Privacy Policy

Effective Date: June 26, 2025

1. Information We Collect

When you or someone accessing your video uses our service, we collect limited information primarily for security, service improvement, and analytics. We do not store full IP addresses for long-term tracking. Instead, we implement a two-stage data processing approach:

Pseudonymized Unique Identifiers (Short-Term Retention)

For a period of up to 30 days, we generate and store a unique hash based on the accessing device's truncated IP address (first three octets for IPv4, equivalent for IPv6), user agent (e.g., browser type), and the month and year of access. This hash is also salted using a secret key. This pseudonymized identifier helps us track unique views, analyze short-term viewing patterns, and detect anomalous access for immediate security purposes. This data is considered personal data under applicable privacy laws.

Aggregated and Anonymized Data (Long-Term Retention)

After 30 days, these individual pseudonymized unique identifiers are permanently deleted. The data is then transformed into aggregated and anonymized statistics (e.g., total views per video per month, total views from a specific region). This aggregated data no longer relates to any identifiable individual and is therefore not considered personal data.

Server Access Logs

Our web servers automatically record certain technical information for a short period (typically 30-60 days) for security analysis and performance monitoring. This information may include IP addresses, browser types, operating systems, referring URLs, and timestamps. Access to these logs is strictly limited to authorized IT personnel.

2. How We Use Your Information

We use the collected information for the following purposes:

For Short-Term Operational Needs (up to 30 days)

The pseudonymized unique identifiers allow us to:

  • Track unique video views during a recent period.
  • Analyze recent viewing patterns to inform immediate service improvements.
  • Detect and respond to anomalous access patterns or potential security threats.

For Long-Term Analytics and Service Improvement (Anonymized Data)

The aggregated and anonymized data allows us to:

  • Understand long-term trends in video viewership.
  • Analyze overall content popularity and service performance without identifying individual users.
  • Generate statistical reports for business planning.

For Security and Performance Monitoring (Server Logs)

Our short-term server logs help us maintain the security, stability, and performance of our services.

3. How We Store and Protect Your Information

We take the security and privacy of your information seriously, implementing a robust data retention and anonymization strategy:

Pseudonymization & Short-Term Retention

Individual pseudonymized unique identifiers are held for a maximum of 30 days. They are generated using strong hashing algorithms, truncated IP addresses, user agents, and a monthly/yearly component, along with a secret salt securely stored in Doppler Secured Secrets. This process significantly reduces the risk of re-identification.

Automated Anonymization

After 30 days, the individual pseudonymized identifiers are automatically and permanently deleted from our systems. Only aggregated and anonymized data is retained for long-term analysis.

Limited Access

Access to our systems and the data we collect (including pseudonymized identifiers and server logs) is strictly controlled and limited to authorized personnel only, based on the principle of least privilege, enforced with secure passwords and IP restrictions.

Security Measures

We implement various security measures, including strong password policies, IP restrictions for administrative access, and regular security practices to protect against unauthorized access, disclosure, alteration, or destruction of your information.

Data Retention Summary:

  • Pseudonymized Unique Identifiers: Maximum 30 days.
  • Server Access Logs: Maximum 30-60 days.
  • Aggregated and Anonymized Data: Retained for as long as necessary for statistical and business analysis, as it no longer constitutes personal data.

5. Your Rights (For EU and California Residents)

If you are a resident of the European Union (under GDPR) or California (under CCPA), you have certain rights regarding your personal data. While the pseudonymized data we collect is retained for a limited period, we are committed to helping you exercise these rights:

Right to Access, Rectification, Erasure, Objection, and Data Portability

During the 30-day retention period of your pseudonymized unique identifier, you have the right to request access to, rectification of, or erasure of this data, or to object to its processing. Please note that due to the pseudonymized nature of the data and our limited retention period, fulfilling such requests may require you to provide additional identifying information (e.g., your original IP address and approximate time of access during the 30-day window) to help us locate and verify your data. After 30 days, as your individual data is anonymized, these rights no longer directly apply to the aggregated data, as it is no longer personal data.