Privacy Policy — Envizion AI

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, and password when you create an account. If you sign in via a third-party provider (Google, Discord, TikTok, X), we receive your public profile information from that provider.
Payment Information: Billing address and payment method details. Payment processing is handled by Stripe, and we do not store your full credit card number on our servers.
User Content: Videos, images, audio files, text, and other media you upload or create using the Service.
Communications: Messages you send to us through support channels, feedback forms, or email.

1.2 Information Collected Automatically

Usage Data: Pages visited, features used, actions taken, timestamps, session duration, and interaction patterns within the Service.
Device Information: Browser type and version, operating system, device type, screen resolution, and unique device identifiers.
Network Information: IP address, internet service provider, and approximate geographic location derived from your IP address.
Log Data: Server logs that record requests made to our Service, including request URLs, response codes, and referring URLs.

1.3 Information from Third Parties

OAuth Providers: When you authenticate via Google, Discord, TikTok, or X, we receive profile data (name, email, avatar, user ID) as authorized by you.
Analytics Partners: We may receive aggregated or de-identified data from analytics services to understand usage trends.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: To operate, maintain, and deliver the features and functionality of the platform, including AI-powered video generation, editing, and rendering.
Account Management: To create and manage your account, authenticate your identity, and process transactions.
Improvement & Development: To analyze usage patterns, diagnose technical issues, and improve the performance, reliability, and features of the Service.
AI Model Training: We may use de-identified, aggregated usage data to improve our AI models and algorithms. We will not use your identifiable User Content to train AI models without your explicit consent.
Communications: To send you service-related notices, updates, security alerts, and support messages. With your consent, we may send promotional communications, which you can opt out of at any time.
Security & Fraud Prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including cloud hosting, payment processing (Stripe), analytics (Mixpanel), email delivery, and content delivery networks. These providers are contractually obligated to use your information only for the services they provide to us.

3.2 Legal Obligations

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to: (a) comply with a legal obligation or valid legal process; (b) protect and defend our rights or property; (c) prevent fraud or address security issues; or (d) protect the safety of our users or the public.

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.4 With Your Consent

We may share your information for other purposes with your explicit consent, such as when you choose to publish or share content publicly through the Service.

4. Cookies & Tracking Technologies

We use cookies and similar technologies to:

Essential Cookies: Maintain your session, authenticate your identity, and remember your preferences. These are necessary for the Service to function.
Analytics Cookies: Understand how users interact with the Service, identify trends, and measure the effectiveness of features. We use Mixpanel for product analytics.
Performance Cookies: Monitor Service performance and optimize loading times and reliability.

You can control cookies through your browser settings. Disabling essential cookies may impair the functionality of the Service. We do not use advertising or third-party tracking cookies.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. We also retain information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

Data Type	Retention Period
Account information	Duration of account + 30 days
User Content	Duration of account + 30 days
Usage & analytics data	24 months from collection
Server logs	90 days
Payment records	As required by tax law (typically 7 years)

When data is no longer required, we securely delete or anonymize it in accordance with our data management policies.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

Encryption of data in transit (TLS 1.2+) and at rest
Secure, managed database infrastructure with automated backups
Role-based access controls and principle of least privilege
Regular security assessments and monitoring
Secure API authentication using scoped API keys and JWT tokens
HMAC-SHA256 signed webhook deliveries

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.
Correction: Request that we correct inaccurate or incomplete information.
Deletion: Request that we delete your personal information, subject to certain exceptions (e.g., legal retention requirements).
Data Portability: Request a copy of your data in a structured, machine-readable format.
Objection: Object to the processing of your personal information for certain purposes, including direct marketing.
Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days, or as required by applicable law.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from your jurisdiction.

When we transfer personal data internationally, we implement appropriate safeguards, including standard contractual clauses approved by relevant authorities, to ensure your data is protected in accordance with this Privacy Policy.

9. European Economic Area (EEA) Residents

If you are located in the EEA, United Kingdom, or Switzerland, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

Contract Performance: Processing necessary to provide the Service as agreed in our Terms of Service.
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where such interests are not overridden by your rights.
Consent: Processing based on your freely given, specific, and informed consent, such as for marketing communications.
Legal Obligation: Processing necessary to comply with applicable laws and regulations.

You have the right to lodge a complaint with your local data protection authority if you believe your rights under the GDPR have been violated.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
No Sale of Data: We do not sell personal information as defined by the CCPA.

To submit a CCPA request, contact us using the information below. We will verify your identity before processing your request.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we will provide additional notice via email or an in-app notification.

Your continued use of the Service after any changes to this Privacy Policy constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Envizion AI — Data Protection

Email: [email protected]

Website: https://envizion.ai

For EEA residents, you may also contact your local supervisory authority if you have concerns about how we process your personal data.