Privacy Policy

Effective Date: 2025-07-14

Last Updated: 2025-07-14

1. Introduction

This Privacy Policy describes how FFmpegAPI ("we," "us," or "our") collects, uses, and protects your personal information when you use our media processing API service ("Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy regulations.

2. Information We Collect

2.1 Account Information

  • Personal Identifiers: Name, email address, phone number
  • Account Credentials: Username, encrypted passwords, API keys
  • Payment Information: Billing address, payment method details (processed by third-party payment processors)
  • Business Information: Company name, tax identification numbers (if applicable)

2.2 Usage Data

  • API Usage: Request logs, processing times, resource consumption (GB-seconds)
  • Service Metrics: Error rates, response times, feature usage statistics
  • Device Information: IP address, user agent, browser type, operating system

2.3 Media Content

  • Uploaded Files: Video, audio, image files submitted for processing
  • Metadata: File names, sizes, formats, creation dates, technical specifications
  • Processing Results: Converted files, thumbnails, analysis results

2.4 Communication Data

  • Support Interactions: Email correspondence, chat logs, support tickets
  • Marketing Communications: Newsletter subscriptions, promotional preferences

3. How We Use Your Information

3.1 Service Provision

  • Process media files according to your API requests
  • Authenticate and authorize API access
  • Monitor service performance and usage limits
  • Provide customer support and technical assistance

3.2 Business Operations

  • Process payments and manage subscriptions
  • Maintain accurate billing records
  • Comply with legal and regulatory requirements
  • Prevent fraud and abuse

3.3 Service Improvement

  • Analyze usage patterns to optimize performance
  • Develop new features and capabilities
  • Conduct research and development
  • Generate anonymized analytics and reports

3.4 Communications

  • Send service-related notifications
  • Provide customer support responses
  • Deliver marketing communications (with consent)
  • Share important updates about our service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

  • Contract Performance: Processing necessary to provide the Service
  • Legitimate Interests: Service improvement, security, and fraud prevention
  • Consent: Marketing communications and optional features
  • Legal Obligations: Compliance with applicable laws and regulations

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your information with:

  • Cloud Infrastructure Providers: For hosting and computing resources
  • Payment Processors: For billing and payment processing
  • Analytics Services: For usage analysis and performance monitoring
  • Customer Support Tools: For providing technical assistance

5.2 Legal Requirements

We may disclose your information when required by law, such as:

  • Compliance with court orders or legal process
  • Protection of our rights and property
  • Prevention of fraud or illegal activities
  • National security or public safety requirements

5.3 Business Transfers

In case of merger, acquisition, or asset sale, your information may be transferred to the new entity, subject to the same privacy protections.

6. Data Security

6.1 Technical Safeguards

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Secure Development: Regular security audits and vulnerability assessments

6.2 Organizational Measures

  • Staff Training: Regular privacy and security training for employees
  • Data Minimization: Collect only necessary information
  • Incident Response: Procedures for addressing security breaches
  • Vendor Management: Due diligence for third-party providers

7. Data Retention and Deletion

7.1 Retention Periods

  • Account Information: Retained while account is active plus 7 years for legal compliance
  • Usage Data: Retained for 2 years for service improvement and analytics
  • Media Content: Automatically deleted after processing completion (typically within 24 hours)
  • Support Communications: Retained for 3 years for quality assurance

7.2 Deletion Process

  • Automated Deletion: Media files deleted automatically after processing
  • User-Initiated Deletion: Account deletion removes most personal data within 30 days
  • Legal Hold: Some data may be retained longer for legal or regulatory requirements

8. Your Rights and Choices

8.1 Access and Portability

  • Right to Access: Request copies of your personal data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Account Dashboard: View and manage your account information and usage data

8.2 Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data (subject to legal requirements)
  • Right to Restrict Processing: Limit how we use your personal data

8.3 Communication Preferences

  • Marketing Opt-Out: Unsubscribe from promotional communications
  • Notification Settings: Manage service-related notifications
  • Cookie Preferences: Control cookie usage through browser settings

8.4 California Consumer Privacy Act (CCPA) Rights

California residents have additional rights:

  • Right to Know: Categories of personal information collected and sold
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise

9. International Data Transfers

9.1 Cross-Border Processing

  • Data may be processed in multiple jurisdictions for performance optimization
  • We ensure adequate protection through appropriate safeguards
  • Standard Contractual Clauses (SCCs) used for transfers outside the EEA

9.2 Data Localization

  • Option to specify data processing regions for certain plans
  • Compliance with local data residency requirements where applicable
  • Transparent information about data processing locations

10. Children's Privacy

We do not knowingly collect personal information from children under 13 (or the applicable age in your jurisdiction). If we discover we have collected such information, we will delete it immediately.

11. Cookies and Tracking Technologies

11.1 Types of Cookies

  • Essential Cookies: Required for service functionality
  • Analytics Cookies: Used to understand service usage and performance
  • Preference Cookies: Store user settings and preferences

11.2 Third-Party Tracking

  • We may use third-party analytics and monitoring services
  • These services may use cookies and similar technologies
  • You can control cookie usage through your browser settings

12. Privacy by Design

12.1 Default Settings

  • Privacy-protective settings enabled by default
  • Minimal data collection necessary for service provision
  • Regular privacy impact assessments

12.2 Transparency

  • Clear information about data processing practices
  • Regular updates to privacy policies
  • User-friendly privacy controls and settings

13. Contact Information and Data Protection Officer

For privacy-related questions or to exercise your rights, contact us at:

14. Supervisory Authority

If you are in the EEA and have concerns about our data processing, you may contact your local supervisory authority. A list of supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en (opens in a new tab)

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

  • Email notifications to registered users
  • Prominent notices on our website
  • In-app notifications for mobile users

Your continued use of the Service constitutes acceptance of the updated Privacy Policy.

16. Compliance Framework

16.1 Regulatory Compliance

  • GDPR: European Union General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • LGPD: Lei Geral de Proteção de Dados (Brazil)
  • Other Local Laws: Compliance with applicable regional privacy laws

This Privacy Policy is designed to provide comprehensive information about our data practices while ensuring compliance with international privacy regulations. For specific legal advice regarding your rights, please consult with a qualified attorney.

Questions about this Privacy Policy? Contact us at privacy@ffmpeg-api.com