Introduction
CollabCut ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our video collaboration platform.
By using CollabCut, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
Information We Collect
Personal Information
We collect information that you provide directly to us:
- Account Information: Email address, name, password (encrypted)
- Profile Information: Avatar/profile picture, display name
- OAuth Information: Google or GitHub account information (if you choose to sign in with these services)
- Payment Information: Processed securely through Stripe (we do not store credit card numbers)
- Organization Information: Company name, team member details
Content You Upload
- Video Files: Videos you upload for review and collaboration
- Comments & Annotations: Feedback, drawings, and comments you create
- Project Data: Project names, descriptions, and metadata
Automatically Collected Information
- Usage Data: Pages visited, features used, time spent
- Device Information: IP address, browser type, operating system
- Log Data: Access times, error logs, performance data
- Cookies: See our Cookie Policy for details
How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, maintain, and improve our video collaboration platform
- Account Management: To create and manage your account
- Communication: To send you service updates, security alerts, and support messages
- Customer Support: To respond to your requests and provide assistance
- Security: To detect, prevent, and address fraud, security issues, and technical problems
- Analytics: To understand how users interact with our service and improve user experience
- Marketing: With your consent, to send newsletters and promotional materials
- Legal Compliance: To comply with legal obligations and enforce our terms
Legal Basis for Processing (GDPR)
If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and context:
- Contract Performance: Processing necessary to provide our services (account creation, video hosting)
- Consent: You have given explicit consent (marketing emails, analytics cookies)
- Legitimate Interests: Our legitimate business interests (security, fraud prevention, service improvement)
- Legal Obligation: Required by law (tax records, legal requests)
How We Share Your Information
We do not sell your personal information. We may share your information in the following situations:
Service Providers (Subprocessors)
We use third-party service providers to help us operate our business:
- Mux: Video hosting, processing, and delivery
- Cloudflare R2: Cloud storage for files and assets
- Supabase (AWS): Database hosting and authentication
- Stripe: Payment processing
- Email Provider: Transactional emails and notifications
All subprocessors are contractually required to protect your data and use it only for the purposes we specify.
Within Your Organization
Content you upload (videos, comments) is shared with other members of your organization/team as part of the collaboration features.
Legal Requirements
We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders).
Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.
International Data Transfers
Your information may be transferred to and processed in countries other than your own. Our servers are primarily located in the United States (AWS US-East region).
For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection when transferring data internationally.
Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Access Controls: Role-based access and authentication requirements
- Monitoring: Continuous security monitoring and logging
- Regular Audits: Security assessments and vulnerability testing
However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Data Retention
We retain your personal information for as long as necessary to provide our services and comply with legal obligations:
- Active Accounts: For the duration of your account relationship
- Deleted Accounts: 30 days grace period, then permanently deleted
- Backups: May be retained for up to 90 days
- Financial Records: 7 years (legal requirement)
- Security Logs: Up to 2 years
Your Privacy Rights
All Users
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data
- Opt-Out: Unsubscribe from marketing communications
GDPR Rights (EEA Users)
If you are in the EEA, you have additional rights under GDPR:
- Right to Access: Obtain confirmation of data processing and access to your data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Restriction: Limit how we use your data
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Lodge a Complaint: File a complaint with your supervisory authority
CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request disclosure of categories and specific pieces of personal information
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of "sale" of personal information (we do not sell data)
- Right to Non-Discrimination: Not be discriminated against for exercising your rights
How to Exercise Your Rights
To exercise any of these rights:
- Email us at: collabcut@gmail.com
- Visit your Privacy Settings page
- Download your data from your account settings
We will respond to your request within 30 days.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.
Types of cookies we use:
- Essential Cookies: Required for the platform to function (authentication, security)
- Analytics Cookies: Help us understand how you use our service (requires consent)
- Preference Cookies: Remember your settings and preferences
Children's Privacy
Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at collabcut@gmail.com.
Do Not Track Signals
Some browsers have a "Do Not Track" feature. We currently do not respond to DNT signals because there is no industry standard for compliance.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
Your continued use of our service after changes become effective constitutes acceptance of the updated policy.
Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Supervisory Authority
If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.