Welles
Legal

Privacy Policy

Last updated May 3, 2026

Welles is built by Lonely Hearts Club. This policy describes the data we collect when you use the Welles macOS app, the marketing site, and the hosted backend that powers AI features and shared recordings. Read it before you sign in; if there's anything you'd change, write to us at hello@lonelyheartsclub.xyz.

1. What we collect

  • Account data — your email address, the timestamp at which you signed up, and authentication tokens needed to keep you signed in across launches.
  • Usage events — counts of recordings made, AI features invoked, and exports queued, used to enforce free-trial limits and to bill metered AI usage. We do not log the content of your recordings or scripts in this stream.
  • Content you upload — when you create a hosted share, the rendered MP4 and any sidecar metadata (captions, edit state) are stored on our infrastructure for as long as the share link is active. You can delete a share at any time and the file is removed.
  • Payment data — handled entirely by Stripe. We never see your full card number; we receive a customer ID, the plan you subscribed to, and event metadata sufficient to grant you access.
  • Diagnostic data — anonymous error reports and performance traces if you opt in. Off by default.

2. What we don't collect

Local recordings live on your Mac in ~/Library/Application Support/Welles/Recordings. They are not uploaded anywhere unless you explicitly create a share or invoke an AI feature on them. We have no access to recordings that never leave your device. The macOS app does not run third-party analytics or advertising SDKs.

3. How we use your data

  • Authenticate you across sessions and devices.
  • Enforce free-trial limits and entitlements (one trial recording per account).
  • Process payments and manage subscriptions through Stripe.
  • Render shared videos when someone opens a share link.
  • Power AI features (script generation, voiceover, music) by sending only the data the model needs and only when you invoke them.
  • Investigate bug reports you send us, on a per-incident basis.

4. Subprocessors

We use a small set of trusted vendors to operate Welles — for authentication, payment processing, AI model inference, and hosting. Each one only receives the data needed for the function it performs. The current list is available on request; email us at hello@lonelyheartsclub.xyz if you require it under a contractual sub-processor consent right and we'll send it along with notification when it changes.

5. Data retention

Your account, billing history, and usage events are retained while your account is active and for 12 months after deletion to satisfy tax, accounting, and abuse-prevention obligations. Hosted shares are retained until you delete the share or the account. Diagnostic data is retained for 30 days.

6. Your rights

Regardless of where you live, you can request access to, correction of, export of, or deletion of your data by emailing hello@lonelyheartsclub.xyz. We respond within 30 days. Residents of the EEA, UK, and California have additional rights under GDPR / UK GDPR / CCPA respectively, which we honour even when not legally required to.

7. Security

Data in transit is encrypted with TLS 1.2+. Authentication tokens are stored in macOS Keychain. Subscriber records and uploaded files are encrypted at rest by our hosting provider. We do not log full bearer tokens, payment instrument numbers, or content of AI prompts.

8. Children

Welles is not directed at anyone under 13 (16 in the EEA) and we do not knowingly collect data from children. If you believe we have, write to us and we'll delete it.

9. Changes to this policy

We'll update the "last updated" date when this policy changes. Material changes — like adding a new subprocessor that receives content data — get an email to your account address before they take effect.

10. Contact

Lonely Hearts Club LLC, Brooklyn, NY.
Email: hello@lonelyheartsclub.xyz