Graphene Studio — Privacy

This policy explains what Graphene Studio collects, how we use it, and who else sees it. It pairs with the Terms of Service.

1. What we collect

• Account data: the email + name + qualifying answers you submit on the beta signup form. Your authenticated HiveJournal account (email + auth metadata).
• Manuscript text: the EPUB / DOCX / PDF you upload + the parsed chapter text + cover image. Stored on Supabase Postgres + Storage in the US.
• Production state: chapter prose (after parsing), pronunciation lexicon entries you create, character-to-voice assignments you set, audio render output, ACX/M4B export files.
• Telemetry: per-call TTS character counts + cost (the tts_call_log table — drives your monthly quota + the spend chip on the production card), per-call LLM costs (thellm_call_log table — used for auto-cast voices and auto-suggest lexicon).
• Operational logs: backend request logs, error traces, retry counts — standard ops telemetry, retained for 30–90 days for debugging.

2. What we DON'T collect

• We don't collect biometric data, voice samples of you or anyone you know (see Terms §4 — no voice cloning during Phase 1).
• We don't collect payment information during the closed beta — it's free, we don't take cards.
• We don't share your manuscript text with third parties for advertising, model training, or analytics resale.

3. Who else sees your data

Graphene Studio is built on third-party infrastructure. Your data necessarily passes through these services as part of the production pipeline:

• Supabase hosts our Postgres database + Storage bucket for audio. US region. supabase.com/privacy.
• ElevenLabs receives the chapter text we send to their text-to-speech API. Per their policy they retain audio outputs for 30 days unless you opted out at the account level (we're on a tier where we have that option; we haven't opted out yet because debugging quality issues sometimes needs the recent history). elevenlabs.io/privacy.
• OpenAI and Anthropic receive the bible + chapter prose for non-audio LLM tasks (auto-cast voices, auto-suggest lexicon, chapter title detection on manuscript ingest). Per their respective enterprise / API defaults: prompts are not used to train their public models. openai.com/policies/privacy-policy · anthropic.com/legal/privacy.
• Resend sends our transactional email (welcome-to-beta, render-complete notifications). They see your email address + email contents. resend.com/legal/privacy-policy.
• Vercel hosts the frontend. They see standard web request metadata.

4. Audio file URLs

Rendered audio files are served from Supabase Storage with public URLs. The URLs are long random strings (effectively unguessable) but they are NOT signed or expiring — anyone with the URL can play the audio. Don't treat the URL as confidential; if you share an audio URL with someone, assume they can re-share it.

We don't crawl, index, or surface your in-progress audio files. They appear only on the season page if/when you toggle the season to public on graphene.fm.

5. Listener-side data

When an audio file you produced is played on graphene.fm, listener-side analytics may collect playback events (play, pause, seek, completion %). These are anonymous for non-logged-in listeners; for logged-in listeners they tie to the listener's HiveJournal account. You can see aggregate listen stats for your seasons via the Studio admin tools, but not individual listener identities.

6. Your rights

• Access: email sandon@hivejournal.com for an export of your manuscript + production data.
• Deletion: email the same address to delete your data. We'll confirm + complete within 30 days. Audio already published on graphene.fm comes down with it.
• Correction: account fields are editable from the dashboard; for fields not in the UI, email us.
• Portability: the ACX/M4B export at any time is your data, in industry-standard format — you can move it to any other tool or platform without our involvement.

7. Data retention

• Active accounts: we retain manuscript + audio + production state for as long as your beta access is active.
• Revoked beta access: we preserve your data for at least 30 days so you can request an export, then we may delete it.
• Operational logs: 30–90 days, rotated on standard schedules.
• Spend telemetry (tts_call_log / llm_call_log): retained indefinitely in aggregated form for unit-economics analysis. Individual call rows could be deleted on request but the aggregates would persist.

8. Children

Graphene Studio is intended for adults producing audiobooks. We don't knowingly collect data from children under 13. If you believe we've received data from a child under 13, email sandon@hivejournal.com and we'll delete it.

9. Changes

Material changes to this policy will be posted at this URL and emailed to all active beta participants at least 7 days before they take effect.