Privacy Policy

Last updated: November 30, 2024

1. Introduction

At Fluit.io ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our video review and collaboration platform.

By using Fluit.io, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide when using our Service:

  • Account Information: Email address, name, profile picture (if using Google OAuth)
  • Payment Information: Billing address, payment method details (processed securely through Stripe)
  • Video Content: Videos, images, and files you upload to the platform
  • Communication Data: Comments, annotations, feedback, and messages within the platform
  • Team Information: Names and email addresses of team members you invite

2.2 Information Collected Automatically

When you use Fluit.io, we automatically collect certain information:

  • Log Data: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages viewed, features used, time spent, click patterns
  • Performance Data: Upload speeds, video processing times, error logs
  • Cookies and Tracking Technologies: Session cookies, authentication tokens, analytics cookies

2.3 Information from Third Parties

We receive information from third-party services:

  • Google OAuth: Basic profile information (name, email, profile picture) when you sign in with Google
  • Payment Processors: Transaction confirmations and payment status from Stripe
  • Analytics Providers: Aggregated usage statistics (we use privacy-focused analytics)

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve the core functionality of Fluit.io
  • Video Processing: To encode, store, and deliver your video content securely
  • AI Features: To analyze feedback and generate AI-powered summaries and task prioritization
  • Authentication: To verify your identity and maintain secure access to your account
  • Billing: To process payments, manage subscriptions, and send receipts
  • Communication: To send transactional emails (magic links, password resets, billing notifications)
  • Support: To respond to your inquiries and provide customer assistance
  • Analytics: To understand usage patterns and improve user experience
  • Security: To detect fraud, abuse, and security threats
  • Legal Compliance: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

4.1 We Share Data With

  • Service Providers: Cloud storage (Cloudflare R2), video processing (Mux), payment processing (Stripe), email delivery (SendGrid), and hosting infrastructure (Hetzner)
  • Team Members: Your collaborators within shared projects (as configured by you)
  • Review Recipients: People you share review links with (they can access specific videos you've shared)
  • Legal Authorities: When required by law, subpoena, or to protect our rights and safety

4.2 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or video content to third parties for marketing purposes. Your content is yours, and we respect that.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email of any such change in ownership.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data is transmitted over HTTPS using TLS 1.3
  • Encryption at Rest: Video files and sensitive data are encrypted when stored
  • Access Controls: Role-based permissions and multi-factor authentication support
  • Regular Audits: Security assessments and penetration testing
  • Secure Infrastructure: Hardened servers with firewall protection and intrusion detection
  • Data Isolation: Your data is logically separated from other users' data

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breaches affecting your account.

6. Data Retention

We retain your information for as long as necessary to provide our services:

  • Active Accounts: Data is retained for the duration of your account
  • Deleted Content: Permanently removed within 30 days of deletion request
  • Canceled Accounts: Account data deleted within 90 days of cancellation
  • Backup Archives: May be retained for up to 6 months for disaster recovery
  • Legal Holds: Data may be retained longer if required by law or pending disputes

7. Your Privacy Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information in your account settings
  • Deletion: Request deletion of your account and associated data
  • Export: Download your video content and project data at any time
  • Opt-Out: Unsubscribe from marketing emails (transactional emails cannot be disabled)
  • Restrict Processing: Limit how we use your data in certain circumstances
  • Data Portability: Receive your data in a machine-readable format

To exercise these rights, contact us at privacy@fluit.io. We will respond within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for authentication and core functionality (cannot be disabled)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with the platform
  • Third-Party Cookies: Set by service providers like Google OAuth and Stripe

You can control cookies through your browser settings, but disabling certain cookies may affect functionality.

9. International Data Transfers

Fluit.io is operated from the United States and European Union. If you access our Service from outside these regions, your data may be transferred to, stored, and processed in countries with different privacy laws.

We use Standard Contractual Clauses (SCCs) and ensure our service providers comply with applicable data protection regulations, including GDPR and CCPA.

10. Children's Privacy

Fluit.io is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it immediately.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising your privacy rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Lawful basis for processing (consent, contract performance, legitimate interests)
  • Right to lodge a complaint with a supervisory authority
  • Right to object to automated decision-making (our AI features are assistive, not deterministic)
  • Data Protection Officer contact: dpo@fluit.io

13. Third-Party Links

Our Service may contain links to third-party websites or integrations. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to all registered users at least 30 days before taking effect. The "Last updated" date at the top of this policy indicates when it was last revised.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@fluit.io
Data Protection Officer: dpo@fluit.io
Website: https://fluit.io
Response Time: We aim to respond within 48 hours