Skip to main content
BackTunela

Privacy Policy

Last Updated: 9 May 2026 · Effective Date: Upon first user acceptance

1. Data Controller

Tunela is operated by an Israeli sole proprietor pending business entity registration. For privacy inquiries, contact privacy@tunela.ai.

2. What We Collect and How Long We Keep It

Account data

Your email address, a salted and hashed password (if you use email sign-in), your chosen display name, and optionally your Google account identifier (if you sign in with Google). Retained while your account is active; deleted within 30 days after you close the account, except records we are required to keep by law (for example, tax records related to purchases).

Audio and video uploads

Files you upload for conversion, stem separation, voice training, text-to-speech, and video voice swapping. These are stored in our cloud storage and deleted automatically according to your plan:

  • Free plan: 1 day (24 hours) after job completion
  • Starter plan: 3 days after job completion
  • Pro plan: 14 days after job completion
  • Premium plan: 60 days after job completion

Converted output files and stem separations follow the same retention schedule as their inputs.

Custom voice models

If you train a custom voice model, the resulting model file is retained while your account is active and is deleted when you delete the model or close the account.

Usage logs

IP address, user agent string, timestamps of sign-ins and significant actions, and quota usage counters. Retained for 90 days for fraud and abuse detection.

Payment information

Payment processing is handled by LemonSqueezy, which acts as the Merchant of Record. Tunela receives only: transaction ID, amount, currency, plan purchased, and subscription status. Tunela never receives or stores your full card number or bank details. Tax-related transaction records are retained for 7 years as required by Israeli law.

3. Lawful Bases (GDPR Article 6)

  • Contract performance — processing data that is necessary to deliver the paid or free Services you signed up for.
  • Consent — marketing emails (opt-in only), and any use of your audio uploads for AI training (opt-in only, off by default).
  • Legitimate interest — fraud prevention, platform security, and product improvement using aggregated and anonymized usage data.
  • Legal obligation — keeping records required by tax authorities and responding to valid legal process.

4. How We Use Your Data

  • Account data: to authenticate you, send verification and password-reset emails, and bill your subscription
  • Audio and video uploads: to produce the output files you requested, and nothing else, unless you have explicitly opted in to AI training
  • Custom voice models: to let you run conversions, TTS, and video swaps using the model
  • Usage logs: to detect abuse, enforce plan limits, and diagnose technical issues
  • Payment records: to deliver receipts, process refunds, and comply with tax law

5. Third-Party Processors

We use the following sub-processors. Each operates under its own privacy policy:

  • LemonSqueezy — payment processing and Merchant of Record. Privacy policy.
  • Microsoft Azure (Azure Blob Storage) — file storage for user audio and voice models. Region: East US (United States). Privacy statement.
  • Resend — transactional email delivery (verification, password reset, account notifications). Privacy policy.
  • Vercel — web hosting for the Tunela website. Privacy policy.
  • Google — OAuth sign-in (optional, only if you choose to sign in with Google). Privacy policy.
  • Sentry — error monitoring and performance tracing. Privacy policy.

6. International Data Transfers

Your personal data, including uploaded audio files and converted outputs, are stored on Microsoft Azure servers located in the East US region (United States).

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: this means your data is transferred outside your home jurisdiction. Tunela relies on the following legal mechanisms for this transfer:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission (Commission Implementing Decision 2021/914)
  • Microsoft’s EU Data Boundary commitments and their Product Terms, which include SCCs as a default transfer mechanism
  • Supplementary measures including encryption at rest and in transit

You have the right to request a copy of the SCCs or additional information about safeguards by contacting privacy@tunela.ai.

If you are uncomfortable with this transfer, you may choose not to use the Services. Tunela may in the future offer EU-region storage as a premium option.

7. Your GDPR Rights (EEA / UK)

If you are in the European Economic Area or the United Kingdom, you have the following rights under the GDPR or UK-GDPR:

  • Right of access (Article 15) — ask for a copy of the personal data we hold about you
  • Right to rectification (Article 16) — correct data that is wrong
  • Right to erasure / “right to be forgotten” (Article 17)
  • Right to restriction (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent at any time (where we rely on consent)
  • Right to lodge a complaint with your national supervisory authority. A directory is available at edpb.europa.eu.

To exercise any of these rights, email privacy@tunela.ai. We respond within 30 days.

8. CCPA Rights (California)

If you are a California resident, the California Consumer Privacy Act gives you the right to:

  • Know what personal information we collect and how we use it
  • Delete personal information we hold about you
  • Correct inaccurate personal information
  • Opt out of any “sale” or “sharing” of your personal information — Tunela does not sell or share personal data for cross-context advertising.
  • Limit the use of sensitive personal information
  • Not be discriminated against for exercising these rights

To exercise these rights, email privacy@tunela.ai.

9. UK-GDPR

Following the United Kingdom’s exit from the EU, the UK-GDPR applies to UK residents. It mirrors the rights listed in Section 7. UK residents may also complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

10. Children’s Privacy

Tunela is not intended for users under 18, and we require users to confirm they are 18 or older at sign-up. We do not knowingly collect personal information from anyone under 18. If we learn that an account was created by someone under 18, we delete the account and its data within 30 days. If you believe a minor has created an account, contact privacy@tunela.ai.

11. Cookies

For details about the cookies we use, see our Cookie Policy.

12. Automated Decision-Making

Tunela does not make solely automated decisions about users that have legal or similarly significant effects. Content moderation and account actions that rely on automated signals are reviewed by a human on appeal.

13. Data Breach Notification

If we detect a personal data breach likely to cause a risk to your rights and freedoms, we will notify affected users without undue delay, and in any event within 72 hours as required by the GDPR where applicable.

Where Israeli law applies, we additionally follow the notification timelines and obligations set out under the Israel Privacy Protection Law.

14. Data Protection Officer

Tunela has not appointed a Data Protection Officer. Based on our scale and the nature of our processing, we are below the GDPR mandatory-DPO threshold. For any privacy inquiry, email privacy@tunela.ai.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email.

16. Contact

Privacy inquiries: privacy@tunela.ai. We aim to respond within 30 days.

© 2026 Tunela. All rights reserved.