla is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such data, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@scrolla.in.

9. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make material changes we will update the "Last updated" date and notify active users by email. Your continued use of Scrolla after changes take effect constitutes acceptance of the revised policy.

10. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Email: support@scrolla.in

Website: scrolla.in

Also see: Terms of Service