Privacy Policy
VIDLOFT, LLC
PRIVACY POLICY
Last Updated: June 10, 2025
VidLoft, LLC (“VidLoft,” “we,” “us,” or “our”) respects your privacy and is committed to handling Personal Information in a safe and transparent manner. This Privacy Policy explains how we collect, use, disclose, and otherwise process Personal Information when you visit https://vidloft.com (the “Site”), engage our video‑editing and consulting services (collectively, the “Services”), or otherwise interact with us.
Use of the Services is also governed by our Terms of Service (“ToS”). This Policy forms part of—but does not override—those Terms.
1 Changes to This Policy
We may revise this Privacy Policy from time to time. The “Last Updated” date shows the most recent revision. When material changes are introduced, we will provide reasonable notice before new terms take effect (for example by e‑mail or prominent in‑product banner). Continued use of the Services after the effective date constitutes acceptance of the revised Policy.
2 Definitions
-
“Personal Information” / “Personal Data” Information that identifies, relates to, describes, or could reasonably be linked—directly or indirectly—to an individual. Examples include name, business e‑mail, IP address, and recognizable faces or voices contained in video footage.
-
“Customer Content” Video, audio, images, text, and related assets provided to VidLoft by or on behalf of a customer for editing or consulting purposes.
-
“Process” / “Processing” Any operation performed on Personal Information, whether or not by automated means.
-
“Sub‑processor” A third‑party service provider engaged by VidLoft to Process Personal Information on VidLoft’s behalf.
3 Roles & Responsibilities
For Customer Content, the customer is the data controller (or “business” under the CPRA) and VidLoft operates strictly as a data processor/service provider acting only on documented instructions. Customers represent and warrant that they have a lawful basis and all necessary consents to upload Customer Content and direct its Processing. VidLoft is the controller only for Personal Information collected directly by us—such as account, billing, or marketing data.
4 Information We Collect
4.1 Information You Provide
-
Account & Contact Data Name, business e‑mail, company, role, phone number, project briefs, and any information contained in messages you send us.
-
Customer Content Raw and finished video files, audio tracks, still images, annotations, and related metadata you upload via the Services. Such content may incidentally contain biometric identifiers (faces, voices) of individuals; VidLoft does not derive or store biometric templates.
-
Billing Data Purchase records, payment‑method identifiers, tax information, and transaction history. Payments are processed by Stripe; VidLoft never stores full card numbers.
4.2 Information Collected Automatically
When you interact with the Services, we and our Sub‑processors collect certain information automatically, including:
-
Log files (IP address, browser type, referring/exit pages, date/time stamps, clickstream data).
-
Device information (hardware model, operating system, unique device identifiers).
-
Usage metrics (pages viewed, features used, crash reports). These data are collected via cookies, pixels, local storage, and similar technologies.
4.3 Information from Third Parties
We may receive information about you from business partners, analytics providers, or single‑sign‑on platforms where you choose to authenticate.
5 User Responsibilities
You agree not to upload Customer Content that (a) contains protected health information, payment‑card PANs, government identifiers, or other regulated data categories, (b) you are not legally authorized to share, or (c) violates any law or intellectual‑property right. You are responsible for configuring access permissions on shared links and for obtaining all consents required to Process Personal Information contained in Customer Content. Breach of these duties relieves VidLoft of related liability.
6 How We Use Information
Personal Information may be Processed to:
-
Provide, operate, and maintain the Services;
-
Fulfil or enforce contractual obligations;
-
Improve and develop new features, offerings, and support tools;
-
Communicate administrative or marketing messages consistent with your preferences;
-
Detect, prevent, and investigate fraud, security incidents, or misuse;
-
Comply with applicable laws or respond to lawful requests.
Where the EU/UK GDPR applies, VidLoft relies on one or more of the following legal bases: performance of a contract, legitimate interests, consent, and compliance with legal obligations.
7 Our Use of Aggregate & De‑Identified Data
We may create and use aggregated, anonymized, or de‑identified data derived from Personal Information to operate, analyze, and improve the Services, provided that such data does not identify any individual or disclose Customer Content.
8 How We Share Information
VidLoft does not sell Personal Information. We may disclose information:
-
With Service Providers/Sub‑processors – Strictly for business purposes such as hosting, storage, identity management, analytics, payments, or customer relationship management. These providers are contractually bound to appropriate confidentiality and security obligations and are prohibited from selling or sharing Personal Information for cross‑context behavioral advertising.
-
For Legal or Safety Reasons – To comply with law, court order, or governmental request; to protect the rights, property, or safety of VidLoft, our users, or others.
-
Business Transfers – In connection with a merger, acquisition, financing, or sale of all or a portion of our assets, subject to customary confidentiality safeguards.
8.1 Current Sub‑processor List
| Vendor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud hosting, storage (S3) | United States |
| Adobe Frame.io | Collaborative video review & storage | United States |
| Hubspot, Inc. | Marketing Automation & CRM | United States |
| Stripe, Inc. | Payment processing | United States |
| Xero Limited | Invoicing & bookkeeping | United States |
This list may change; we will update this Policy or provide advance notice where required.
9 International Data Transfers
VidLoft is headquartered in the United States. When Personal Information originates from the European Economic Area, the United Kingdom, or Switzerland, transfers are made pursuant to Standard Contractual Clauses and, where applicable, the EU‑U.S. Data Privacy Framework or its UK extension.
10 Data Retention & Deletion
We retain Personal Information only for as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law. Typical retention periods are:
| Data Category | Retention Period | |
| Account & billing records |
|
|
| Customer Content (raw & finished) | Life of project + minimum 30 days availability, consistent with ToS | |
| System logs | 1 year |
Upon expiry of applicable periods, data may be deleted or anonymized in backups according to standard cycles. You may request early deletion where allowed.
11 Your Rights & Choices
11.1 EEA/UK Residents
Subject to conditions set out in the GDPR, you may request access, rectification, erasure, restriction, portability, or object to certain Processing. You also have the right to lodge a complaint with a supervisory authority.
11.2 California Residents
VidLoft acts as a service provider under the California Privacy Rights Act (“CPRA”) and therefore does not sell or share Personal Information. You may exercise rights of access, deletion, correction, or limitation of sensitive Personal Information by contacting us as set out in Section 17.
11.3 Marketing
You may opt out of marketing e‑mails at any time by following the unsubscribe instructions or by contacting us.
11.4 Cookies & Tracking Technologies
Most browsers allow you to control cookies through settings. Certain features might not function properly without cookies.
11.5 Do Not Track / Global Privacy Control
Industry standards for Do Not Track and Global Privacy Control signals are evolving; the Services currently do not respond to such signals.
12 Security
VidLoft employs reasonable administrative, technical, and organizational safeguards to protect Personal Information against unauthorized access, loss, or alteration. Measures may include encryption at rest via AWS KMS, TLS 1.2 or higher in transit, role‑based access controls, multi‑factor authentication, and periodic independent penetration testing. No method of transmission or storage is entirely secure, and absolute security cannot be guaranteed. Liability for security incidents is limited as described in our ToS.
13 Third‑Party Sites & Services
The Services may contain links to third‑party websites, plug‑ins, or integrations. VidLoft does not control and is not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies.
14 Children’s Privacy
The Services are not directed to individuals under 13 years of age (or the age defined by local law). We do not knowingly collect Personal Information from children. If we become aware that such information has been collected, we will delete it promptly.
15 Liability & Indemnity
VidLoft’s liability for privacy or data‑security breaches is limited to the maximum extent permitted by law, as further detailed in our ToS. Customers agree to indemnify and hold VidLoft harmless from claims arising out of Customer Content, including allegations that Customer Content infringes privacy or publicity rights.
16 Governing Law & Dispute Resolution
This Policy is governed by the laws designated in our ToS, which also sets forth mandatory dispute‑resolution procedures and venue.
17 Contact Us
For questions, concerns, or to exercise your privacy rights, please contact info@vidloft.com or mail:
VidLoft, LLC
Attn: Privacy Office
1203 Woodland Ave SE
Atlanta, Georgia 30316 USA
VidLoft endeavors to respond to verified requests within 30 days.
© 2025 VidLoft, LLC. All rights reserved.