1. Scope

The Policy covers the processing of personal data across the MaxVideoAI workspace, including account management, billing, analytics, content generation, and support interactions.

2. Categories of data we process

• Account & identity: name, email, password hash, country/region, language.
• Transactional: wallet operations, top-ups, receipts (amount, currency, tax, timestamps), job IDs.
• Payments: processed by Stripe; we store Stripe identifiers and minimal payment metadata, never full card numbers.
• Usage & telemetry: device information, IP, user-agent, approximate location, feature flags, error diagnostics, logs.
• Content: prompts, inputs, generated outputs, and file uploads needed to provide the Service.
• Consents & preferences: legal document versions accepted, cookie choices, marketing opt-in, preferred currency.

3. Purposes & legal bases (GDPR)

• Provide the Service: account management, wallet, video jobs, support — legal basis: contract.
• Payments & fraud prevention: processing payments, fraud monitoring — legal bases: contract, legitimate interests, legal obligation.
• Analytics & product improvement: measuring usage to improve features — legal bases: consent for non-essential cookies; otherwise legitimate interests with safeguards.
• Marketing emails: sending product updates when you opt in — legal basis: consent (revocable anytime).
• Legal compliance & security: record keeping, audit trails, incident response — legal bases: legal obligation and legitimate interests.

4. Retention

• Account data: kept for as long as you have an account, plus limited backup retention.
• Receipts & financial records: stored per statutory accounting periods.
• Logs & telemetry: retained for short rolling windows unless needed for security or abuse investigations.
• We anonymise or delete data when it is no longer required for the purposes above.

5. Sharing & sub-processors

We use trusted providers to operate the Service. Typical sub-processors include:

• Stripe (payments)
• Hosting/CDN (e.g., Vercel)
• Object storage (e.g., AWS S3)
• Database & auth (Neon, Supabase)
• AI inference providers (e.g., Fal.ai)
• Email & support tooling (transactional email, helpdesk)

We maintain data-processing agreements with each provider. A current list is available at /legal/subprocessors.

6. International transfers

When personal data leaves the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses and implement supplementary measures where required.

7. Security

We apply technical and organisational measures including encryption in transit, access controls, least-privilege principles, monitoring, and incident response processes. No method is entirely secure, so we encourage strong passwords and two-factor authentication when available.

8. Cookies & similar technologies

We use essential cookies to run the site and, with your consent, analytics or advertising cookies. Consent can be withdrawn at any time via the cookie banner or settings. See the Cookie Policy for details.

9. Your rights (EU/EEA/UK)

Subject to conditions and applicable law, you may request access, rectification, erasure, restriction, objection, and data portability. You may also withdraw consent at any time. To exercise rights, email privacy [at] maxvideoai.com. You can lodge a complaint with your local data protection authority; in France, contact the CNIL.

10. Children

The Service is not directed to children under 15/16. If you believe a child provided data without appropriate consent, contact us so we can delete the data.

11. Changes

We may update this Policy. Material changes will be announced in-app or by email and may require renewed consent. The version and effective date appear above.

12. Contact

Questions about privacy? privacy [at] maxvideoai.com.

Last updated: October 26, 2025