Privacy Policy

1. Introduction

VidPlan ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our service at vidplan.io (the "Service").

This policy applies to all users worldwide and includes specific provisions for users in the European Economic Area (EEA), United Kingdom, and California.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you create an account, we collect your name and email address. If you sign up via Google OAuth, we receive your basic profile information from Google.
• Payment Information: When you subscribe to our Pro plan, payment details are collected and processed securely by Stripe. We never store your full credit card number on our servers.
• YouTube URLs: The video links you submit for processing.
• Support Communications: When you contact us, we collect the information you provide in your message.

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with our Service, including features used and actions taken.
• Device Information: Browser type, operating system, and device type.
• Log Data: IP address, access times, and pages viewed.

2.3 Information We Do NOT Collect

• We do not use tracking cookies or pixel trackers
• We do not build advertising profiles
• We do not sell your data to third parties
• We do not share your data with social media platforms

3. Legal Basis for Processing (GDPR)

If you are in the EEA or UK, we process your personal data based on the following legal grounds:

• Contract Performance: To provide you with our Service, process your subscription, and manage your account.
• Legitimate Interests: To improve our Service, ensure security, and communicate with you about service-related matters.
• Consent: Where you have given us specific consent to process your data for a particular purpose.
• Legal Obligations: To comply with applicable laws and regulations.

4. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our Service
• Process your video analysis requests and generate plans
• Handle payments and manage your subscription
• Send transactional emails (account verification, password resets, plan completion notifications)
• Respond to your support inquiries
• Detect, prevent, and address technical issues and security threats
• Analyze usage patterns to improve user experience (using aggregated, anonymized data)

5. Data Storage and Security

Your data is stored on secure servers. We implement industry-standard security measures including:

• Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
• Encryption at Rest: Sensitive data is encrypted in our database
• Access Controls: Strict access controls and authentication for our systems
• Regular Backups: Automated encrypted backups to prevent data loss
• Security Monitoring: Real-time monitoring for suspicious activity

6. Third-Party Services

We use the following carefully selected third-party services:

All third-party services are vetted for their privacy practices and GDPR compliance.

7. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion request
• Generated Plans: Stored until you delete them or close your account
• Payment Records: Retained for 7 years as required by tax law
• Support Communications: Retained for 2 years
• Analytics Data: Aggregated, anonymized data may be retained indefinitely

8. Your Rights

You have the following rights regarding your personal data:

8.1 For All Users

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Export: Download your plans in multiple formats

8.2 Additional Rights for EEA/UK Users (GDPR)

• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request restriction of processing
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Lodge Complaint: File a complaint with your local data protection authority

8.3 Additional Rights for California Users (CCPA)

• Know: Know what personal information is collected and how it's used
• Delete: Request deletion of personal information
• Non-Discrimination: Not receive discriminatory treatment for exercising your rights

Note: We do not sell personal information to third parties.

9. Cookies

We use only essential cookies required for the Service to function. We do not use tracking or advertising cookies. For detailed information, see our Cookie Policy.

10. International Data Transfers

Our servers are located in the United States. If you are accessing our Service from outside the US, please be aware that your data may be transferred to, stored, and processed in the US.

For EEA/UK users, we ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy, want to exercise your rights, or have concerns about our data practices, please contact us:

• Email: privacy@vidplan.io
• Contact Form: vidplan.io/contact

We aim to respond to all privacy-related inquiries within 30 days.