Back to Dayvid.ai

Privacy Policy

Effective Date: March 12, 2026 · Last Updated: April 15, 2026

1. Introduction

This Privacy Policy describes how Dayvid.ai ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use the Dayvid.ai platform, website, and related services (collectively, the "Service"). Dayvid.ai is operated by Latrova Tech (CNPJ: 27.356.487/0001-04), a company registered in Brazil.

Dayvid.ai is a paid SaaS platform for AI-powered video creation and publishing. Users upload audio, images, and subtitles, and the platform generates videos with animations, styled captions, and outros. The Service also offers AI image generation, text-to-speech, audio transcription, and direct publishing to YouTube, TikTok, and Instagram.

Under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), we act as both a data controller (determining the purposes and means of processing your personal data) and a data processor (processing data on your behalf when you use the Service to create and publish content).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address— for authentication and service communications
  • Password— stored only in hashed form (bcrypt); we never store or have access to your plaintext password
  • Name— for account personalization

2.2 Payment Information

We use Stripe, Inc. as our payment processor. We do not directly collect, store, or process credit card numbers or bank account details. Stripe handles all payment information in accordance with their own privacy policy. We receive only transaction confirmation data (subscription status, plan type, billing dates).

2.3 User Content

To provide the Service, we store content you upload or create:

  • Audio files (WAV, MP3)
  • Images (PNG, JPG)
  • Subtitle files (SRT, VTT)
  • Rendered videos (MP4)
  • Project configurations, style presets, and version history
  • Brand profiles (logos, color palettes, fonts)
  • Publish schedules

You retain all intellectual property rights to the content you create and upload. We claim no ownership over your content. See Section 5 for how we use your content.

2.4 Platform Connection Data

When you connect third-party platform accounts (YouTube, TikTok) via OAuth, we collect and store:

  • OAuth access and refresh tokens— encrypted and stored in Supabase Vault
  • Channel/account identifiers— to publish content to the correct destination
  • Channel metadata— such as channel name and profile picture, for display within the Service

We do notcollect or store your platform passwords. Authentication is handled entirely through each platform's official OAuth 2.0 flow.

2.5 YouTube-Specific Data

When you connect your YouTube account, we may access:

  • YouTube channel information— channel name, ID, and thumbnail (via the youtube.readonly scope)
  • Video upload capabilities— to publish videos on your behalf (via the youtube.upload scope)

Google API Services Limited Use Disclosure

Dayvid.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only access Google user data necessary to provide our core video publishing functionality.
  • We do not use Google user data for serving advertisements.
  • We do not sell Google user data to third parties.
  • We do not use Google user data for any purpose unrelated to the Dayvid.ai Service.
  • We do not share Google user data with third-party AI models for training or model improvement purposes.
  • We do not use Google user data for retargeting, prospecting, or any form of personalized or interest-based advertising.
  • We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized.

2.6 TikTok-Specific Data

When you connect your TikTok account, we may access:

  • TikTok user profile information— display name, avatar, and open ID (via Login Kit)
  • Creator information— to determine posting eligibility and privacy settings (via Content Posting API)
  • Video upload capabilities— to publish videos on your behalf

We use TikTok data solely to enable the video publishing functionality within Dayvid.ai. We do not use TikTok data for any purpose beyond what is necessary to provide the Service.

2.7 Usage Data

We collect technical data necessary to operate the Service:

  • Log data (IP addresses, browser type, access times, pages viewed)
  • Feature usage patterns (which tools and workflows you use)
  • Error and crash reports

This data is used exclusively for maintaining service reliability, improving the product, and diagnosing technical issues.

2.8 Behavioral and Analytics Data

We use PostHog to collect behavioral and usage analytics so we can understand how Dayvid.ai is used and improve the product. This includes:

  • Page views, navigation paths, and session information
  • Interaction events (clicks, form submissions, input changes) captured via autocapture, and aggregated heatmaps
  • Product events tied to your account after login (for example, sign-ups, logins, video renders, publishes, subscription changes, retries, and failures), associated with your user ID and email
  • Device and browser information (user agent, screen size, approximate location derived from IP)

2.9 Error and Diagnostic Data

We use PostHog Error Tracking to capture unhandled exceptions, stack traces, and runtime context from both the client (browser) and the server (API routes, Server Actions, Server Components, and Middleware), as well as React error boundary reports. This data helps us detect and fix bugs.

2.10 AI Interaction Content (LLM Observability)

When you use AI-powered features of the Service — including image generation, text generation, brainstorming assistants, and any feature that sends prompts to an AI model — we use PostHog LLM Observability to log the AI interaction. This means we capture:

  • The full prompt text you submit (including any system, user, and context messages sent to the model)
  • The full model output returned to you
  • Metadata about the request (model name, token usage, latency, associated user ID)

Please be aware:this can include creative content you submit to AI features — for example, lyrics, scripts, briefs, custom prompts, or any other text you provide. We use this data solely to debug and improve AI features, monitor cost and quality, and investigate failures. It is not used to train models. LLM observability currently covers our OpenAI-backed features; we plan to extend it to our Fal and Replicate integrations.

3. How We Use Your Information

We use the information we collect for the following purposes:

PurposeData Used
Provide and operate the ServiceAccount info, user content, platform tokens
Process video renderingAudio, images, subtitles, project configuration
Publish videos to platformsOAuth tokens, video files, metadata
Process payments and manage subscriptionsEmail, payment data (via Stripe, Inc.)
Communicate with you about the ServiceEmail address
Generate AI content (images, narration, transcription)Text prompts, audio files (see Section 4)
Maintain security and prevent abuseAccount info, usage data, log data
Improve the ServiceAggregated, anonymized usage data

We process your data based on: (a) the performance of our contract with you (providing the Service), (b) your consent (when connecting platform accounts), (c) our legitimate interests (security, service improvement), and (d) legal obligations.

4. Third-Party Service Providers (Sub-processors)

To deliver the Service, we share specific data with the following third-party providers:

ServiceData SharedPurposeLocation
SupabaseAll platform dataDatabase, authentication, file storageUSA (AWS)
VercelHTTP request dataWeb application hostingUSA
GCP (Google Cloud)Media files during renderingVideo rendering via Cloud RunUSA
Stripe, Inc.Email, billing address, payment informationPayment processing, subscriptionsUSA
PostHogUser events and identifiers (user ID, email), AI prompts and model outputs, error traces, device and browser infoProduct analytics, error tracking, LLM observabilityUSA (PostHog Cloud US)
OpenAIText prompts (user-provided)Text generation, prompt enhancement, AI insightsUSA
FAL.aiText prompts (user-provided)AI image generationUSA
ElevenLabsText prompts, user audioText-to-speech, audio transcriptionUSA
Google / YouTubeVideos, metadata, OAuth tokensVideo publishing, channel dataUSA
TikTokVideos, metadata, OAuth tokensVideo publishingUSA / Singapore
Google FontsNo personal dataFont search and loadingUSA

Important Clarifications on AI Sub-processors

  • No Google or TikTok user data is sent to AI sub-processors. We do not share your YouTube channel data, TikTok profile data, OAuth tokens, or analytics data with OpenAI, FAL.ai, or ElevenLabs.
  • AI sub-processors receive only the content you explicitly submit for AI processing (e.g., text prompts for image generation, audio files for transcription).
  • Each AI sub-processor operates under their own privacy policy and data handling terms. Content processed by AI services may be subject to their respective usage policies.
  • We do not use your content to train AI models. However, third-party AI providers may have their own data usage policies, which we encourage you to review.

5. How We Use Your Content

We use your uploaded and generated content solely to provide the Service. Specifically:

  • Processing: We process your audio, images, and subtitles to render videos.
  • Storage: We store your files so you can access, manage, and re-render your projects.
  • Publishing: When you choose to publish, we transmit your videos and metadata to your connected platform accounts.
  • No other use: We do not sell, license, or use your content for advertising, marketing, or any purpose beyond providing the Service to you.

You grant us a limited, non-exclusive license to use your content only as necessary to operate the Service on your behalf. This license terminates when you delete your content or your account.

6. Data Storage and Security

6.1 Data Location

All data is processed and stored on servers located in the United States(via Supabase/AWS, Vercel, and GCP). TikTok data may also be processed in Singapore per TikTok's infrastructure.

6.2 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All communications use HTTPS/TLS encryption.
  • Password security: Passwords are hashed using bcrypt via Supabase Auth.
  • Token security: OAuth tokens are encrypted and stored in Supabase Vault.
  • Encryption at rest: User data stored in our database and file storage is encrypted at rest using AES-256 encryption provided by our infrastructure providers (AWS/Supabase).
  • Access control: Row-Level Security (RLS) on our database ensures each user can only access their own data.
  • API token security: API tokens are hashed with configurable scopes and expiration dates.
  • Internal access controls: Our team operates under the principles of least privilege and need-to-know. Employees access user data only when necessary to provide support, maintain security, or comply with legal obligations.

6.3 Access Control Policy

Dayvid.ai maintains strict internal access control procedures:

  • Access to user data is restricted to authorized personnel only.
  • We apply the principle of least privilege: team members are granted only the minimum access necessary to perform their duties.
  • We apply the need-to-know principle: user data, including OAuth tokens and published content, is not accessed unless required for support, security, or legal compliance.
  • Access permissions are reviewed regularly and revoked promptly when no longer needed.

7. Data Retention

7.1 Active Accounts

  • User content (uploads):Retained as long as your account is active and within your plan's storage limit. When you reach your storage limit, you must delete files to free space. We do not auto-delete your files.
  • Project data (configurations, schedules, publish history): Retained indefinitely while your account is active, even if associated uploads are deleted.

7.2 After Account Cancellation

  • Your data is retained for 30 days after account cancellation to allow for possible reactivation.
  • After 30 days, all personal data and user content are permanently deleted from our active systems.
  • Data may persist in encrypted backups for up to 90 days after deletion, after which it is permanently removed.

7.3 Platform-Specific Data Retention

For data obtained through platform integrations (YouTube, TikTok, and Instagram):

  • When you disconnect a platform account within Dayvid.ai, we immediately deleteall data associated with that platform connection, including OAuth tokens and any platform-specific metadata. If you instead revoke our access through the platform's own settings (Google, TikTok, or Instagram), Dayvid.ai loses the ability to call the platform on your behalf but does not automatically learn of the revocation; to also delete the platform data stored on our systems, use the in-app Disconnect action or contact us as described in Section 8.4.
  • Once a deletion has been performed (either via in-app Disconnect or upon receipt of an emailed deletion request), it applies regardless of your account status and is not subject to the 30-day retention period described above.
  • Platform-specific data is not retained for commercial convenience. Compliance with platform data policies takes precedence.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to:

  • Access your data: Request a copy of the personal data we hold about you.
  • Export your content: Download your uploaded files and rendered videos through the Service.
  • Data portability: Request your data in a structured, machine-readable format.

8.2 Correction

You can update your account information at any time through your account settings. If you need to correct other data, contact us at support@dayvid.ai.

8.3 Deletion

You can:

  • Delete individual files from your media library at any time.
  • Delete your account by contacting us at support@dayvid.ai. Upon account deletion, all associated data will be removed per our retention policy (Section 7.2).

8.4 Platform Disconnection and Data Deletion

You may disconnect any connected platform (YouTube, TikTok, and Instagram) at any time:

  1. Within Dayvid.ai:Navigate to your Brand settings, select the connected account, and click "Disconnect." This immediately revokes the connection and deletes all stored tokens and platform-specific data from our systems. Note: videos already published to the platform remain on your platform account under your control and are not affected by disconnecting from Dayvid.ai.
  2. Through the platform directly:

    Revoking access through the platform stops Dayvid.ai from making further calls on your behalf, but does not by itself delete data already stored on our systems (such as OAuth tokens, profile identifiers, channel metadata, or media references). To delete that data, also disconnect the account within Dayvid.ai (option 1 above) or email support@dayvid.ai with the platform name in the subject. We process such requests within 30 days.

  3. Request complete deletion: Email support@dayvid.ai with the subject "Data Deletion Request" to request the complete deletion of all your data, including your account, uploaded content, rendered videos, and any platform-associated data stored on our servers.

We will process deletion requests within 30 days of receipt.

8.5 Withdraw Consent

Where we rely on your consent to process data, you may withdraw that consent at any time by disconnecting platform accounts, adjusting your cookie preferences, or contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

8.6 Additional Rights for EEA/UK Residents

If you are located in the European Economic Area or the United Kingdom, you may also:

  • Object to or restrict certain processing of your data.
  • Lodge a complaint with your local data protection authority.

8.7 Additional Rights for California Residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

  • Know what personal information is collected, used, and shared.
  • Request deletion of personal information.
  • Opt out of the sale of personal information. We do not sell your personal information.
  • Non-discrimination for exercising your privacy rights.

8.8 Analytics Opt-Out and Deletion of PostHog Event Data

Because we use PostHog for product analytics, error tracking, and LLM observability (see Sections 2.8, 2.9, and 2.10), you have additional choices for this data specifically:

  • Opt out of analytics:block or delete PostHog cookies in your browser's settings. A dedicated cookie consent banner with granular controls is being rolled out and will allow you to disable analytics and error-tracking cookies directly within the Service.
  • Request deletion of PostHog event data: you can ask us to delete the behavioral events, error traces, and AI prompt/output logs associated with your account by emailing support@dayvid.ai with the subject "PostHog Data Deletion Request." We will process the request within 30 days.

9. Cookies and Tracking Technologies

9.1 Current Use

Dayvid.ai uses both essential cookies required for the Service to function and analytics cookies set by PostHog to help us understand product usage and diagnose errors:

Cookie / IdentifierPurposeDuration
Authentication sessionMaintains your logged-in state (via Supabase Auth)Session
Security tokensCSRF protectionSession
ph_phc_<id>_posthogAnalytics and performance (via PostHog) — assigns a persistent identifier to recognize returning visitors and attribute events1 year
ph_phc_<id>_posthog_sessionSession analytics (via PostHog) — groups events into a single browsing sessionSession
PostHog error tracking contextError tracking — associates exceptions and stack traces with the current user and session to help us fix bugsSession

Where <id> is our PostHog project identifier. PostHog requests are reverse-proxied through /ingest/* on our own domain to PostHog Cloud US (us.i.posthog.com). The authentication and CSRF cookies are strictly necessary and cannot be disabled without impairing the Service.

9.2 Your Choices

You can control analytics and error-tracking cookies in the following ways:

  • Browser settings:you can block or delete PostHog cookies through your browser's cookie controls, or use "Do Not Track" / private browsing modes. Doing so will stop analytics and heatmap collection for your sessions.
  • Cookie consent banner: we are rolling out a dedicated consent banner with granular controls for analytics and error-tracking cookies. Until the banner is live, you can opt out using the browser controls above or by emailing us.
  • Email opt-out: you can request that we stop collecting analytics events for your account and delete previously collected PostHog event data by contacting support@dayvid.ai.

We will never use cookies for advertising, retargeting, or selling your data to third parties.

10. Children's Privacy

Dayvid.ai is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18.

If we become aware that a user is under 18, we will promptly suspend the account and delete all associated personal data. If you believe a minor has provided us with personal information, please contact us at support@dayvid.ai.

11. International Data Transfers

Our Service is operated from and data is stored in the United States. If you access the Service from outside the United States, your data will be transferred to, stored, and processed in the United States.

We rely on standard contractual clauses and other appropriate safeguards to ensure that international data transfers comply with applicable data protection laws, including the GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify registered users via email.
  • Post a prominent notice on the Service.

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Dayvid.ai

Operated by Latrova Tech (CNPJ: 27.356.487/0001-04)

Email: support@dayvid.ai

For privacy-specific requests, including data access, correction, deletion, or portability, please email support@dayvid.ai with the subject line "Privacy Request."

We will respond to all privacy-related inquiries within 30 days.