Privacy Policy

1. Introduction

VidGen AI (“VidGen AI”, “we”, “our”, “us”) operates the vidgen-ai.com platform and related services (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect the following categories of personal information:

Account Data: When you register, we collect your email address, display name, and a securely hashed password. We do not store plaintext passwords.

Payment Data: Payment processing is handled entirely by Stripe. We do not store your credit card numbers, CVV codes, or full payment card details on our servers. We receive and store a Stripe customer ID and limited transaction metadata (amount, date, plan) to manage your subscription.

Usage Data: We collect information about how you use the Service, including videos generated, credits consumed, feature usage, and timestamps of activity.

Technical Data: We automatically collect certain technical information when you access the Service, including your IP address, browser type and version, device type, operating system, referring URL, and session identifiers.

AI Input Data: We process the text prompts, scripts, assets, and other inputs you provide for video generation. These inputs are transmitted to our AI processing pipeline to generate your requested content.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Processing video generation requests, managing your account, and providing subscription features.
• Billing: Processing payments, managing subscriptions, and sending transaction receipts.
• Support: Responding to your inquiries, resolving disputes, and providing customer assistance.
• Fraud Prevention: Detecting and preventing fraudulent activity, policy violations, and account abuse.
• Analytics: Understanding usage patterns to improve the Service, optimize performance, and develop new features.
• Legal Compliance: Fulfilling our legal obligations and enforcing our Terms of Service.

4. Stripe Payment Processing

We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection and prevention, authentication, analytics related to the performance of its services, and to enhance and customize the user experience. You can learn more about Stripe and read its privacy policy at stripe.com/privacy.

5. Third-Party Service Providers

We share your information with trusted third-party service providers that help us operate the Service. These providers process data on our behalf and are contractually obligated to protect your information:

• Stripe — Payment processing and subscription management. stripe.com/privacy
• Supabase — Database hosting and authentication infrastructure. supabase.com/privacy
• OpenAI — AI text and content generation (your prompts are transmitted to OpenAI for processing). openai.com/policies/privacy-policy
• Railway — Application infrastructure and hosting. railway.com/legal/privacy
• Google Analytics — If you have cookies enabled, we may use Google Analytics to understand aggregate usage patterns. You can opt out via your browser settings or the Google Analytics opt-out browser add-on.

We do not sell your personal information to third parties.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how the Service is used. We use:

• Functional Cookies: Required for authentication and maintaining your logged-in session.
• Analytics Cookies: Used to understand aggregate usage patterns and improve the Service.

You can control cookies through your browser settings. Disabling functional cookies may prevent you from logging into the Service. Most browsers allow you to refuse cookies, delete existing cookies, and set preferences for specific websites.

7. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion, we retain your data for up to 90 days in backup systems to allow for recovery in the event of accidental deletion, after which it is permanently purged. Certain records may be retained longer where required by law (e.g., financial transaction records).

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

GDPR Rights (EEA/UK residents):

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data (“right to be forgotten”).
• Portability: Receive your data in a structured, machine-readable format.
• Restriction: Request restriction of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.

CCPA Rights (California residents):

• The right to know what personal information we collect and how it is used.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information. We do not sell your personal data.

To exercise any of these rights, contact us at [email protected] with the subject line “Privacy Request”.

9. Data Security

We implement industry-standard security measures to protect your personal data, including:

• TLS 1.3 encryption for all data transmitted between your browser and our servers.
• Encryption at rest for data stored in our database infrastructure.
• Strict access controls limiting personnel access to personal data on a need-to-know basis.
• Regular security reviews of our infrastructure and third-party integrations.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach as required by applicable law.

10. International Data Transfers

VidGen AI operates primarily in the United States. Your personal data may be processed and stored on servers located in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

Where required by law, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses approved by the European Commission for transfers from the EEA to third countries. We monitor developments in the EU-US Data Privacy Framework and seek to maintain compliance with applicable international transfer mechanisms.

11. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a person under 18 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a minor, please contact us at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and, where appropriate, by sending an email notification to your registered address. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

For privacy-related questions, to exercise your rights, or to make a privacy complaint, please contact us at:

[email protected]

Subject: “Privacy Request”

VidGen AI — vidgen-ai.com