Punchlinepunchline

Punchline — Privacy Policy

Last updated: March 2026

1. Data Controller

Azimuth Systems Ltd (trading as Punchline) is the data controller for personal data processed through www.punchline.gg. We comply with UK GDPR and the Data Protection Act 2018.

2. Data We Collect

  • Account information: email address, authentication data
  • Uploaded content: audio/video files and brand assets (watermark images) you provide
  • Generated data: transcripts, clip plans, analysis results, and generated video/audio clips
  • Brand templates: caption styles, colour settings, and layout preferences you configure
  • Social platform data: when you connect a social account, we store your platform account name and ID, and import public performance metrics (views, likes, comments, shares, saves, engagement rates) for clips you have published
  • CSV import data: performance data you upload via CSV for clips published on social platforms
  • Usage data: episode counts, feature usage, and API request rates for billing and rate limiting
  • Payment data: processed by Stripe (we do not store card details)
  • Error and diagnostic data: crash reports, performance metrics, and (when an error occurs) session replay recordings to help us diagnose issues. This data is collected by Sentry and does not include your uploaded content

3. How We Use Your Data

  • To provide transcription, AI analysis, and clip generation
  • To manage your account and subscription
  • To import and display social media performance analytics for your published clips
  • To improve the quality of our AI recommendations
  • To send transactional emails: clip plan notifications, usage alerts, and file expiry warnings
  • To monitor errors and maintain service reliability
  • To enforce rate limits and prevent abuse of the Service

4. Third-Party Processors

We use the following sub-processors to deliver the Service:

  • Supabase — database, authentication, and file storage hosting
  • Deepgram — audio transcription
  • Anthropic — AI content analysis
  • Stripe — payment processing
  • Vercel — application hosting
  • Sentry — error tracking, performance monitoring, and session replay on errors
  • Resend — transactional email delivery
  • Inngest — background job processing
  • Upstash — distributed rate limiting

When you connect a social media account, Punchline exchanges data with the following platforms via OAuth:

  • YouTube (Google) — video upload via YouTube Data API; performance metrics via YouTube Analytics API
  • Instagram (Meta) — content publishing and post metrics via Instagram Graph API
  • TikTok — video publishing via TikTok Content Publishing API; video metrics via TikTok Open API. Punchline uses TikTok's API to upload clips you choose to publish directly from your dashboard. We only publish content when you explicitly initiate a publish action
  • X (Twitter) — content publishing and post metrics via X API v2
  • LinkedIn — content publishing and post metrics via LinkedIn API v2

OAuth access tokens are stored encrypted and are never exposed to the browser. Punchline will never publish content on your behalf without your explicit action. You can revoke access at any time by disconnecting the platform from your Punchline dashboard.

5. Data Retention

We apply the following retention policies to manage storage responsibly:

  • Source files (your original uploads) are automatically deleted 7 days after your clips are generated.
  • Generated clips are retained based on your subscription tier: Starter (7 days), Pro (30 days), Agency (90 days), Enterprise (unlimited).
  • Transcripts and analysis data are retained for as long as your account is active.
  • Social analytics data is retained for as long as your account is active or until you disconnect the platform.
  • Brand templates and watermark images are retained for as long as your account is active.
  • We send email notifications before clips are automatically removed.

You can delete individual episodes or your entire account at any time. Manually deleted data is permanently removed within 30 days.

6. Your Rights

Under UK GDPR, you have the right to access, rectify, erase, and port your data. To exercise these rights, contact info@punchline.gg.

Common questions

Do you sell my personal data?

No — Punchline never sells or shares your personal data with third parties for marketing purposes. Your data is only shared with the sub-processors listed in this policy (e.g. Supabase, Stripe) to deliver the service.

How long do you keep my uploaded audio and video files?

Source files are automatically deleted 7 days after your clips are generated. Generated clips are retained based on your plan: 7 days (Starter), 30 days (Pro), 90 days (Agency), or indefinitely (Enterprise).

How do I delete my account and data?

You can delete your account at any time from your dashboard settings. Manually deleted data is permanently removed within 30 days. Contact info@punchline.gg to request a full data export first.

7. Cookies & Local Storage

We use essential cookies only. We do not use tracking or advertising cookies.

  • Authentication session cookie — required to keep you signed in (set by Supabase Auth)
  • OAuth state cookie (pl_oauth_state) — a short-lived, HttpOnly cookie used during social platform connection flows to prevent cross-site request forgery. It is automatically deleted after 10 minutes
  • Cookie consent preference — stored in your browser's local storage to remember your choice

Sentry session replay may record user interactions when an error occurs to help us diagnose issues. These recordings do not capture passwords or payment details.