Privacy
Last updated · July 2026
This policy is a plain-language template, shared for transparency while our final legal review is completed. It describes how Dear Theo is built to handle your information today.
Dear Theo is a workspace for creative teams. We keep what we hold to what the product genuinely needs, scope it to your organization, and never sell it.
What we collect
We collect only what the studio needs to run for you:
- Account details from Google sign-in — your name, email address, and profile image, shared through Google OAuth when you choose to sign in.
- The documents, briefs, and reference material you upload, along with the concepts, copy, stills, and films generated in your workspace.
- The language, image, and video provider API keys you choose to connect.
- Basic usage and diagnostic data — the actions taken in the product and technical logs that help us keep it reliable and secure.
How we use it
Your information is used to operate the service: to sign you in, keep your work, ground each agent in your own references, generate the concepts and media you ask for, and provide support when you need it. We also look at aggregate, non-identifying diagnostics to keep the product reliable.
We do not sell your data, and we do not use your content or generated work to train public AI models.
How your data is stored and secured
Your documents, briefs, and workspace metadata are stored in Google Firestore. The vector embeddings that power retrieval over your own material are stored in Pinecone and scoped to your organization, so your knowledge stays yours. Generated media is held in Firebase Storage.
Any provider API keys you connect are encrypted at rest. Access to a workspace is scoped per organization, and data is carried over encrypted connections.
Third-party processors
To provide the service, we rely on a small set of processors:
- Google — for authentication and for our hosting and storage infrastructure (Firebase and Google Cloud).
- Pinecone — for the vector search that grounds each agent in your own documents.
- The language, image, and video providers you connect — your prompts and the relevant context are sent to the provider you choose so it can generate a result. That processing is governed by the provider's own terms.
When you bring your own API keys, generation runs on your provider account and billing relationship.
Data retention
We keep your information for as long as your account is active. You can export or delete your content at any time from within the product. If you close your account, we remove your workspace data within a reasonable period, except where we are required to retain limited records to meet legal or security obligations.
Your rights
You own the material you bring and the work generated in your workspace. You can access, correct, export, or delete your data. Depending on where you live, you may have additional rights under applicable privacy laws — we honor those requests regardless of location.
Changes to this policy
As the product evolves, we may update this policy. When we make a material change, we will update the date above and, where appropriate, let you know in the product.
Contact
Questions about privacy, or a request about your data? Write to us at privacy@deartheo.app.