1. Information We Collect
Personal Information
- Account information: Email address, display name
- Payment information: Processed securely by Paddle (we never see card details)
- Authentication data: Handled by Firebase (Google LLC)
Content You Upload
- Video files you upload for processing
- Prompts and preferences you provide
- Generated video variations
Analytics & Cookies
- Anonymous usage data: Page views, session duration, button clicks (NO personal information)
- Performance metrics: Page load times, Web Vitals scores
- Error logs: Technical errors for debugging (via Sentry)
- Processing metrics: Job completion times, success rates (for system optimization ONLY)
Important: We collect ZERO personal information in our analytics. All tracking is anonymous and used only to improve site performance and user experience. We DO NOT track, store, or analyze your video content or prompts for marketing purposes.
2. How We Use Your Data
Your data is used to:
- Provide and improve the Service
- Process your video generation requests
- Train and improve our AI models (anonymized)
- Send service-related communications
2.5. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):
Contract Performance (Article 6(1)(b))
Processing necessary to provide the Service you requested:
- User authentication and account management
- Video processing and generation
- Subscription management and payment processing
- Customer support and service communications
This includes: email address, display name, payment information, uploaded content, and generated videos.
Legitimate Interest (Article 6(1)(f))
Processing necessary for our legitimate business interests:
- Improving our Service through anonymous analytics and performance monitoring
- Security and fraud prevention
- System optimization and error tracking
- Business operations and service development
We balance our interests against your privacy rights. You can object to processing based on legitimate interest.
Consent (Article 6(1)(a))
Processing based on your explicit consent:
- Analytics cookies (you can opt-out via cookie banner)
- Marketing communications (if you opt-in)
You can withdraw consent at any time via cookie preferences or by contacting us.
Legal Obligation (Article 6(1)(c))
Processing required by law:
- Retaining payment records for 7 years (tax and accounting requirements)
- Responding to legal requests and court orders
- Compliance with applicable laws and regulations
Your Rights: You have the right to object to processing based on legitimate interest. You can also request information about the legal basis for specific processing activities. Contact us at support@variateq.ai to exercise these rights.
3. Data Storage
Your content is stored securely on AWS S3. Generated videos are retained for 90 days unless deleted earlier by you.
4. Data Sharing
We do not sell your data. We share data only with:
- Service providers (Vercel, Paddle, Firebase, Supabase, AWS, Sentry) as necessary to operate the Service
- When required by law or legal process
4.5. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers operate.
Service Provider Locations
Our service providers operate in the following locations:
- Vercel: United States (hosting and analytics)
- Paddle: United States (payment processing, PCI compliant)
- Firebase (Google): United States (authentication, Google data centers)
- Supabase: United States (database storage, AWS data centers)
- AWS S3: Australia (ap-southeast-2 region) and United States (file storage)
- Sentry: United States (error tracking)
Safeguards
We ensure adequate protection of your data through:
- Standard Contractual Clauses (SCCs): All transfers to US service providers are covered by EU-approved Standard Contractual Clauses or equivalent safeguards
- Data Processing Agreements: All service providers are bound by strict data processing agreements that require them to protect your data
- Privacy Shield Equivalents: Service providers maintain equivalent data protection standards
- Encryption: All data is encrypted in transit (HTTPS) and at rest (AES-256)
Your Rights
You have the right to:
- Request information about specific data transfers
- Object to transfers if you believe your rights are at risk
- Request details about the safeguards in place for your data
For questions about international data transfers or to exercise your rights, contact us at support@variateq.ai.
5. Your Rights
You have the right to:
- Access your data
- Request data deletion
- Export your data
- Opt out of analytics
6. Cookies & Tracking Technologies
What Cookies We Use
Necessary Cookies (Always Active)
- Authentication: Firebase session tokens to keep you logged in
- Security: CSRF protection tokens
- Preferences: Cookie consent choices
These cannot be disabled as they're essential for the site to function.
Analytics Cookies (Optional)
- Vercel Analytics: Anonymous page views, session duration
- Performance Monitoring: Page load times, Web Vitals (FCP, LCP, CLS)
Important: These cookies collect ONLY anonymous, aggregated data. No personal information is tracked. You can disable these in our cookie banner.
What We DON'T Track
- ❌ Your video content or uploaded files
- ❌ Your prompts or creative inputs (except for processing)
- ❌ Personal information beyond email/name
- ❌ Cross-site tracking or behavioral profiling
- ❌ Third-party advertising cookies
Third-Party Services
We use these trusted third-party services to operate the Service:
- Vercel (Hosting & Analytics): Website hosting and anonymous usage analytics -Privacy Policy
- Paddle (Payments): Payment processing and subscription management -Privacy Policy
- Firebase (Authentication): User authentication and account management -Privacy Policy
- Supabase (Database): User data, job history, and account information storage -Privacy Policy
- AWS S3 (Storage): Video file and content storage -Privacy Policy
- Sentry (Error Tracking): Anonymous error logs and debugging (if enabled) -Privacy Policy
Managing Cookies
You can manage your cookie preferences at any time using our cookie banner (bottom of page) or through your browser settings. Disabling necessary cookies may prevent some features from working.
7. AI Training & Content Usage
We use anonymized, aggregated data from video processing to train and improve our AI models. By using our Service, you grant us permission to use this data for AI training purposes. This includes:
- Template structures: Cutting patterns, timing data, beat sync information (how videos are edited, not the actual video content)
- Music transition data: Timestamps, confidence scores, BPM calculations (AI predictions, not actual audio files)
- Motion detection data: Camera movement classifications (orbit, crane, etc.) and confidence scores (predictions, not actual video frames)
- Vibe profiles: Genre preferences, energy levels, editing style choices (anonymized preferences)
- Processing metadata: File sizes, durations, processing times, success rates (performance data only)
Your Privacy Is Protected: We NEVER use your actual video files, audio files, or any identifiable content for AI training. We only use anonymized metadata, patterns, and AI predictions derived from your usage. Your actual video and audio content is private and used only for your requested processing.
All training data is anonymized (user IDs and account IDs are removed or hashed) before being used for model training. This helps us improve the Service for all users while protecting your privacy.
8. Security
We use industry-standard encryption and security practices:
- HTTPS encryption for all data in transit
- AES-256 encryption for data at rest (AWS S3)
- Secure authentication via Firebase
- Regular security audits
- Automated vulnerability scanning
However, no system is 100% secure. We cannot guarantee absolute security but take all reasonable precautions.
8.5. Data Breach Notification
In the event of a data breach that may affect your personal information, we are committed to transparency and prompt action.
Our Obligations
If a data breach occurs:
- Supervisory Authority Notification: We will notify relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR (Article 33)
- User Notification: We will notify affected users without undue delay if the breach poses a high risk to their rights and freedoms
- Notification Content: Notifications will include:
- Nature of the breach (what happened)
- Data affected (what information was compromised)
- Potential consequences (risks to you)
- Mitigation steps (what we're doing to fix it)
- Recommended actions (what you should do)
How We Protect You
We implement multiple layers of security to prevent breaches:
- All data is encrypted in transit (HTTPS) and at rest (AES-256)
- Access controls and authentication required for all data access
- Regular security audits and vulnerability scanning
- Monitoring and intrusion detection systems
- Secure coding practices and regular updates
If You Suspect a Breach
If you believe your account or data may have been compromised:
- Contact us immediately at support@variateq.ai
- Include "Security Concern" or "Data Breach" in the subject line
- Provide: your account email, description of concern, any evidence (suspicious activity, etc.)
- Change your password immediately if you suspect unauthorized access
Our Commitment: We take data security seriously and will act quickly to investigate, contain, and remediate any security incidents. Your privacy and security are our top priorities.
9. Data Retention
- Account data: Retained while your account is active
- Video content: Automatically deleted after 90 days
- Generated videos: Automatically deleted after 90 days
- Anonymous analytics: Retained for 90 days
- Payment records: Retained for 7 years (legal requirement)
You can request immediate deletion of your data at any time via your account settings.
10. Contact
For privacy concerns, data requests, or questions, contact us at:
Email: support@variateq.ai
Last updated: 12/12/2025