Security & Data Handling
How SceneGen treats your code, your data, and your privacy.
The short version
SceneGen reads parts of your codebase to generate a video. Your source code is never permanently stored, never shared, and never used for AI training. Once your video is rendered, all code data is deleted from our servers.
What we read from your codebase
When you point SceneGen at a project, we scan for:
- Route, controller, and model files — to understand your app's structure
- Component files (React, Vue, etc.) — to recreate your UI visually
- CSS, Tailwind config, and design tokens — to match your app's real look and feel
- Package manifests (package.json, Gemfile, etc.) — to detect your tech stack
- Logo and brand images (og-image, favicon, etc.) — to show your real branding
- Landing page content — headlines, features, and descriptions to inform the storyboard
We do not read: .env files, credentials, secrets, private keys, database contents, user data, or anything in node_modules, .git, or build output directories.
What we send to third-party services
Anthropic's Claude API — A compact summary of your codebase (typically the first 200 lines of 10-18 key files) is sent to generate your storyboard and scene components. This includes:
- File structure (directory tree, 2 levels deep)
- Trimmed source code from priority files
- Extracted design tokens (colors, fonts, spacing)
- Brand images you upload or we auto-detect
Anthropic's commercial API does not use your inputs or outputs to train their models. Data is retained for up to 30 days for safety monitoring, then deleted. Full details: Anthropic's Privacy Policy
Microsoft Edge TTS — Scene narration text (not your source code) is sent to Microsoft's text-to-speech service to generate voiceover audio.
Stripe — If you purchase a video or subscribe, payment information is handled entirely by Stripe. We never see or store your card number.
What we store
- Your email — stored in our database for account management, demo delivery, and purchase receipts. Never shared or sold.
- Your rendered video — stored on Cloudflare R2 (see retention policy below).
- Your storyboard — scene titles, narration text, and timing. No source code.
- Paid user assets — if you purchase a video, scene components, audio files, and storyboard are saved for future editing.
- Account data — email, hashed password (bcrypt), subscription status.
We do not permanently store your source code, design tokens, or brand images after your video is rendered.
Video retention
| Tier | Video | Assets (scenes, audio) |
|---|---|---|
| Free (no account) | 24 hours | Not saved |
| Free (with account) | 7 days | Not saved |
| $5 single purchase | Permanent | Permanent |
| $9/mo subscriber | Permanent | Permanent |
What we never do
- Sell or share your data with third parties
- Use your code or videos for marketing without your permission
- Train any AI model on your code or content
- Access your codebase beyond what's needed to generate your video
- Store your payment card information (handled entirely by Stripe)
Infrastructure
- Web server — hosted on Render (SOC 2 compliant), all traffic over HTTPS/TLS
- Database — PostgreSQL on Render, encrypted at rest
- Video rendering — Modal.com serverless functions. Your code is cloned into an ephemeral container, used to generate scenes, and deleted when rendering completes.
- Video & asset storage — Cloudflare R2, encrypted at rest
- AI processing — Anthropic's Claude API (SOC 2 Type II compliant)
- Payments — Stripe (PCI DSS Level 1 compliant)
- Email — Google Workspace SMTP
Code sanitization
All AI-generated scene code is validated before execution. Our sanitizer blocks:
- Node.js built-in imports (fs, child_process, net, etc.)
- Environment variable access (process.env)
- Network requests (fetch, XMLHttpRequest)
- Dynamic code execution (eval, Function constructor)
- Parent directory imports
Scenes that fail validation are replaced with a safe fallback component.
Questions?
If you have security concerns or questions about how we handle your data, reach out directly: eric@scenegen.dev