Privacy Policy

1. Information We Collect

1.1 Account Information

• Email address: Used for login and communication
• Password: Encrypted with bcrypt (we cannot see your password)
• User role: Creator or Brand
• Display name: Optional profile name

1.2 OAuth Data (Optional)

When you connect your YouTube or TikTok account:

• YouTube: Email, name, profile picture, channel data
• TikTok: Username, profile picture (TikTok does not provide email)
• Access tokens: Securely stored to fetch video performance

1.3 Video Submissions

• Video URLs (YouTube/TikTok links)
• Video titles and descriptions
• Performance metrics (views, likes, comments)

1.4 Payment Information

• Stripe handles all payments - we do NOT store credit card data
• We only store payout history and transaction IDs

2. Cookies & Tracking

2.1 Necessary Cookies (Required)

These cookies are essential for the platform to function:

• Session cookies: Keep you logged in (next-auth.session-token)
• CSRF token: Protect against cross-site request forgery
• Cookie preferences: Remember your cookie choices (vectio_cookie_consent)

These cookies cannot be disabled as they are required for security and functionality.

2.2 Functional Cookies (Optional)

Improve user experience:

• "Remember me": Keep you logged in longer (if enabled)
• Preferences: Remember UI settings

2.3 Analytics Cookies (Not Yet Implemented)

We plan to use Google Analytics to understand how users interact with the platform.

You will be asked for consent before analytics cookies are enabled.

3. How We Use Your Data

• Authentication: Verify your identity and keep you logged in
• Video tracking: Fetch performance data from YouTube/TikTok
• Payments: Calculate earnings and process payouts via Stripe
• Communication: Send important account updates
• Platform improvement: Improve features and usability

4. Data Sharing

We NEVER share your data for marketing purposes. We only share data with:

• YouTube/TikTok APIs: To fetch video performance (with your consent)
• Stripe: To process payments (required)
• Neon Database: Our secure database hosting
• Vercel: Our hosting platform

5. Data Security

• All passwords encrypted with bcrypt
• HTTPS encryption on all connections
• OAuth tokens stored securely in database
• Regular security audits

6. Your Rights (GDPR)

You have the right to:

• Access: See what data we have about you
• Rectification: Update incorrect data
• Erasure: Delete your data ("right to be forgotten")
• Data portability: Get your data in a readable format
• Withdraw consent: Unlink OAuth accounts anytime

To exercise these rights, contact us at privacy@vectio.app

7. Data Retention

• Active accounts: Data stored as long as your account is active
• Inactive accounts: Deleted after 2 years without activity
• Deleted accounts: Data deleted within 30 days
• Legal requirements: Some data may be retained longer due to legal obligations

8. Children Under 16

Vectio.app is not intended for persons under 16 years old. We do not knowingly collect data from children. If you are a parent and discover that your child has provided us with personal information, please contact us.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or a notice on the platform.

10. Contact Us

If you have questions about this privacy policy or your data:

• Email: privacy@vectio.app
• Support: support@vectio.app