Privacy Policy
Last updated: March 2026
1. Data Controller
Vosmotion ("we", "us", "our") is the data controller responsible for your personal data. For privacy inquiries, contact us at [INSERT CONTACT EMAIL].
2. Personal Data We Collect
- Account data: email address, name, and profile picture from your Google account when you sign in.
- Uploaded content: pictures and videos you upload to the service.
- Biometric data: facial images contained in uploaded pictures, which are processed by AI to generate animated videos. This is special category data under GDPR Article 9.
- Generated content: video outputs produced by our AI animation service.
- Technical data: IP addresses, browser type, and access timestamps collected automatically via server logs.
3. How We Use Your Data
| Purpose | Data | Legal Basis |
|---|---|---|
| Provide the service (account, uploads, generations) | Account data, uploaded content, generated content | Contract performance (Art. 6(1)(b)) |
| AI animation of facial images | Biometric data (face pictures) | Explicit consent (Art. 9(2)(a)) |
| Security and abuse prevention | Technical data | Legitimate interest (Art. 6(1)(f)) |
4. Biometric Data and Consent
When you upload pictures containing faces, these images are processed by AI models to generate animated videos. This constitutes processing of biometric data under GDPR.
Before uploading facial images, you will be asked to provide explicit consent for this specific processing. You can withdraw this consent at any time from your account settings, which will prevent future processing of facial images. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
5. Third-Party Processors
We share your data with the following processors, all of whom have signed Data Processing Agreements:
- Supabase — database hosting and authentication
- Cloudflare — file storage (R2) and content delivery
- Vercel — application hosting
- Google — authentication (OAuth)
- GPU compute providers — AI video generation processing
6. International Data Transfers
Your data may be transferred to and processed in the United States and other countries outside the EU/EEA. These transfers are protected by Standard Contractual Clauses (SCCs) included in our Data Processing Agreements with each provider.
7. Data Retention
- Account data: retained while your account is active. Deleted when you delete your account.
- Uploaded assets: retained while your account is active. Rejected assets are deleted after 30 days.
- Generated videos: retained while your account is active.
- Failed generation records: metadata retained for 90 days for debugging, then deleted.
- Server logs: retained for up to 30 days.
8. Your Rights
Under GDPR, you have the right to:
- Access — request a copy of all personal data we hold about you.
- Rectification — correct inaccurate personal data.
- Erasure — delete your account and all associated data.
- Data portability — export your data in a machine-readable format.
- Withdraw consent — withdraw biometric data processing consent at any time.
- Restriction — request we restrict processing of your data.
- Object — object to processing based on legitimate interest.
- Complaint — lodge a complaint with your local data protection supervisory authority.
You can exercise your rights to access, export, and delete your data from your account settings. For other requests, contact us at [INSERT CONTACT EMAIL].
9. Cookies
We use strictly necessary cookies for authentication. These are exempt from consent requirements as the service cannot function without them. We do not use tracking or advertising cookies.
10. Children
Our service is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Automated Decision-Making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
12. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised date.