Privacy Policy
Last updated: February 3, 2026
Video Effect Vibe ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered motion graphics service (the "Service").
We operate in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. Please read this policy carefully to understand our practices regarding your personal data.
1. Data Controller
Video Effect Vibe is the data controller responsible for your personal data. Our contact details are:
- Company: Video Effect Vibe
- Email: [email protected]
- Discord: discord.gg/PjfWRtnfyH
If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with applicable data protection laws.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Email address, password (hashed), display name
- Profile Information: Username, avatar, preferences, saved styles
- Payment Information: Billing details processed securely by Polar.sh (we do not store full payment card numbers)
- User Content: Text prompts, configuration settings, and parameters you submit for video generation
- Communications: Messages sent to our support team, feedback, and bug reports
2.2 Information Collected Automatically
- Device Information: Browser type and version, operating system, device type
- Usage Data: Features used, generation history, render queue activity, session duration
- Log Data: IP address, access timestamps, pages viewed, referrer URLs
- Technical Data: Error logs, performance metrics, WebSocket connection status
2.3 Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contract Performance: To provide the Service you have requested (Art. 6(1)(b) GDPR)
- Legitimate Interests: To improve our Service, prevent fraud, and ensure security (Art. 6(1)(f) GDPR)
- Consent: For analytics cookies and marketing communications where required (Art. 6(1)(a) GDPR)
- Legal Obligation: To comply with tax, accounting, and legal requirements (Art. 6(1)(c) GDPR)
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 Service Delivery
- Process your video generation requests through our AI system
- Manage your account, subscriptions, and token balance
- Store and deliver your generated video assets
- Provide real-time progress updates via WebSocket connections
3.2 Communications
- Send transactional emails (account verification, password reset, subscription confirmations)
- Respond to your support inquiries and feedback
- Notify you of material changes to our Service or policies
3.3 Service Improvement
- Analyze usage patterns to improve user experience
- Debug issues and optimize performance
- Develop new features based on user behavior
3.4 Security and Compliance
- Detect and prevent fraud, abuse, and policy violations
- Enforce our Terms of Service and Acceptable Use Policy
- Comply with legal obligations and respond to lawful requests
4. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience. You can manage your cookie preferences through our cookie consent banner displayed on your first visit.
4.1 Essential Cookies (Required)
These cookies are necessary for the Service to function and cannot be disabled:
| Cookie Name | Purpose | Duration |
|---|---|---|
| sb-access-token | Authentication session token (Supabase) | 1 hour |
| sb-refresh-token | Authentication refresh token (Supabase) | 7 days |
| cookie-consent | Stores your cookie preferences | 1 year |
4.2 Functional Cookies (Optional)
These cookies remember your preferences:
| Cookie Name | Purpose | Duration |
|---|---|---|
| user-preferences | Theme, UI settings, default configurations | 1 year |
| recent-assets | Recently viewed assets for quick access | 30 days |
4.3 Analytics Cookies (Optional)
These cookies help us understand how users interact with our Service:
| Cookie Name | Purpose | Duration |
|---|---|---|
| _ga | Google Analytics - distinguishes users | 2 years |
| _gid | Google Analytics - distinguishes users | 24 hours |
4.4 Managing Cookies
You can manage your cookie preferences at any time by adjusting your browser settings. Note that disabling essential cookies may affect Service functionality, including the ability to log in.
5. Third-Party Services and Data Sharing
We share your information only as necessary to provide the Service and as described below. We do not sell your personal information to third parties.
5.1 Service Providers
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database, authentication, file storage | Account data, generated videos, usage data | EU (Frankfurt) |
| Google (Gemini AI) | AI-powered video component generation | Text prompts, configuration parameters | USA (with SCCs) |
| Polar.sh | Payment processing, subscription management | Billing information, subscription status | EU |
| Vercel | Frontend hosting and CDN | IP addresses, request logs | Global (with SCCs) |
5.2 Legal Disclosures
We may disclose your information when required by law, including:
- In response to valid legal process (court orders, subpoenas)
- To protect our rights, property, or safety, or that of our users
- To investigate potential violations of our Terms of Service
- In connection with a merger, acquisition, or sale of assets (with notice to affected users)
5.3 Business Transfers
If Video Effect Vibe is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
6. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers:
- EU Adequacy Decisions: Where available, we transfer data to countries with an EU adequacy decision
- Standard Contractual Clauses (SCCs): For transfers to the USA and other countries without adequacy decisions, we use EU-approved SCCs
- Supplementary Measures: We implement additional technical and organizational measures as needed
For transfers to Google (Gemini AI) in the USA, we rely on Standard Contractual Clauses and the additional safeguards provided under Google's data processing agreements. You may request a copy of the applicable transfer mechanisms by contacting us.
7. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specific retention periods are:
| Data Type | Retention Period | Basis |
|---|---|---|
| Account data | Duration of account + 30 days after deletion | Contract, legitimate interest |
| Generated videos (Free tier) | 24 hours | Contract |
| Generated videos (Pro/Max tier) | 7 days | Contract |
| User prompts and configurations | Duration of account + 30 days | Contract, service improvement |
| Usage logs and analytics | 90 days | Legitimate interest |
| Payment records | 7 years after transaction | Legal obligation (tax/accounting) |
| Support communications | 3 years | Legitimate interest |
| Security logs | 1 year | Legitimate interest, legal obligation |
After the retention period expires, data is securely deleted or anonymized. Upon account deletion request, we delete your personal data within 30 days, except where retention is required by law.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption in Transit: All data transmitted via TLS 1.3 (HTTPS)
- Encryption at Rest: Database and storage encryption using AES-256
- Access Controls: Role-based access, principle of least privilege
- Authentication Security: Passwords hashed with bcrypt, secure session management
- Infrastructure Security: Firewall protection, regular security updates
- Monitoring: Automated security monitoring and alerting
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours as required by GDPR.
9. Your Rights Under GDPR (EEA Residents)
If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:
- Right of Access (Art. 15): Request a copy of your personal data and information about how it is processed
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten") where there is no compelling reason for continued processing
- Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format (JSON) and transmit it to another controller
- Right to Restriction (Art. 18): Request limitation of processing in certain circumstances
- Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
- Right to Withdraw Consent (Art. 7): Withdraw consent for processing that is based on consent, without affecting the lawfulness of prior processing
- Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, with notice to you.
We may request verification of your identity before processing your request. There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests.
10. Your Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties with whom we share it
- Right to Delete: Request deletion of your personal information, subject to certain exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale: We do not sell your personal information. If this changes, you will have the right to opt out
- Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information to what is necessary for the Service
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information:
- Identifiers (email address, IP address, account ID)
- Internet or network activity (browsing history, interactions with Service)
- Geolocation data (derived from IP address)
- Professional or employment-related information (if provided)
- Inferences drawn from the above categories
How to Exercise Your Rights
To submit a verifiable consumer request, email us at [email protected] or use the "Do Not Sell My Personal Information" link (if applicable). You may designate an authorized agent to make requests on your behalf.
11. Children's Privacy
Our Service is not directed to children under the age of 16 (or 13 in jurisdictions where permitted). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will promptly delete such information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:
- We will update the "Last updated" date at the top of this page
- For material changes, we will notify you via email or a prominent notice in the Service
- We will obtain your consent where required by law
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us:
- Email: [email protected]
- Discord: discord.gg/PjfWRtnfyH
We aim to respond to all inquiries within 30 days. For GDPR-related requests, we will respond within the timeframes required by law.