Privacy policy

We collect the least we need to run the studio: your account, the scripts and audio you make, and usage counters. We do not sell your data, and we do not train any model on your work. Voice clones are treated as sensitive biometric data and are deleted when you delete them. Everything below is the long version of those sentences.

This policy is written in plain language on purpose. If anything here is unclear, email legal [at] cantari.io and we will fix the wording.

• Your account email, so you can sign in and we can reach you.
• Your scripts and the audio you generate, kept in your private library.
• If you clone a voice: the reference clip you upload, the consent attestation you made, and the resulting voice. This is biometric data; see voice clones.
• Usage counters, so we can apply your allowance and keep the service running.
• If you upgrade: your plan and subscription state. Payments are handled by Stripe; we never see or store your card number.
• Basic technical data needed to serve and secure the site (IP address at request time, for rate limiting and abuse prevention).

• We do not sell or share your personal information, to anyone, ever.
• We do not train any model on your scripts, your audio, or your voice clones.
• We do not publish your library or make it visible to other users.
• We do not use your data for advertising or build cross-site profiles of you.

We process your data for a small set of plain purposes, and nothing beyond them:

• To provide the service. Your account, generating and storing audio, and applying your plan, the things you signed up for.
• With your consent. For voice features such as cloning, which you initiate with an explicit attestation, and which you can withdraw by deleting the voice.
• To keep the service secure. Rate limiting, abuse prevention, and cookieless analytics that keep the service working.
• To meet legal and tax obligations. Where we must keep certain records, for example billing records.

To generate audio, the text or audio you submit is sent to the engine doing the work. We are honest about every third party in that path:

• OpenRouter and the named engine vendors (Google for Gemini Flash speech and Lyria music, xAI for Grok Voice, Microsoft for MAI Voice 2, and the Kokoro and Zonos models) process the text you submit to generate speech and music.
• Cartesia processes voice cloning: the reference clip and any text spoken with a cloned voice. Cartesia holds the cloned voice until you delete it, which also requests deletion on their side.
• Groq (reached through OpenRouter) processes audio you transcribe in the speech-to-text and dubbing tools, and dictation from Cantari Scribe.
• Script helpers (enhance, translate, manuscript prep) run on OpenRouter text models from Google, OpenAI, and DeepSeek. DeepSeek models are served only by zero-data-retention Western hosts; your text is never sent to DeepSeek’s own servers.
• Supabase hosts your account and library data. Vercel hosts and serves the site. Stripe processes payments. Partnero runs the affiliate program (only for referred-account attribution). Rybbit provides cookieless analytics.

We pick these vendors deliberately and name them so you know exactly where your text and audio go when you press generate. Each is bound by a data-processing agreement.

Voice cloning is not currently offered. It is coming soon; this section describes how we will handle voice data when that feature launches.

A cloned voice is created from a recording of a real person’s voice. In some places (including Illinois, Texas, and Washington) a voiceprint is treated as a biometric identifier with specific legal protections. We treat every clone that way:

• You may only clone a voice you are entitled to: your own, or one you have explicit permission to use. You attest to this before a clone is created.
• We never clone the voices of minors, in any circumstance.
• We do not sell, lease, or trade biometric voice data.
• Retention: a clone and its reference clip are kept only while the voice exists in your account. Delete the voice and we delete the clip and request deletion at Cartesia. We do not keep voiceprints longer than needed for the purpose you created them.

The full consent rules live in the cloning consent guide.

• Library audio and scripts: until you delete them or close your account.
• Voice clones and reference clips: until you delete the voice.
• Account data: until you ask us to delete your account.
• Billing records: as long as required for tax and accounting, then deleted.
• Usage counters and security logs: kept briefly for operating and securing the service, then aged out.

Cantari serves users in the United States. Depending on your state (for example California under the CCPA and CPRA, Connecticut under the CTDPA, and other Virginia-model states), you have some or all of these rights: know what we collect, access a copy of your data, correct it, delete it, export it, and opt out of the sale or sharing of personal information. We do not sell or share your data, so there is nothing to opt out of, but you can still ask.

• Delete any item from your library individually, at any time.
• To exercise any other right, email legal [at] cantari.io. We will verify your identity, then respond within 45 days under the CCPA/CPRA and CTDPA, extendable once by another 45 days with notice.
• Anything you have already exported is a file on your machine and stays yours.

If you believe we have not handled a request properly, you may contact the California Privacy Protection Agency or the Connecticut Attorney General. We would rather you tell us first so we can fix it.

Cantari is operated from the United States; your data is stored and processed in the US.

Cantari is not directed to children and is intended for users 13 and older. We do not knowingly collect personal information from children under 13, and we never clone the voices of minors. If you believe a child has given us personal information, email legal [at] cantari.io and we will delete it.

Your data sits behind row-level access controls so one account cannot read another’s, and it is encrypted in transit and at rest by our hosts. No system is perfectly secure, but if a breach ever affects your personal data, we will notify you and any required authority within the timeframes US state breach-notification laws require.

This is an early product and this policy will mature with it. When we make a material change, we will update the date above and, for significant changes, say so plainly rather than quietly swap the page.

Ownership of what you generate is covered on the ownership page. Cookies are covered in the cookie policy. For anything else, email legal [at] cantari.io and a real person will answer.