Privacy Policy for Vidancy

For the purposes of applicable data protection law, including the GDPR where applicable, the data controller is Aivaro Technologies Ltd., a company incorporated in Cyprus with company number HE 482774 and registered office at Panteli Katelari 11, House 4, 7040 Oroklini, Cyprus.

For privacy-related questions or to exercise your rights, please contact us at [email protected].

Depending on how you use the service, we may collect the following categories of personal data:

• Account and identity data, such as name, email address, username, password hash, company name, billing profile data, and account preferences.
• Content and input data, such as prompts, scripts, uploaded documents, images, audio, video files, branding assets, metadata, and generated outputs stored in your account.
• Transaction and billing data, such as subscription plan, invoices, payment status, credits, and limited payment-related information provided by our payment processors.
• Technical and usage data, such as IP address, browser type, device information, log files, timestamps, diagnostics, and interaction data relating to how the service is used.
• Communication data, such as support requests, email correspondence, feedback, and survey responses.
• Marketing and preference data, such as newsletter preferences, consent records, and engagement with our communications.

We collect personal data directly from you, automatically when you use the service, and from third parties where necessary.

• Directly from you when you create an account, use the service, upload content, request support, subscribe, or communicate with us.
• Automatically through logs, cookies, analytics, device data, and service telemetry.
• From third parties such as payment processors, authentication providers, hosting providers, analytics providers, business partners, or publicly available sources where relevant.

We process personal data only where we have a lawful basis to do so, including:

• Performance of a contract — to create and manage accounts, provide the service, process subscriptions, deliver support, and enforce our terms.
• Legitimate interests — to secure, monitor, improve, and develop the service, prevent abuse or fraud, administer the business, and communicate with customers in a proportionate way.
• Legal obligations — to comply with tax, accounting, fraud prevention, sanctions, consumer protection, and other legal requirements.
• Consent — where required, for example for certain marketing communications or optional cookies. You can withdraw consent at any time for future processing.

We may use personal data to:

• provide, operate, maintain, and improve the service;
• process uploads, prompts, automations, render jobs, exports, and generated outputs;
• authenticate users and protect account security;
• process subscriptions, billing, invoices, and payment-related administration;
• respond to support requests and communicate with you;
• monitor usage, debug errors, detect misuse, and prevent fraud or security incidents;
• send service-related notices, transactional messages, and, where permitted, marketing communications;
• comply with legal obligations and protect our legal rights.

We do not sell your personal data. We may share personal data with the following categories of recipients where necessary:

• payment service providers, billing tools, and accounting providers;
• cloud hosting, storage, infrastructure, monitoring, and security providers;
• AI, media generation, transcription, voice, or automation service providers used to deliver the service;
• analytics, communication, authentication, and customer support providers;
• professional advisers such as lawyers, auditors, and insurers;
• competent authorities, regulators, courts, or law enforcement where required by law or necessary to protect rights, safety, or legal claims;
• successors, investors, or transaction counterparties in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

An up-to-date list of the main service providers we rely on to operate the service is available on request at [email protected].

Some of our service providers, including those listed above, are based outside the European Economic Area, in particular in the United States. Where personal data is transferred outside the EEA, we rely on lawful transfer mechanisms such as European Commission adequacy decisions (including the EU–US Data Privacy Framework where applicable), Standard Contractual Clauses, or equivalent safeguards to ensure that personal data remains protected in accordance with applicable law.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide the service, comply with legal obligations, resolve disputes, maintain security, and enforce agreements.

Retention periods may vary depending on the type of data. For example, account data may be retained while your account is active, billing and tax records may be retained longer where legally required, and technical logs may be retained for shorter operational and security periods.

We use appropriate technical and organizational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include access controls, encryption in transit, logging, segmentation, backups, and role-based restrictions.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Subject to applicable law, you may have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete data;
• request deletion of personal data in certain circumstances;
• request restriction of processing;
• object to certain processing, including processing based on legitimate interests or direct marketing;
• request portability of data you provided to us where applicable;
• withdraw consent where processing is based on consent;
• lodge a complaint with a supervisory authority, including Office of the Commissioner for Personal Data Protection (Cyprus).

We use only strictly necessary cookies and local browser storage. These are required to keep you signed in, remember basic preferences such as language and display settings, and protect the service against abuse. Because they are essential for the service to function, no consent banner is shown.

We do not use third-party analytics, advertising, marketing, or cross-site tracking technologies, and we do not build advertising or behavioural profiles. If we introduce any non-essential cookies or similar technologies in the future, we will request your consent first where required by law.

The service is not directed to children, and we do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, please contact us so that we can take appropriate steps.

Our website or service may contain links to third-party websites or rely on third-party tools and integrations. We are not responsible for the privacy practices of those third parties, and we encourage you to review their policies separately.

We may update this Privacy Policy from time to time. If we make material changes, we will publish the updated version on the website or through the service and update the effective date above.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact [email protected].