Privacy Policy

The data controller responsible for your personal data is Vidlogi, reachable at privacy@vidlogi.com. If you have questions about how your data is handled, contact us at this address.

Account data: Name, email address, profile image, hashed password (if using email login), OAuth provider ID (if using Google Sign-In), account creation date, and role.

Billing data: Plan, credit balance, transaction records, and payment provider references (e.g. Stripe customer ID). We do not store raw card numbers; payment processing is handled by our payment providers.

Generation data: Prompts, selected models, generation settings, output media URLs, media type, public/private status, and creation timestamps.

Usage data: Pages visited, features used, error logs, IP address, browser/device type, and referral source. This data is used for security, analytics, and service improvement.

Communications: Emails you send us, support requests, and opt-in email sequences.

If you are located in the European Economic Area (EEA) or the UK, we process your personal data on the following legal bases under Article 6 of the GDPR:

• Performance of a contract (Art. 6(1)(b)) — to create and manage your account, process payments, deliver AI-generated content, and provide customer support.
• Legitimate interests (Art. 6(1)(f)) — to prevent fraud and abuse, maintain platform security, send product-related updates to existing users, and improve our service through aggregate analytics. Our interests do not override your rights.
• Consent (Art. 6(1)(a)) — to load Google Tag Manager and any non-essential analytics or marketing tags configured through it, or where GTM is not enabled, to activate Google Firebase Analytics, Firebase Performance Monitoring, and Firebase Remote Config web experiments after consent, and to send marketing or promotional emails. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — to retain billing records for tax and audit purposes as required by applicable law.

• To provide, operate, and improve the Platform and its features
• To process payments and manage credit balances
• To send transactional emails (account creation, billing receipts, password reset)
• To send product updates and onboarding emails where you have not opted out
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations, enforce our Terms, and respond to lawful requests
• To display generations in community surfaces (Showcase) only after administrative approval for publication

We share data with third-party providers only to the extent necessary to deliver the service. These include:

• Hosting / Infrastructure: Vercel (deployment), Neon / Supabase / PostgreSQL (database)
• AI Generation: FAL AI and similar media processing providers that handle prompts and return generated media
• Authentication: NextAuth.js with Google OAuth (Google LLC)
• Payments: Stripe, Inc.
• Email delivery: Supabase Auth via custom SMTP
• Analytics / marketing measurement: Vercel Analytics (privacy-first, no cookies), Google Tag Manager, Google Firebase Analytics, Firebase Performance Monitoring, Firebase Remote Config web experiments, and Meta Conversions API (the latter services require your consent where applicable — see Section 7)

Each provider is subject to its own privacy policy and data processing terms. We do not sell your personal data to third parties.

Vidlogi uses service providers based in the United States and other countries outside the EEA. When we transfer personal data outside the EEA or the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on adequacy decisions where applicable.

Stripe, Google, and Vercel participate in recognised data protection frameworks and operate under SCCs for EU-US transfers. You can request details of the specific safeguards in place by contacting us at privacy@vidlogi.com.

We use the following categories of cookies:

• Essential cookies — required for the Platform to function. These include your session token (authentication) and a CSRF token (security). No consent is required; these cannot be disabled without breaking login.
• Analytics and product experimentation technologies — may be set through Google Tag Manager by the analytics and marketing tags you configure there, such as Google Analytics 4 and other advertising or attribution tags, or through our direct Firebase browser instrumentation fallback if GTM is not enabled, including Firebase Analytics, Firebase Performance Monitoring, and Firebase Remote Config web experiments. These are only activated after you click Accept all in the cookie banner. You may withdraw consent at any time by clearing your browser's local storage or by clicking “Essential only” on any future visit.

Vercel Analytics also collects aggregate, cookie-free usage metrics (no personal identifiers). It is active by default as it processes only anonymised, aggregated data. Google Tag Manager is loaded only after consent for browser-side measurement, and if GTM is not configured, browser-side analytics and experimentation fall back to Firebase Analytics, Firebase Performance Monitoring, and Firebase Remote Config after consent. Completed paid checkouts may also send server-side conversion events to Meta Conversions API using order details and limited account identifiers.

You can manage or delete cookies at any time through your browser settings. Disabling essential cookies may prevent you from logging in.

We retain your account and generation data for as long as your account is active or as needed to provide the service. Billing records and transaction logs may be retained longer for legal, tax, and audit compliance purposes.

If you delete your account, we will remove your personal data from active systems within a reasonable period, subject to retention obligations under applicable law.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your account and associated personal data
• Restrict or object to certain types of processing
• Data portability — receive a copy of your data in a machine-readable format
• Withdraw consent at any time for consent-based processing (analytics cookies, marketing emails) without affecting the lawfulness of prior processing
• Opt out of marketing emails via the unsubscribe link in every email

To exercise any of these rights, contact us at privacy@vidlogi.com. We will respond within 30 days.

EEA / UK residents: If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. In the EU, you can find your national authority at edpb.europa.eu.

If you are a California resident, you have the right to know what personal information we collect, to request deletion of your information, and to opt out of the sale of your personal information.

We do not sell your personal information to third parties. We do not share personal information for cross-context behavioural advertising.

To exercise your California privacy rights, contact us at privacy@vidlogi.com. We will not discriminate against you for exercising these rights.

We implement industry-standard technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords (bcrypt), and access controls. No system is completely secure; we cannot guarantee absolute security of transmitted data.

The Platform is not intended for users under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us and we will remove it promptly.

We may update this Privacy Policy at any time. The updated date at the top of this page reflects the most recent revision. Continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

For privacy-related questions or data requests, contact us at privacy@vidlogi.com.