Privacy Policy

1. Introduction

Pummel Vision ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at pummelvision.ai (the "Service"). This policy is specific to the Pummel Vision application and is hosted on our verified domain.

Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you sign in with Google, we receive your name, email address, and profile picture from your Google account.
• Content: Photos you select from Google Photos for video creation, video titles, and any tags or metadata you add to your videos.
• Communications: Any information you provide when contacting us for support or feedback.

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with our Service, including pages visited, features used, and time spent on the Service.
• Device Information: Browser type, operating system, device type, and IP address.
• Cookies: We use essential cookies to maintain your session and preferences. See Section 7 for more details.

2.3 Information from Third Parties

• Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture from your Google account through Google's OAuth 2.0 authentication system.
• Google Photos API: When you connect Google Photos, we access photos you select via the Google Photos Picker API and receive metadata about those photos including file names, creation dates, and image dimensions. We do not access your entire Google Photos library - only photos you explicitly select.

For detailed information about how we handle Google user data, please see Section 3.5 "Google User Data" below.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Create video montages from your selected photos
• Process and store your created videos
• Authenticate your identity and manage your account
• Send service-related communications
• Respond to your requests and provide customer support
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues or security threats
• Comply with legal obligations

3.5. Google User Data

This section specifically addresses how we access, use, store, and share Google user data obtained through Google OAuth and the Google Photos API. This information is required by Google's User Data Policy for OAuth verification.

3.5.1 What Google User Data We Collect

The Google user data we collect is what you provide when you use our Service and what we receive through Google's APIs when you sign in or connect Google Photos. When you use Google OAuth to sign in or connect Google Photos, we collect the following Google user data:

• Authentication Data: Your name, email address, and profile picture from your Google account (via userinfo.email and userinfo.profile scopes)
• Google Photos Data: Photos you select via the Google Photos Picker API and associated metadata including file names, creation dates, and image dimensions (via photospicker.mediaitems.readonly scope)

3.5.2 How We Use Google User Data

We use your Google user data to provide you with the services you requested, such as video creation from your selected photos, account management, and customer support. Google user data is used exclusively to provide and improve our application's functionality:

• To authenticate your identity and manage your account
• To access and display photos from your Google Photos library for video creation
• To process selected photos into video montages
• To improve the user experience and functionality of our Service
• To provide customer support and respond to your requests

We do NOT use Google user data for targeted advertising, selling to data brokers, providing to information resellers, determining credit-worthiness, lending purposes, user advertisements (personalized, retargeted, or interest-based), creating databases, training AI models, or any other purpose outside of providing or improving our application's functionality.

3.5.3 With Whom We Share Google User Data

We do not sell Google user data. We only share Google user data with third-party service providers that help us operate our Service, and only for the purpose of providing or improving our application's functionality:

• Google Cloud/Google APIs: For authentication and accessing Google Photos (as required by Google's services)
• Supabase: For secure database storage of your account information and authentication tokens
• Video Processing Services: For processing your selected photos into video montages
• Cloud Storage Providers: For storing your created videos and temporarily storing photos during processing

We do NOT transfer Google user data to third parties for purposes other than providing or improving our application's functionality.Specifically, we do not transfer Google user data for targeted advertising, selling to data brokers, providing to information resellers, determining credit-worthiness, lending purposes, or any form of advertising.

3.5.4 How We Protect Google User Data

We implement industry-standard security measures to protect Google user data:

• Encryption: All data in transit is encrypted using TLS/SSL protocols
• Secure Authentication: OAuth 2.0 authentication with secure token storage
• Access Controls: Strict access controls limiting who can access Google user data
• Regular Security Assessments: Ongoing security monitoring and updates
• Secure Storage: Google user data is stored in secure, encrypted databases

While we implement these security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your Google user data to the best of our ability.

3.5.5 Data Retention and Deletion of Google User Data

We retain Google user data as follows:

• Account Information: Retained while your account is active. When you delete your account, we delete your Google authentication data (name, email, profile picture) within 30 days.
• Google Photos: Photos you select are temporarily stored during video creation. We do not permanently store your Google Photos - they remain in your Google Photos account and can be deleted by you at any time through Google Photos.
• Photo Metadata: Retained only as long as necessary to process your videos, typically deleted within 90 days of video creation completion.
• OAuth Tokens: Stored securely to maintain your connection to Google Photos. You can revoke access at any time through your account settings or Google's security settings.

You may request deletion of your Google user data at any time by contacting us at privacy@pummelvision.ai or by deleting your account through your account settings. We will delete your Google user data within 30 days of your request, except where we are required to retain it by law.

3.5.6 Limited Use and AI/ML

We do not use Google user data (including data from Google Photos APIs) to create, train, or improve machine learning or artificial intelligence models. Photos and related data are used only as input to provide the user-facing feature you requested: creating video montages and, when you choose an AI style, applying AI-powered image styling for that video. We do not use your data to train or improve any foundational or generalized AI/ML models. Our use of information received from Google Photos APIs adheres to the Google User Data Policy, including the Limited Use requirements.

4. How We Share Your Information

We do not sell your personal information, including Google user data. We may share your information in the following circumstances:

4.1 Service Providers

We work with third-party service providers to operate our Service. These providers only receive data necessary to provide their services and are contractually obligated to protect your data:

• Google Cloud/Google APIs: For authentication and photo access (as required by Google's OAuth and Photos Picker services)
• Supabase: For secure database storage of your account information, authentication tokens, and application data
• Video Processing Services: For rendering your video montages from selected photos
• Cloud Storage: For storing your created videos and temporarily storing photos during processing

Important: Google user data is only shared with service providers for the purpose of providing or improving our application's functionality. We do not share Google user data with third parties for advertising, data brokering, or any other purpose. For more details, see Section 3.5 "Google User Data" above.

4.2 Public Videos

If you choose to make a video public (default), it will be visible to anyone who visits our explore page or has the video link. Your display name and profile picture may be shown alongside public videos.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including Google user data, against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: All data in transit, including Google user data, is encrypted using TLS/SSL protocols
• Secure Authentication: OAuth 2.0 authentication with secure token storage for Google user data
• Access Controls: Strict access controls limiting who can access your data, including Google user data
• Regular Security Assessments: Ongoing security monitoring, assessments, and updates
• Secure Storage: Google user data and authentication tokens are stored in encrypted databases with restricted access

Security procedures are in place to protect the confidentiality of your data, including Google user data. We use encryption to protect your information in transit and at rest. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

For specific details about how we protect Google user data, please see Section 3.5.4 "How We Protect Google User Data" above.

6. Data Retention

We store your personal information, including Google user data, for a period of time that is consistent with our business purposes of providing and improving our application's functionality. We will retain your personal information for the length of time needed to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law.

• Account Data (including Google user data): Retained while your account is active. When you delete your account, we delete your Google authentication data (name, email, profile picture) within 30 days.
• Created Videos: Stored indefinitely until you delete them or delete your account.
• Source Photos (Google Photos): Photos you select from Google Photos are temporarily stored during video creation. We do not permanently store your Google Photos - they remain in your Google Photos account and can be deleted by you at any time through Google Photos.
• Photo Metadata: Retained only as long as necessary to process your videos, typically deleted within 90 days of video creation completion.
• OAuth Tokens: Stored securely to maintain your connection to Google Photos. You can revoke access at any time through your account settings or Google's security settings.
• Usage Logs: Retained for up to 90 days for analytics and troubleshooting.

When the data retention period expires for a given type of data, we will delete or destroy it. You may request for your data, including Google user data, to be deleted by contacting us at privacy@pummelvision.ai or by deleting your account through your account settings.

For specific details about Google user data retention and deletion, please see Section 3.5.5 "Data Retention and Deletion of Google User Data" above.

7. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for authentication and basic site functionality.
• Analytics Cookies: Help us understand how visitors interact with our Service (can be disabled).

You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features of the Service.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate personal information.
• Deletion: Request deletion of your personal information and account.
• Portability: Request a copy of your data in a portable format.
• Objection: Object to certain processing of your personal information.
• Withdrawal: Withdraw consent where processing is based on consent.

To exercise these rights, please contact us at privacy@pummelvision.ai.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@pummelvision.ai, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

11. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt out of the sale of personal information (we do not sell your data)
• Right to request deletion of personal information
• Right to non-discrimination for exercising your rights

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. If we change how we access, use, store, or share Google user data, we will notify users by updating this policy and the date above. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@pummelvision.ai
• Website: https://pummelvision.ai