Privacy Policy

This Privacy Policy explains what information VIX collects, how we use and share it, and the choices you have. It applies to the VIX website, the Workflow Editor, Bunni, Studio, and related services (the "Services"), operated by Sober Bunny Labs, LLC, a Delaware limited liability company located at 1207 Delaware Avenue, #1465, Wilmington, DE 19806 ("Sober Bunny Labs," "VIX," "we," "us," or "our").

The Services are intended for adults. You must be at least 18 to use VIX. This policy works alongside our Terms of Service. Capitalized terms like Content, Input, Output, and Model Providers have the meanings given in the Terms.

Account and identity

Accounts are handled by our authentication provider, Clerk. When you sign up, we receive your name, email address, and authentication identifiers, and — if you sign in with a third-party login — basic profile details from that provider.

Content, Inputs, and Outputs

We process the Content you upload and the Inputs you send to tools — including images, video, audio, voice samples, text prompts, and settings — and the Outputs generated from them. Media files are stored using Cloudflare R2. Some tools require sending this material to Model Providers to produce a result (see below).

Payment information

Subscriptions are processed by Stripe. We do not store your full card number; Stripe does. We retain billing metadata such as your subscription tier and status, billing interval, and limited transaction details.

Usage, device, and log data

As you use the Services, we collect technical and usage information — IP address, device and browser details, pages and features used, actions taken on the canvas, timestamps, and error and diagnostic logs.

Cookies and similar technologies

We and our providers use cookies and similar technologies to keep you signed in, remember preferences, secure the Services, and understand usage. See the cookies section below.

Information from third parties

We may receive information from the providers that power the Services — for example, authentication results from Clerk, payment and subscription events from Stripe, and job-completion callbacks from compute and model services.

• To provide, operate, and maintain the Services and your account.
• To run the tools you invoke — routing your Inputs and Content to the Model Providers and compute services needed to generate Outputs.
• To process subscriptions, billing, and payments through Stripe.
• To provide support and respond to your requests.
• To secure the Services, prevent fraud and abuse, and enforce our Terms and Acceptable Use rules — including automated and human review of Inputs and Outputs.
• To understand, troubleshoot, and improve the Services using de-identified and aggregated usage data.
• To send service, security, and billing communications.
• To comply with law and respond to lawful requests.

VIX routes the work you build to third-party AI Model Providers. When you run a tool, your Input — and any Content it needs — is transmitted to the relevant Model Provider, the model runs on that provider’s systems, and the Output is returned to you. We act as a router; the Model Provider processes your data under its own privacy policy and terms.

Model Providers include, among others, Google (including Veo), Runway, ElevenLabs, Black Forest Labs, Kling, and Suno, along with model-hosting and aggregation services such as Runware and fal.ai. This list is not exhaustive and changes as tools are added or removed.

Each Model Provider decides what it does with the data it receives, including whether it logs or retains Inputs. Where a provider offers a setting that prevents using your Inputs to train its models, we direct requests to that option where available — but we do not control, and are not responsible for, a Model Provider’s data practices. Review the applicable Provider Terms and privacy policy before using a tool.

We do not sell your personal information. We share it only as described here. The core service providers (processors) that handle data on our behalf are:

• Clerk — authentication and account management.
• Convex — application database and backend functions.
• Cloudflare R2 — storage of your media files.
• Stripe — payment processing and subscription management.
• Modal — GPU and compute workers that run media processing and AI jobs.
• AI Model Providers — the generation services described above.
• Providers that help us operate the Services — for example, analytics, error-monitoring, and email-delivery tools.

We may also disclose information to comply with law or lawful requests, to protect the rights, safety, and security of users, the public, or VIX, to enforce our Terms, and in connection with a merger, acquisition, financing, or sale of assets (with notice where required). We may share de-identified or aggregated information that cannot reasonably identify you.

We do not train AI models on your Content, and we do not sell your personal information or your Content. We may use de-identified, aggregated usage data to operate, secure, and improve the Services. Third-party Model Providers are governed by their own terms and privacy policies, which determine what they do with the data you send when you use their models — see “AI processing and third-party model providers” above.

We use a few categories of cookies and similar technologies: essential ones that keep you signed in and the Services working; functional ones that remember your preferences; and analytics ones that help us understand usage.

You can control cookies through your browser settings, though disabling some may break parts of the Services. Because we do not sell your personal information, the Services do not currently respond to "Do Not Track" or Global Privacy Control browser signals.

We keep personal information for as long as your account is active and as needed to provide the Services, and longer where required for legal, tax, accounting, security, or dispute-resolution purposes. Your Content stays until you delete it or close your account. After account closure, we delete or de-identify your Content following a 30-day retrieval window; residual copies may remain in backups for a limited time before being overwritten. You can request deletion as described in “Your privacy rights” below.

EEA and UK (GDPR)

If you are in the European Economic Area or the United Kingdom, you have rights to access, correct, delete, restrict, and port your personal data, and to object to certain processing or withdraw consent. We process personal data on the legal bases of performing our contract with you, our legitimate interests in operating and improving the Services, your consent where applicable, and legal compliance. You may lodge a complaint with your local supervisory authority.

California and other U.S. states

If you are a resident of California or another U.S. state with a privacy law (such as Colorado, Connecticut, Virginia, Utah, Oregon, Texas, or Montana), you have rights to know, access, correct, and delete your personal information, to opt out of its "sale" or "sharing" for targeted advertising, and not to be discriminated against for exercising those rights. We do not sell your personal information. You may use an authorized agent to make a request.

How to exercise your rights

Contact us at support@soberbunnylabs.com. We will verify your request and respond within the time required by applicable law.

Some tools work with voice. If you upload a voice sample to a voice-cloning or synthesis tool, that audio is sent to the relevant Model Provider to generate your Output. Depending on how it is used, voice data may qualify as biometric data under some laws — for example, when used to identify a person. You may only upload a voice you own or have explicit consent to use, as required by our Acceptable Use rules. We do not retain voice data beyond what is needed to provide the Services and your stored Content, and where voice data is treated as biometric data, we will not keep it longer than necessary and in no case more than three years after your last interaction with the Services.

We and our providers operate primarily in the United States, and your information may be processed in the U.S. and other countries whose laws may differ from yours. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.

The Services are for adults. We do not direct the Services to anyone under 18 and do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact us and we will delete it.

We use technical and organizational measures designed to protect personal information — including encryption in transit and access controls — and rely on established providers such as Clerk, Convex, Cloudflare, Stripe, and Modal. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy here with a new date and, where required, notify you. Your continued use of the Services after an update means you accept the revised policy.

Questions or requests about your privacy? Reach us at support@soberbunnylabs.com, or by mail at Sober Bunny Labs, LLC, 1207 Delaware Avenue, #1465, Wilmington, DE 19806.