Privacy Policy

Account Information: When you create an account, we collect your email address, display name, and password (hashed, never stored in plaintext). If you sign up via social login, we receive your name and email from the identity provider.

Uploaded Content: Music video files you upload, along with extracted metadata (BPM, musical key, artist, album, genre, language, duration, thumbnails). Video files are stored on our S3-compatible object storage (MinIO).

Usage Data: We collect anonymized usage analytics including feature usage, session duration, tracks played, and error logs. This data is used solely to improve the Service and is not linked to your identity.

Payment Information: Payment details are processed directly by our payment processor (Stripe, via Mavi Pay). We do not store your credit card number, CVC, or full card details on our servers. We retain only a payment reference ID and billing history.

Communications: When you contact us via email or the contact form, we collect your name, email, and message content to respond to your inquiry.

We use your data for the following purposes:

• Providing and maintaining the Service, including video storage, playback, and mixing features
• Processing your subscription payments and managing your account
• AI-powered features: BPM detection, key analysis, track recommendations, and automated mixing
• Improving the Service based on anonymized usage patterns
• Communicating with you about your account, billing, and important updates
• Preventing fraud, abuse, and ensuring security of the platform

We will never sell your personal data to third parties. We do not use your uploaded content for advertising or marketing purposes.

Self-Hosted Infrastructure: All data is stored on our self-hosted servers located in Manchester, United Kingdom. We do not use third-party cloud providers (AWS, Google Cloud, Azure) for storing your files or personal data.

Database: User accounts and metadata are stored in a self-hosted PostgreSQL database with encryption at rest.

File Storage: Uploaded video files and generated thumbnails are stored on our self-hosted MinIO S3-compatible object storage with server-side encryption.

Client-Side Storage: The web application uses IndexedDB in your browser for local caching of video data and metadata. This data never leaves your device unless you explicitly sync it to our servers.

Security Measures: All data in transit is encrypted via TLS 1.3. Access to servers is restricted via SSH key authentication and firewall rules. We perform regular security audits and maintain automated monitoring via our Ghost agent.

On-Premise AI: All AI processing is performed on our own servers using Ollama with Qwen models. Your music metadata, library data, and AI interactions are processed entirely within our infrastructure.

No Third-Party AI: We do not send your data to OpenAI, Anthropic, Google, or any other third-party AI provider. The Linus AI agent and Ghost self-healing agent both run on our self-hosted hardware.

No Training on Your Data: We do not use your uploaded content, metadata, or interactions to train AI models. Your data is used solely to provide you with AI-powered features within the Service.

We use the following cookies:

• Essential cookies: Session authentication, CSRF protection. These are required for the Service to function and cannot be disabled.
• Preference cookies: UI settings, theme preferences, last used deck configuration. Stored locally.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in any ad networks or cross-site tracking.

We use a limited number of third-party services:

• Resend — Email delivery for account verification, password resets, and important notifications. Resend processes your email address to deliver messages. Resend Privacy Policy
• Stripe (via Mavi Pay) — Payment processing for subscriptions. Stripe processes your payment information directly. We never see or store your full card details. Stripe Privacy Policy

If you use the live streaming feature, your stream data is sent directly from your browser to the streaming platform (Twitch/YouTube) via RTMP. This data does not pass through our servers. Your stream key is stored only in your browser's localStorage.

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of all personal data we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure: You can request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: You can request that we limit how we process your data.
• Right to Data Portability: You can request your data in a structured, machine-readable format.
• Right to Object: You can object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@videodj.studio. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority (ICO in the UK).

Active Accounts: We retain your data for as long as your account is active. Uploaded video files and metadata are kept as long as you maintain an active subscription.

Cancelled Accounts: After subscription cancellation, we retain your data for 90 days in case you wish to reactivate. After 90 days, uploaded video files are permanently deleted from our storage. Account metadata (email, name) is retained for an additional 12 months for legal and billing purposes.

Account Deletion: Upon explicit account deletion request, we will delete all your personal data and uploaded content within 30 days, except where retention is required by law (e.g., billing records for tax purposes, retained for up to 7 years).

Backups: Encrypted backups may retain your data for up to 30 days after deletion from primary storage.

videoDJ.Studio is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@videodj.studio.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by sending you an email notification. We encourage you to review this policy periodically.