Privacy Policy

1. Information We Collect

We collect information that you provide directly, information generated through your use of the Services, and limited information automatically collected by technical means.

1.1 Information You Provide

• Account Information: Name, email address, username, password, organization name, role, and authentication credentials.
• Billing and Transaction Information: Payment method details, billing address, invoices, and transaction history (processed through third-party payment processors; we do not store full payment card numbers).
• Communications: Information you provide when contacting us for support, onboarding, feedback, surveys, or sales inquiries.
• User-Generated Metadata: Labels, tags, notes, comments, timestamps, scene/take data, and other organizational metadata you create within the Services.

1.2 Media and Content Data

• Uploaded Media: Video, audio, image, and project files you upload or ingest into the Services.
• Derived Data: Proxies, waveforms, thumbnails, transcripts, embeddings, classifications, face clusters, sync maps, and other outputs generated from your media.

CoCreate does not claim ownership over your media or content. All rights remain with you or your licensors.

1.3 Automatically Collected Information

• Device and Usage Data: IP address, operating system, hardware identifiers, application version, feature usage, logs, crash reports, performance metrics, and timestamps.
• Session and Analytics Data: Interaction events, session duration, and navigation patterns (often collected via privacy-respecting analytics tools).

2. How We Use Information

• Service Provision: To operate, maintain, and improve the Services, including ingest, sync, analysis, proxy generation, collaboration, and exports.
• AI and Automation: To perform automated analysis strictly for the purpose of delivering requested functionality (e.g., synchronization, metadata extraction, organization). AI processing is scoped to your projects and configurations.
• Account Management: To create and manage accounts, authenticate users (including OAuth-based authentication), and provide customer support.
• Billing and Transactions: To process payments, manage subscriptions, and maintain financial records.
• Product Improvement: To monitor performance, debug issues, improve reliability, and develop new features using aggregated and de-identified usage data.
• Security and Compliance: To detect fraud, abuse, or security incidents and to comply with legal obligations.
• Communications: To send service-related notices, updates, and administrative messages.

Google User Data: If you authenticate or connect through Google services (e.g., Google OAuth), we access and use Google user data only to provide and improve the core functionality of the Services, in accordance with Google API Services User Data Policy. We do not sell Google user data, use it for advertising, or transfer it to third parties except as necessary to provide the Services or comply with law.

We do not use your uploaded media or Google user data to train generalized or third-party AI models without your explicit consent.

3. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area or the United Kingdom, we process personal data under the following legal bases:

• Performance of a contract
• Legitimate interests (e.g., security, product improvement)
• Compliance with legal obligations
• Consent, where required

4. Data Storage and Security

4.1 Storage Model

CoCreate is designed with a local-first and privacy-conscious architecture. Depending on your configuration:

• Media files may be stored locally on your devices or infrastructure.
• Cloud services may store encrypted copies of media, proxies, or metadata to enable collaboration, backups, and access across devices.

4.2 Security Measures

We implement industry-standard administrative, technical, and physical safeguards, including:

• Encryption in transit and at rest
• Access controls and least-privilege permissions
• Checksum-verified transfers
• Monitoring and logging

No system is completely secure; however, we take reasonable steps to protect your data.

5. Sharing and Disclosure of Information

We do not sell personal data. We may share information only as follows:

• Service Providers: Trusted vendors who assist with hosting, analytics, customer support, payments, and infrastructure, under contractual confidentiality obligations.
• Collaborators: Other users within your organization or projects, as directed by your permissions and settings.
• Legal Requirements: When required by law, regulation, subpoena, or court order.
• Business Transfers: In connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

6. Data Retention

We retain personal data only as long as necessary to:

• Provide the Services
• Comply with legal, accounting, or reporting obligations
• Resolve disputes and enforce agreements

Media and project data are retained according to your account settings or until you delete them, subject to backup and recovery periods.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access, correct, or delete personal data
• Object to or restrict processing
• Request data portability
• Withdraw consent

Requests can be submitted by contacting us at support@cocreate.so.

8. Third-Party Services and Integrations

The Services may integrate with third-party platforms (e.g., editing software, cloud storage providers). Your use of those services is governed by their respective privacy policies.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by other appropriate means. Continued use of the Services constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: support@cocreate.so