Privacy Policy.
This Privacy Policy explains how Halo sp. z o.o. ("we", the "Controller") collects, uses and protects your personal data when you use the VideoGenAI website and Service. This Policy is written to comply with Regulation (EU) 2016/679 (GDPR) and the Polish Personal Data Protection Act.
1. Data controller
Halo sp. z o.o.
ul. Warszawska 40/2A, 40-008 Katowice, Poland
KRS 0001145505 · NIP 9542880835
Privacy contact: privacy@videogenai.io
2. What we collect
- Account data: email address, name (optional), company (optional).
- Usage and analytics data: pages visited, clicks, scroll depth, dwell time, form-field interaction (field names and input length, never the raw values you type), pricing-tier clicks.
- Device and network data: user-agent, browser, OS, device type, referrer, UTM parameters, approximate geo (country/region/city) derived from IP.
- IP address: stored only as a salted SHA-256 hash (not the raw IP) for abuse prevention and geo inference.
- Render inputs and outputs: prompts, uploaded references, and generated clips you create.
- Billing data: transaction identifiers; payment details are handled by our PCI-DSS compliant payment processor, not by us.
3. Why we process it (legal basis)
- Performance of a contract (Art. 6(1)(b) GDPR): to operate your account, process renders and bill you.
- Legitimate interests (Art. 6(1)(f)): product analytics, security, abuse prevention, service improvement. We balance these against your rights.
- Consent (Art. 6(1)(a)): optional marketing communications, where applicable.
- Legal obligation (Art. 6(1)(c)): accounting and tax records as required by Polish law.
4. Retention
- Account data: until you delete your account.
- Render inputs and outputs: 90 days after deletion request, then purged from backups within an additional 30 days.
- Analytics events: 24 months, then aggregated irreversibly.
- IP-hash records: 12 months.
- Invoices and accounting records: 5 years from the end of the tax year, per Polish law.
5. Who we share data with
We share personal data only with carefully selected processors that help us run the Service. Categories of processors include:
- Cloud hosting and database providers (EU region).
- Transactional email providers.
- Payment processing.
- Product analytics and error monitoring.
- GPU inference partners for rendering.
A current list of sub-processors is available in our Data Processing Agreement.
6. International transfers
Personal data is primarily processed within the EEA. Where a processor is located outside the EEA, transfers are protected by Standard Contractual Clauses (SCCs) and, where required, supplementary measures.
7. Your rights
You have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time where processing is based on consent. You may exercise these rights by emailing privacy@videogenai.io. You also have the right to lodge a complaint with the Polish supervisory authority (UODO) or with the supervisory authority of your habitual residence.
8. Cookies
We use a small number of first-party cookies, all of them functionally necessary or used for privacy-safe product analytics:
- Anonymous visitor identifier, a random UUID set on first visit so we can aggregate page-level usage without linking it to your identity. Expires after 1 year.
- Session cookies for signed-in users - required to keep you logged into your workspace. Expire when you sign out or when the session expires.
We do not use third-party advertising cookies, cross-site tracking pixels, or social-media retargeting tags.
9. Security
We follow industry-standard practices: HTTPS everywhere, data-at- rest encryption for databases and backups, least-privilege access, rotated secrets, and regular dependency patching.
10. Changes to this Policy
We may update this Policy. Material changes are communicated by email at least 14 days before they take effect.