Vidrater — Privacy Policy

Last updated: September 3, 2025

Plain‑English summary: This policy explains what data we collect, why we collect it, how long we keep it, who we share it with (like our payment processor and cloud host), how you can control it, and your privacy rights (GDPR/CPRA).

1) Who controls your data

Controller: Vidrater (sole proprietorship of Luke Millam). Vidrater (sole proprietorship of Luke Millam) is the data controller for the Service. Contact: luke.millam@gmail.com. EU/UK users may contact our representative/DPO at [DPO contact].

2) What we collect

Account & billing: name, email, password hash, country, plan, invoices; limited payment details via our processor (we don’t store full card numbers).

Content: videos, images, text captions, thumbnails, scores, feedback, and settings you choose (e.g., portfolio/leaderboard opt‑in).

Usage data: device/browser info, IP address, approximate location, timestamps, feature usage, crash logs, cookies and similar technologies.

Integrations (optional): if you connect third‑party accounts (e.g., social platforms), we receive tokens/handles only as necessary to provide features (posting, importing media, showing stats). You can disconnect at any time.

3) Why we collect it (purposes & legal bases)

• Provide the Service (perform contract): account, content processing, scoring, support.
• Improve & secure the Service (legitimate interests/consent): analytics, debugging, preventing abuse.
• Billing & compliance (legal obligation/contract): invoices, tax records, fraud prevention.
• Marketing (optional) (consent/legitimate interests): emails about new features; you can unsubscribe.

Model training: We do not use your identifiable User Content to train foundation models by default. We may use aggregated, de‑identified statistics (e.g., average watch‑time or score distributions) to improve quality. You may opt in to allow content for model‑training; you can revoke at any time in settings.

4) Cookies & tracking

We use necessary cookies for login and fraud prevention and optional analytics cookies (e.g., for usage analytics). EU/EEA/UK visitors will see a consent banner; you can change preferences anytime.

5) Disclosures (who we share with)

• Infrastructure: cloud hosting, storage, CDN, email provider, logging/monitoring.
• Payments: payment processor for subscriptions and fraud checks.
• AI vendors: model/API providers used to analyze your content (under data‑processing terms; no use for their own training without your consent).
• Legal & safety: when required by law or to prevent harm.
• Corporate events: as part of mergers, acquisitions, or asset transfers with appropriate safeguards. We do not sell personal information. We do not share for cross‑context behavioral advertising without your opt‑in where required.

6) International transfers

We may transfer data to countries where we or our vendors operate. Where required, we use approved safeguards (e.g., SCCs) and conduct transfer impact assessments.

7) Retention

• Uploads & scores: retained while your account is active; you can delete items anytime from your portfolio. If you close your account, we delete or de‑identify within 30 days except where law requires retention (e.g., billing records for up to 7 years).
• Logs/analytics: typically 12–18 months, then aggregated or deleted.

8) Your rights

Depending on your location, you may have rights to access, correct, delete, port, or object/restrict processing, and to withdraw consent. California residents have CPRA rights (know/delete/correct/opt‑out of sale or sharing). Submit requests via privacy@vidrater.ai. We will verify your request and respond within the statutory timeframe.

Do Not Sell/Share: We do not sell personal information. If we engage in sharing for advertising, we will offer a "Do Not Sell or Share My Personal Information" link.

9) Security

We use industry‑standard safeguards (encryption in transit and at rest, access controls, least‑privilege, regular backups). No system is 100% secure; please keep your account credentials safe.

10) Children

The Service is not for children under 16 (or the age of digital consent where you live). We do not knowingly collect data from children. If you believe a child has provided personal data, contact us for removal.

11) Leaderboard & public sharing

This is opt‑in. If enabled, your handle, thumbnails, scores, and links you choose may be visible to other users or the public. You can disable sharing at any time and request removal.

12) Changes to this policy

We’ll post updates here and update the date above. If changes are significant, we’ll notify you by email or in‑app notice.

13) Contact

Vidrater (sole proprietorship of Luke Millam) luke.millam@gmail.com