Privacy Policy

1. Introduction

VDO Technologies Pty Ltd (“VDO,” “we,” “our,” or “us”) operates VDO Platform, a real-time collaboration platform for professional post-production, colour, streaming, and related workflows. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our websites, APIs, and client applications that link to this policy.

We are an Australian company. If you use the Service from outside Australia, your information may be processed in Australia and in other countries where we or our service providers operate (see International data transfers below).

By using the Service, you acknowledge this Privacy Policy. If you do not agree, do not use the Service.

2. Information we collect

2.1 Personal information

We may collect:

• Account information: name, email address, password (stored using secure hashing), organisation or team name where applicable, and profile details you choose to provide.
• Payment information: billing details and payment method information processed by our payment provider (we do not store full card numbers on our own servers).
• Team and organisation data: membership, roles, invitations, and identifiers needed for collaboration features.
• Communications: messages you send to support, feedback forms, and service-related email.

2.2 Usage and technical data

We automatically collect information such as:

• Device and connection data: IP address, browser type and version, operating system, app version, and device identifiers where applicable.
• Service usage: features used, session and room identifiers, participation metadata, approximate timing and duration of sessions, and similar operational data.
• Performance and diagnostics: connection quality metrics, error reports, and logs needed to operate and secure the Service.

2.3 Real-time audio, video, and control data

VDO Platform is built for real-time collaboration (for example streaming, review, editorial sessions, and remote desktop-style control where enabled). To deliver these features, audio, video, and related data may be processed in real time through our systems and through infrastructure operated by our subprocessors (for example real-time media servers and relays).

The Service is not marketed as a long-term cloud storage or file delivery product for uploaded media libraries. Unless a specific feature explicitly records or stores content and we describe that feature to you, we do not intend to retain your real-time media as a personal archive. We may still retain metadata (such as session identifiers, timing, quality metrics, and security logs) as described in this policy.

3. How we use your information

We use personal information to:

• Provide, operate, maintain, and secure the Service
• Create and manage accounts, teams, and billing
• Communicate about the Service, including transactional messages and (where permitted) product updates
• Monitor performance, troubleshoot issues, and improve reliability
• Detect, investigate, and help prevent fraud, abuse, and security incidents
• Comply with law and enforce our terms

4. Sharing and disclosure

We do not sell your personal information. We may disclose information in these situations:

• Service providers: vendors that host infrastructure, process payments, send email, provide analytics, or supply real-time media infrastructure, subject to appropriate contractual protections.
• Collaboration: other participants in a session may see profile or presence information as needed for the feature (for example display name).
• Legal and safety: where required by law, regulation, legal process, or to protect rights, safety, and security.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to safeguards.

5. Data security

We implement technical and organisational measures appropriate to the nature of the Service. These may include:

• TLS encryption for data in transit between clients and our web/API surfaces
• Industry-standard protections for real-time media (for example WebRTC-style encrypted transport where applicable); media may traverse relays or media servers when direct peer connectivity is not possible, which means sessions are not “end-to-end encrypted” in the narrow sense that no intermediary ever handles packets
• Access controls, authentication, monitoring, and secure configuration management
• Encryption at rest for certain stored data where appropriate

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

6. Data retention

We retain personal information for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce our agreements. Retention periods depend on the data type (for example account records, billing records, security logs, and backups). Operational logs and security records may be retained for a limited period consistent with incident response and compliance needs.

7. Your rights and organisation accounts

Depending on your location, you may have rights to access, correct, delete, or export personal information, and to object to or restrict certain processing. To exercise rights, contact [email protected]. We may need to verify your request.

If you use VDO Platformthrough an organisation (for example a studio), your organisation may control certain aspects of your account and may process personal information independently. Where that applies, you may also need to contact your organisation’s administrator. Enterprise customers may request a data processing addendum by contacting [email protected].

8. Cookies and analytics

We use essential cookies for authentication and session management where required for the Service to function.

For website analytics we use Plausible Analytics(EU-hosted, privacy-oriented analytics). Plausible does not use cookies for analytics in the way many ad networks do; see Plausible’s documentation for details. We do not use Google Analytics or Facebook Pixel on the marketing site described in our deployment configuration.

9. Subprocessors and infrastructure

We rely on categories of providers that may process personal information in order to operate the Service, including:

• Cloud hosting and infrastructure (for example compute and networking providers)
• Real-time media infrastructure (for example WebRTC/LiveKit-compatible signalling and media paths)
• Payment processing (for example our payment provider at checkout)
• Transactional email delivery (for example account and billing messages)
• Privacy-oriented web analytics (Plausible)

Specific vendors may change over time; we will update this policy or provide a subprocessors page as our practices evolve.

10. Third-party services

The Service may link to or integrate with third-party sites and services that have their own privacy policies. We are not responsible for those practices.

11. International data transfers

We may process and store information in Australia and other countries. Where we transfer personal information across borders, we take steps designed to comply with applicable law (which may include contractual safeguards depending on your jurisdiction).

12. Children

The Service is intended for professional users and is not directed at children. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us and we will take appropriate steps. If you are in the EEA, UK, or other regions with a higher minimum age for certain services, you must meet those requirements.

13. United States state privacy notices

No sale of personal information. We do not sell your personal information for money. Certain US state laws may give residents additional rights (for example access, deletion, correction, and opt-out of certain sharing). If you are a US resident and wish to exercise privacy rights, contact [email protected]. We may verify your request as permitted by law.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the “Last updated” date. Where changes are material, we will provide additional notice as appropriate (for example by email or in-product notice).

15. Contact us

Questions about this Privacy Policy or our privacy practices: [email protected]. General support: [email protected].

Related: Terms of Service · Refund Policy