Security & Data Handling
How SceneGen treats your code, your data, and your privacy.
The short version
SceneGen reads parts of your codebase to generate a video. Your code is never stored, never shared, and never used for AI training. Once your video is rendered, all code data is discarded.
What we read from your codebase
When you point SceneGen at a project, we scan for:
- Route, controller, and model files — to understand your app's structure
- Component files (React, Vue, etc.) — to recreate your UI visually
- CSS, Tailwind config, and design tokens — to match your app's real look and feel
- Package manifests (package.json, Gemfile, etc.) — to detect your tech stack
- Logo and brand images (og-image, favicon, etc.) — to show your real branding
We do not read: .env files, credentials, secrets, private keys, database contents, user data, or anything in node_modules, .git, or build output directories.
What we send to the AI
A compact summary of your codebase — typically the first 200 lines of 10-18 key files — is sent to Anthropic's Claude API to generate your storyboard and scene components. This summary includes:
- File structure (directory tree, 2 levels deep)
- Trimmed source code from priority files
- Extracted design tokens (colors, fonts, spacing)
- Brand images you upload or we auto-detect
What Anthropic does with your data
We use Anthropic's commercial API, which has clear data handling commitments:
- Your inputs and outputs are not used to train Anthropic's models
- Data is not stored beyond the API request lifecycle (typically 30 days for safety, then deleted)
- Full details: Anthropic's Privacy Policy
What we store
- Your email (if you join the waitlist) — stored on our server, never shared or sold
- Your rendered video — stored temporarily for download, auto-deleted after 24 hours
- Your storyboard JSON — scene titles, narration text, timing. No source code.
We do not store your source code, design tokens, or brand images after your video is rendered.
What we never do
- Sell or share your data with third parties
- Use your code or videos for marketing without your permission
- Train any AI model on your code or content
- Access your codebase beyond what's needed to generate your video
Infrastructure
- Application hosted on Render (SOC 2 compliant)
- All traffic over HTTPS/TLS
- No database — waitlist stored in encrypted volumes, videos in ephemeral storage
- AI processing via Anthropic's API (SOC 2 Type II compliant)
Questions?
If you have security concerns or questions about how we handle your data, reach out directly: eric@scenegen.dev