Privacy Policy

For account, billing, website, marketing and product-usage data, Nuvid acts as the data controller. For content, customer lists, connected store data, connected advertising data or business assets you upload or connect on behalf of your business, Nuvid normally acts as a processor/service provider and processes that data under your instructions and our Data Processing Addendum.

Privacy contact: privacy@nuvid.ai. Security contact: security@nuvid.ai.

• Account data: name, email, password hash, workspace settings, role and access permissions.
• Business and profile data: company name, website, store URL, billing details, country, language, plan and support history.
• Content and brand inputs: product URLs, product copy, images, logos, videos, creative briefs, prompts, comments and files you submit.
• Connected asset data: store, search, social, ad and video-account metadata from Shopify, WooCommerce, Google, Meta, TikTok, YouTube and similar integrations you choose to connect.
• Generated outputs: generated campaign plans, scripts, market maps, videos, captions, assets and analytics summaries.
• Usage and device data: pages viewed, jobs submitted, credits consumed, events, IP address, browser, device, approximate location, logs and security signals.
• Billing data: payment status, invoices, plan, credit purchases, Stripe customer and checkout identifiers. We do not store full card numbers.
• Communications data: emails, support requests, beta requests, newsletter preferences, unsubscribe status and consent records.

• Provide, secure and maintain the Service.
• Create market maps, briefs, videos, ads, scripts and other outputs you request.
• Authenticate users, manage workspaces, permissions, credits, billing and subscriptions.
• Connect and sync business assets when you authorize an integration.
• Send transactional emails such as account, security, billing, low-credit and service notices.
• Send marketing, newsletters or product updates where allowed by law and your preferences.
• Detect abuse, fraud, security incidents, spam and policy violations.
• Improve reliability, usability and product quality using aggregated, de-identified or limited operational data.
• Comply with legal, tax, accounting, payment, sanctions and regulatory obligations.

Where GDPR applies, we rely on the following legal bases:

• Contract: to create accounts, provide the Service, process payments and deliver requested outputs.
• Legitimate interests: to secure the Service, prevent abuse, improve the product, respond to business inquiries and send limited B2B outreach where lawful and balanced against your rights.
• Consent: for optional cookies, newsletters where consent is required, certain marketing preferences and connected-account permissions.
• Legal obligation: for tax, accounting, sanctions, payment, security and legal compliance.

You may object to legitimate-interest processing or withdraw consent at any time where applicable.

We share personal information only with vendors and subprocessors needed to operate the Service, such as cloud hosting and storage, authentication, AI inference, analytics, email, payments, error monitoring, support, communications and connected integrations you authorize.

Current service categories include Cloudflare infrastructure, Stripe payments, Resend email, OpenAI/Google AI services and platform integrations such as Google, Meta, TikTok, Shopify, WooCommerce and YouTube when you connect them. We do not sell personal information. We do not share personal information for cross-context behavioral advertising unless we provide a separate notice and opt-out where required.

If you connect Shopify, WooCommerce, Google Search Console, Google Business Profile, YouTube, Google Ads, Meta, Facebook Pages, Instagram Business, TikTok or other assets, we process the connected data only to provide the features you request. Access tokens and store credentials are stored server-side and are not exposed to the frontend. You can disconnect integrations from the dashboard where available or contact us.

You are responsible for ensuring that you have the right to connect accounts and submit customer, product, campaign or audience data to Nuvid.

We use strictly necessary cookies for authentication, security and preferences. Optional analytics or measurement technologies are used only where allowed by law and your consent/preferences. You can control cookies through the banner, browser settings and device settings. In native app contexts, Nuvid may disable web tracking that is not needed for app operation.

Marketing emails include a clear sender, truthful subject line and an unsubscribe method. We honor opt-out requests promptly and maintain suppression records so unsubscribed, bounced or complained addresses are not used for future marketing. Transactional emails related to your account, security, billing or requested services may still be sent where necessary.

We keep personal information only as long as needed for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes and enforce agreements. Account data is retained while your account is active. Generated inputs and outputs are retained according to your plan, product settings or deletion requests. Billing, tax, audit and security records may be retained longer where required by law or legitimate business need.

We may process information in the EU, United Kingdom, United States and other countries where we or our subprocessors operate. Where GDPR applies and data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses, transfer assessments or other approved mechanisms.

Depending on where you live, you may have rights to access, correct, delete, export or restrict personal information, object to processing, withdraw consent, opt out of marketing, appeal a decision, or lodge a complaint with a data protection authority.

EU/UK users may exercise GDPR rights including information, access, rectification, erasure, restriction, portability, objection and withdrawal of consent. California and other US state users may request access, deletion, correction, portability and opt-out rights where applicable. We do not discriminate against users for exercising privacy rights.

Submit requests to privacy@nuvid.ai. We may need to verify your identity before completing a request.

Nuvid is a business service and is not intended for children under 16. We do not knowingly collect personal information from children.

We use TLS in transit, access controls, scoped credentials, audit logs where available, separation between platform credentials and client tokens, and operational safeguards. No system is 100% secure. Please report vulnerabilities to security@nuvid.ai.

We may update this Policy as the Service changes. Material changes will be notified by email, dashboard notice or a prominent website notice where appropriate.

Privacy questions: privacy@nuvid.ai.