Legal

Privacy Policy

Last updated: January 14, 2025

At Vimu, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

We collect information that you provide directly to us, including:

Account information (name, email address, password)
Payment information (processed securely through Stripe)
Content you create or upload (video scripts, settings, generated videos)
Communication data (support inquiries, feedback)

Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

Usage data (features used, videos created, credits consumed, video types selected)
Device information (browser type, operating system, IP address, screen resolution)
Log data (access times, pages viewed, errors encountered, API calls)
Analytics data via PostHog and Google Analytics 4 (page views, clicks, user flows)
Session recordings in production (with sensitive data masked)
Cookies and similar tracking technologies (see Cookies section below)
Marketing attribution data (UTM parameters, referral sources)

Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for authentication and service functionality (JWT tokens)
Analytics Cookies: PostHog and Google Analytics for understanding usage patterns
Marketing Cookies: UTM tracking and campaign attribution (optional, Meta/TikTok pixels)

You can control cookies through your browser settings, but disabling essential cookies may limit service functionality.

2. How We Use Your Information

We use the collected information for the following purposes, based on legitimate business interests and your consent where required:

Providing, maintaining, and improving our Service
Processing your transactions and managing your credits
Generating videos based on your specifications using AI providers
Sending you transactional emails (video completion, failures, payment confirmations)
Responding to your comments and questions via support channels
Detecting, preventing, and addressing technical issues, fraud, or abuse
Analyzing usage patterns to improve user experience and platform features
Marketing attribution and campaign optimization (with hashed email addresses)
Enforcing our Terms of Service and content moderation policies

AI Training: We do NOT use your prompts, scripts, or generated videos to train our own AI models. However, our third-party providers (HeyGen, Google, OpenAI) may use your data according to their own policies. OpenAI and Google have committed to not using API customer data for model training.

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: We share information with third-party service providers who perform services on our behalf (payment processing, data storage, AI processing)
Legal Requirements: We may disclose information if required by law or in response to valid legal requests
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred
With Your Consent: We may share information for any other purpose with your consent

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information:

Encryption of data in transit and at rest
Secure storage on cloud infrastructure (MongoDB, AWS S3)
Regular security assessments and updates
Access controls and authentication mechanisms

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. We may also retain information to comply with legal obligations, resolve disputes, and enforce our agreements.

Generated videos are stored for the duration of your account unless you delete them. You can delete your videos at any time from your dashboard.

6. Your Rights and Choices (GDPR & CCPA)

Depending on your location, you have certain rights regarding your personal information under GDPR (European Union) and CCPA (California):

Right to Access: You can request a copy of your personal data we hold about you
Right to Rectification: You can update your account information through your profile settings or request corrections
Right to Erasure ("Right to be Forgotten"): You can request deletion of your account and associated data. Note: We may retain certain information for legal compliance.
Right to Data Portability: You can download your generated videos at any time in MP4 format
Right to Object: You can object to processing of your data for marketing purposes
Right to Restrict Processing: You can request restriction of data processing in certain circumstances
Right to Withdraw Consent: You can withdraw consent for data processing at any time (e.g., opt out of analytics or marketing)
Right to Opt-Out (California): California residents can opt out of the "sale" of personal information (we do not sell your data)

To exercise any of these rights, please contact us at our contact page. We will respond within 30 days as required by law.

7. Third-Party Services and Data Processors

Our Service integrates with third-party AI providers and services that act as data processors:

Stripe: Payment processing. Your payment information is processed directly by Stripe and never stored on our servers.
HeyGen: AI avatar video generation. Your scripts and avatar selections are sent to HeyGen for processing.
Google Veo 3: AI cinematic video generation. Your prompts are processed by Google's AI services.
OpenAI Sora 2: AI social media video generation. Your prompts are processed by OpenAI's services.
Amazon Web Services (AWS): Cloud infrastructure for storage (S3), queuing (SQS), and hosting (ECS).
MongoDB Atlas: Database hosting for user accounts and video job metadata.
PostHog: Product analytics and user behavior tracking. We use PostHog to understand how users interact with our platform.
Google Analytics 4: Website analytics for traffic analysis and marketing attribution.
Google OAuth: Optional authentication via Google account.

Important: We have Data Processing Agreements (DPAs) in place with these providers to ensure GDPR compliance. Your data is processed according to our instructions and is not used to train AI models by these providers without your explicit consent.

These third parties have their own privacy policies:

8. AI-Generated Content and Content Moderation

Our Service uses artificial intelligence to generate videos based on your inputs. Important information:

Content Moderation: All video generation requests are subject to automated content moderation by our AI providers to prevent creation of illegal, harmful, or infringing content.
Blocked Requests: Requests may be blocked if they violate content policies (e.g., copyrighted material, trademarked brands, real people without consent, inappropriate content).
Content Ownership: You retain ownership of your prompts and scripts. Generated videos are licensed to you for use according to our Terms of Service and the respective AI provider's terms.
No Training: We do not use your content to train our own AI models. Our service acts as an intermediary between you and AI providers.

9. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and European Union data centers. These countries may have data protection laws different from your jurisdiction.

We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy and applicable law, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all third-party processors
Encryption of data in transit and at rest
Regular security assessments and compliance audits

11. Analytics and Marketing

We use analytics services to understand how users interact with our platform:

PostHog: Product analytics including page views, feature usage, and conversion funnels. Session recordings are enabled in production with all sensitive inputs masked.
Google Analytics 4: Website traffic analysis and marketing campaign attribution.
Marketing Pixels: We may use Meta and TikTok conversion pixels for advertising optimization. Email addresses sent to these platforms are SHA-256 hashed for privacy.

You can opt out of analytics by using browser privacy extensions or enabling "Do Not Track" in your browser settings. Note that this may affect some functionality.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

Posting the new Privacy Policy on this page with an updated "Last updated" date
Sending an email notification for significant changes
Displaying a prominent notice on our website

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. You are advised to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us:

Support: Contact Form
Response Time: We aim to respond to all privacy requests within 30 days

For EU residents: If you are not satisfied with our response to your privacy request, you have the right to lodge a complaint with your local data protection authority.

← Back to home