Privacy Policy
Last updated: July 5, 2026
This policy explains what Vidiyo, Inc. ("Vidiyo", "we") collects, how we use it, who we share it with, and the choices you have. It applies to our websites, our web, mobile, and TV apps, and our APIs. Questions: privacy@vidiyo.com.
What we collect
- Account data: email address, display name, a salted hash of your password (never the password itself), and a profile image if you add one.
- Content you create: videos, live streams, captions, channel artwork, schedules, chat messages, and metadata you attach to them.
- Usage data: watch sessions, plays, ad impressions, search queries, device type and identifiers, app version, IP address, approximate location derived from IP, and referrers.
- Payment and payout data: Stripe processes card, bank, identity, and tax information. We receive only references (for example the last 4 digits of a card, payout status, and tax-form completion status), never full card or bank numbers.
- Communications: support requests, appeals, and privacy requests you send us.
- Push tokens: if you enable notifications on mobile, the device token needed to deliver them.
How we use it (and our legal bases)
- To provide the Service (deliver streams, schedule channels, process uploads, run live chat, show your analytics). Legal basis: performance of our contract with you.
- To pay creators and meet tax and accounting obligations. Legal basis: contract and legal obligation.
- To serve ads. Ads are inserted server-side into the stream and frequency-capped. We do not build cross-site behavioural profiles and we do not sell personal data to ad networks. Legal basis: legitimate interest in funding a free service.
- To keep the Service safe (detect view fraud, abuse, and security incidents; enforce our Terms). Legal basis: legitimate interest and legal obligation.
- To communicate with you about your account, payouts, and material changes to the Service. Legal basis: contract. Optional product emails have an unsubscribe link and rely on consent.
We do not use automated decision-making that produces legal or similarly significant effects about you without human review available on appeal.
Who we share it with
We do not sell personal data, and we do not share it for cross-context behavioural advertising. We share data only with:
- Service providers acting on our instructions: Cloudflare (CDN, storage, edge compute), Fly.io (application hosting), Neon (database), Stripe (payments, payouts, identity and tax verification), Postmark (transactional email), Modal (video processing: transcoding, captions, moderation), Expo (mobile push delivery), and Sentry (error monitoring). Each is bound by contract to use data only to provide their service to us.
- Other users: your channel, display name, and published content are visible to viewers by design.
- Legal and safety: when required by law, subpoena, or court order, or when necessary to protect the rights, safety, or property of Vidiyo, our users, or the public. Where lawful, we will notify you before disclosing your data in response to a legal demand.
- Corporate transactions: if Vidiyo is involved in a merger, acquisition, or asset sale, data may transfer as part of that transaction under this policy's protections.
Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to restrict or object to certain processing, and to withdraw consent. We do not discriminate against you for exercising these rights. File a request at /privacy-requests/new or email privacy@vidiyo.com. We verify requests via your account email and respond within the timeline your local law requires (30 days under GDPR, 45 days under the CCPA, extendable once with notice).
- EEA/UK (GDPR): you also have the right to lodge a complaint with your supervisory authority.
- California (CCPA/CPRA): we do not "sell" or "share" personal information as those terms are defined in the CCPA, and we have not done so in the preceding 12 months. Because there is no sale or sharing to opt out of, opt-out preference signals such as Global Privacy Control do not change how we process your data. You may designate an authorised agent to submit requests on your behalf; we will verify the agent's authority and your identity.
Retention
- Account and content data: kept while your account is active. When you delete your account, content is removed from the Service promptly and purged from backups on their rotation cycle.
- Financial and tax records: kept up to 7 years where tax law requires.
- Fraud and security signals: kept up to 24 months after account deletion.
- Raw viewing events: aggregated into anonymous statistics on a rolling basis; raw events are deleted after aggregation.
Security
We protect data with TLS in transit, encryption at rest for stored data, scrypt password hashing, scoped API keys, access controls, and audit logging of sensitive operations. No system is perfectly secure; if a breach affects your personal data we will notify you and regulators as applicable law requires.
Children
Vidiyo is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal data from them. If you believe we have collected data from a child, contact privacy@vidiyo.com and we will delete it.
International transfers
Vidiyo is operated from the United States, and data is processed in the US and in the regions where our service providers operate. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum) with our providers, plus supplementary safeguards.
Changes to this policy
We will post any changes here and update the date above. For material changes we will notify you by email or in-product notice before they take effect.
Contact
Vidiyo, Inc. · privacy@vidiyo.com