Privacy Policy

1. Introduction

This Privacy Policy describes how Dayvid.ai ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use the Dayvid.ai platform, website, and related services (collectively, the "Service"). Dayvid.ai is operated by Latrova Tech (CNPJ: 27.356.487/0001-04), a company registered in Brazil.

Dayvid.ai is a paid SaaS platform for AI-powered video creation and publishing. Users upload audio, images, and subtitles, and the platform generates videos with animations, styled captions, and outros. The Service also offers AI image generation, text-to-speech, audio transcription, and direct publishing to YouTube, TikTok, and Instagram.

Under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), we act as both a data controller (determining the purposes and means of processing your personal data) and a data processor (processing data on your behalf when you use the Service to create and publish content).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address— for authentication and service communications
• Password— stored only in hashed form (bcrypt); we never store or have access to your plaintext password
• Name— for account personalization

2.2 Payment Information

We use Creem.io as our payment processor. We do not directly collect, store, or process credit card numbers or bank account details. Creem.io handles all payment information in accordance with their own privacy policy. We receive only transaction confirmation data (subscription status, plan type, billing dates).

2.3 User Content

To provide the Service, we store content you upload or create:

• Audio files (WAV, MP3)
• Images (PNG, JPG)
• Subtitle files (SRT, VTT)
• Rendered videos (MP4)
• Project configurations, style presets, and version history
• Brand profiles (logos, color palettes, fonts)
• Publish schedules

You retain all intellectual property rights to the content you create and upload. We claim no ownership over your content. See Section 5 for how we use your content.

2.4 Platform Connection Data

When you connect third-party platform accounts (YouTube, TikTok) via OAuth, we collect and store:

• OAuth access and refresh tokens— encrypted and stored in Supabase Vault
• Channel/account identifiers— to publish content to the correct destination
• Channel metadata— such as channel name and profile picture, for display within the Service

We do notcollect or store your platform passwords. Authentication is handled entirely through each platform's official OAuth 2.0 flow.

2.5 YouTube-Specific Data

When you connect your YouTube account, we may access:

• YouTube channel information— channel name, ID, and thumbnail (via the youtube.readonly scope)
• Video upload capabilities— to publish videos on your behalf (via the youtube.upload scope)

2.6 TikTok-Specific Data

When you connect your TikTok account, we may access:

• TikTok user profile information— display name, avatar, and open ID (via Login Kit)
• Creator information— to determine posting eligibility and privacy settings (via Content Posting API)
• Video upload capabilities— to publish videos on your behalf

We use TikTok data solely to enable the video publishing functionality within Dayvid.ai. We do not use TikTok data for any purpose beyond what is necessary to provide the Service.

2.7 Usage Data

We collect technical data necessary to operate the Service:

• Log data (IP addresses, browser type, access times, pages viewed)
• Feature usage patterns (which tools and workflows you use)
• Error and crash reports

This data is used exclusively for maintaining service reliability, improving the product, and diagnosing technical issues.

3. How We Use Your Information

We use the information we collect for the following purposes:

We process your data based on: (a) the performance of our contract with you (providing the Service), (b) your consent (when connecting platform accounts), (c) our legitimate interests (security, service improvement), and (d) legal obligations.

4. Third-Party Service Providers (Sub-processors)

To deliver the Service, we share specific data with the following third-party providers:

Important Clarifications on AI Sub-processors

• No Google or TikTok user data is sent to AI sub-processors. We do not share your YouTube channel data, TikTok profile data, OAuth tokens, or analytics data with OpenAI, FAL.ai, or ElevenLabs.
• AI sub-processors receive only the content you explicitly submit for AI processing (e.g., text prompts for image generation, audio files for transcription).
• Each AI sub-processor operates under their own privacy policy and data handling terms. Content processed by AI services may be subject to their respective usage policies.
• We do not use your content to train AI models. However, third-party AI providers may have their own data usage policies, which we encourage you to review.

5. How We Use Your Content

We use your uploaded and generated content solely to provide the Service. Specifically:

• Processing: We process your audio, images, and subtitles to render videos.
• Storage: We store your files so you can access, manage, and re-render your projects.
• Publishing: When you choose to publish, we transmit your videos and metadata to your connected platform accounts.
• No other use: We do not sell, license, or use your content for advertising, marketing, or any purpose beyond providing the Service to you.

You grant us a limited, non-exclusive license to use your content only as necessary to operate the Service on your behalf. This license terminates when you delete your content or your account.

6. Data Storage and Security

6.1 Data Location

All data is processed and stored on servers located in the United States(via Supabase/AWS, Vercel, and GCP). TikTok data may also be processed in Singapore per TikTok's infrastructure.

6.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit: All communications use HTTPS/TLS encryption.
• Password security: Passwords are hashed using bcrypt via Supabase Auth.
• Token security: OAuth tokens are encrypted and stored in Supabase Vault.
• Encryption at rest: User data stored in our database and file storage is encrypted at rest using AES-256 encryption provided by our infrastructure providers (AWS/Supabase).
• Access control: Row-Level Security (RLS) on our database ensures each user can only access their own data.
• API token security: API tokens are hashed with configurable scopes and expiration dates.
• Internal access controls: Our team operates under the principles of least privilege and need-to-know. Employees access user data only when necessary to provide support, maintain security, or comply with legal obligations.

6.3 Access Control Policy

Dayvid.ai maintains strict internal access control procedures:

• Access to user data is restricted to authorized personnel only.
• We apply the principle of least privilege: team members are granted only the minimum access necessary to perform their duties.
• We apply the need-to-know principle: user data, including OAuth tokens and published content, is not accessed unless required for support, security, or legal compliance.
• Access permissions are reviewed regularly and revoked promptly when no longer needed.

7. Data Retention

7.1 Active Accounts

• User content (uploads):Retained as long as your account is active and within your plan's storage limit. When you reach your storage limit, you must delete files to free space. We do not auto-delete your files.
• Project data (configurations, schedules, publish history): Retained indefinitely while your account is active, even if associated uploads are deleted.

7.2 After Account Cancellation

• Your data is retained for 30 days after account cancellation to allow for possible reactivation.
• After 30 days, all personal data and user content are permanently deleted from our active systems.
• Data may persist in encrypted backups for up to 90 days after deletion, after which it is permanently removed.

7.3 Platform-Specific Data Retention

For data obtained through platform integrations (YouTube, TikTok):

• When you disconnect a platform account within Dayvid.ai or revoke our access through the platform's settings, we immediately delete all data associated with that platform connection, including OAuth tokens and any platform-specific metadata.
• This deletion occurs regardless of your account status and is not subject to the 30-day retention period described above.
• Platform-specific data is not retained for commercial convenience. Compliance with platform data policies takes precedence.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to:

• Access your data: Request a copy of the personal data we hold about you.
• Export your content: Download your uploaded files and rendered videos through the Service.
• Data portability: Request your data in a structured, machine-readable format.

8.2 Correction

You can update your account information at any time through your account settings. If you need to correct other data, contact us at support@dayvid.ai.

8.3 Deletion

You can:

• Delete individual files from your media library at any time.
• Delete your account by contacting us at support@dayvid.ai. Upon account deletion, all associated data will be removed per our retention policy (Section 7.2).

8.4 Platform Disconnection and Data Deletion

You may disconnect any connected platform (YouTube, TikTok) at any time:

1. Within Dayvid.ai:Navigate to your Brand settings, select the connected account, and click "Disconnect." This immediately revokes the connection and deletes all stored tokens and platform-specific data from our systems. Note: videos already published to the platform remain on your platform account under your control and are not affected by disconnecting from Dayvid.ai.
2. Through the platform directly:
   • YouTube: Visit Google Security Settings to revoke Dayvid.ai's access. Upon revocation, we will delete all YouTube-related data from our systems.
   • TikTok: Visit your TikTok Connected Apps settings to revoke Dayvid.ai's access. Upon revocation, we will delete all TikTok-related data from our systems.
3. Request complete deletion: Email support@dayvid.ai with the subject "Data Deletion Request" to request the complete deletion of all your data, including your account, uploaded content, rendered videos, and any platform-associated data stored on our servers.

We will process deletion requests within 30 days of receipt.

8.5 Withdraw Consent

Where we rely on your consent to process data, you may withdraw that consent at any time by disconnecting platform accounts, adjusting your cookie preferences, or contacting us. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

8.6 Additional Rights for EEA/UK Residents

If you are located in the European Economic Area or the United Kingdom, you may also:

• Object to or restrict certain processing of your data.
• Lodge a complaint with your local data protection authority.

8.7 Additional Rights for California Residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

• Know what personal information is collected, used, and shared.
• Request deletion of personal information.
• Opt out of the sale of personal information. We do not sell your personal information.
• Non-discrimination for exercising your privacy rights.

9. Cookies and Tracking Technologies

9.1 Current Use

Dayvid.ai currently uses only essential cookies required for the Service to function:

These cookies are strictly necessary and cannot be disabled without impairing the Service.

9.2 Future Use

We may implement additional cookies and tracking technologies in the future for:

• Analytics and performance cookies— to understand how the Service is used and improve user experience.
• Error tracking cookies— to identify and resolve technical issues.

If and when we implement non-essential cookies, we will update this Privacy Policy, implement a cookie consent banner, and provide granular cookie preference controls. We will never use cookies for advertising, retargeting, or selling data to third parties.

10. Children's Privacy

Dayvid.ai is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18.

If we become aware that a user is under 18, we will promptly suspend the account and delete all associated personal data. If you believe a minor has provided us with personal information, please contact us at support@dayvid.ai.

11. International Data Transfers

Our Service is operated from and data is stored in the United States. If you access the Service from outside the United States, your data will be transferred to, stored, and processed in the United States.

We rely on standard contractual clauses and other appropriate safeguards to ensure that international data transfers comply with applicable data protection laws, including the GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify registered users via email.
• Post a prominent notice on the Service.

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

For privacy-specific requests, including data access, correction, deletion, or portability, please email support@dayvid.ai with the subject line "Privacy Request."

We will respond to all privacy-related inquiries within 30 days.