Privacy Policy
Your privacy is fundamental to our mission. This policy explains how we handle your data.
Table of Contents
1. Information We Collect
We collect information in the following categories:
Account Information: When you create an account, we collect your email address and authentication credentials. We use Supabase for authentication and do not store passwords directly.
Video Content: When you record videos through the Service, we store the video files, associated metadata (duration, file size, recording date), and blockchain verification data.
Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, and device information (browser type, operating system).
Payment Information: Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other financial information on our servers. We retain only a Stripe customer identifier and subscription status.
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Process video recordings and generate blockchain verification reports
- Manage your account and subscription
- Send important service notifications (account security, billing, policy changes)
- Respond to your support requests and inquiries
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your video content for advertising, training AI models, or any purpose other than providing the Service to you.
3. Video Recordings & Storage
Video recordings are stored securely in Cloudflare R2 object storage with encryption at rest. Key details:
- Encryption: All video files are encrypted using 256-bit AES encryption at rest
- Access control: Videos are only accessible to you and anyone you explicitly share them with via unique share links
- Retention: Video retention depends on your subscription tier — Free (7 days), Pro (2 years), Pro+ (unlimited while subscribed)
- Deletion: When videos are deleted (manually or via retention policy), they are permanently removed from our storage infrastructure
We do not access, view, or analyze the content of your video recordings unless required by law or to investigate a reported violation of our Terms of Service.
4. Blockchain Verification Data
When you record a video, we generate cryptographic verification data that includes:
- SHA-256 hash: A unique digital fingerprint of your video file
- Bitcoin block reference: The current Bitcoin blockchain block hash at the time of recording, providing an independent timestamp proof
- Verification metadata: Recording timestamps, device information, and integrity status
This verification data is stored in our database alongside your video records. The Bitcoin block hash is publicly available information referenced for timestamp verification — we do not write data to the Bitcoin blockchain.
5. Cookies & Tracking Technologies
We use the following technologies:
- Essential cookies: Required for authentication, session management, and security. These cannot be disabled while using the Service.
- Preference cookies: Store your settings and display preferences (e.g., theme selection)
We do not use third-party advertising trackers, social media tracking pixels, or cross-site analytics that follow you across the web.
6. Third-Party Services
We use the following third-party services to operate the platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database | Email, account data, video metadata |
| Cloudflare R2 | Video file storage | Encrypted video files |
| Stripe | Payment processing | Payment details (handled by Stripe directly) |
| Vercel | Application hosting | Standard web request logs |
Each third-party service operates under its own privacy policy. We select partners that maintain strong data protection standards and comply with applicable regulations.
7. Data Sharing & Disclosure
We may disclose your information only in the following circumstances:
- With your consent: When you share a video via a share link, the recipient can view that recording and its verification data
- Service providers: To the third-party services listed above, solely to operate the platform
- Legal requirements: When required by law, subpoena, court order, or governmental regulation
- Safety and rights: To protect the rights, property, or safety of ProvVid, our users, or the public
- Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
We will never sell, rent, or trade your personal information or video content to third parties for marketing or advertising purposes.
8. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+
- Encryption at rest: Video files and database records are encrypted using 256-bit AES encryption
- Access controls: Row-level security policies ensure users can only access their own data
- Authentication security: Secure session management with cryptographic tokens
While we take all reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
9. Your Rights & Choices
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your account and associated data through your account settings
- Export: Export your data at any time through your account settings
- Objection: Object to processing of your personal data in certain circumstances
GDPR & CCPA: If you are located in the European Union or California, you have additional rights under GDPR or CCPA respectively, including the right to data portability and the right to know what data is collected about you. To exercise these rights, contact us at privacy@provvid.com.
10. International Data Transfers
ProvVid operates from the United States. If you access the Service from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate.
For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses approved by the European Commission as a legal mechanism for data transfers. We ensure that any international transfer of personal data is subject to appropriate safeguards.
11. Data Retention
We retain your data according to the following schedule:
- Account data: Retained while your account is active, plus 30 days after deletion to allow recovery
- Video recordings: Retained according to your subscription tier (7 days, 2 years, or unlimited)
- Verification data: Retained as long as the associated video exists
- Payment records: Retained for 7 years as required for tax and financial compliance
- Usage logs: Retained for 90 days for security and debugging purposes
After the retention period expires, data is permanently deleted from our systems and cannot be recovered.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this page
- We will notify registered users via email
- We will provide a summary of changes for transparency
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
By using ProvVid, you acknowledge that you have read and understood this Privacy Policy.