Privacy Policy

Last updated: 28 January 2026

MyStdio Platform (we, us or our) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our video production client portal platform.

This policy applies to users in all jurisdictions including the United States, Canada, European Union, United Kingdom, and Australia. Specific rights for users in certain regions are detailed in the "Your Rights by Region" section below.

Information We Collect

We collect the following categories of personal information:

  • Identity Information: Name, job title, company name, and user profile details.
  • Contact Information: Email address, phone number, and business address.
  • Account Information: Username, password (encrypted), account preferences, and authentication data.
  • Transaction Information: Project history, quotes, invoices, payment records, and service details.
  • Project Content: Project briefs, video feedback, comments, approvals, and uploaded materials (logos, footage, brand assets).
  • Technical Information: IP address, browser type, device information, operating system, and access timestamps.
  • Usage Information: Pages visited, features used, search queries, and interaction patterns within the platform.
  • Communication Data: Messages, feedback, support requests, and notification preferences.

How We Collect Information

  • Directly from you: When you create an account, submit projects, provide feedback, or contact support.
  • Automatically: Through cookies, analytics tools, and similar technologies when you use our platform (with your consent where required).
  • From your organization: When a company administrator adds you to their tenant account.
  • From third parties: Payment processors, video hosting platforms (Bunny.net), and identity verification services.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services under our agreement with you or your organization.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our platform, preventing fraud, and ensuring security.
  • Consent: Processing based on your explicit consent, such as for marketing communications and optional analytics cookies.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

How We Use Your Information

  • Provide, maintain, and improve our platform and services
  • Process transactions and send related information
  • Manage your account and provide customer support
  • Enable video review, feedback, and approval workflows
  • Send administrative notifications and service updates
  • Send marketing communications (with your consent where required; you may opt out at any time)
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

AI and Machine Learning

We use artificial intelligence to enhance certain features of our platform:

  • AI Brief Assistant: We use Google Gemini AI to help you generate and refine project briefs. When you use this feature, your project information and prompts are sent to Google's AI service for processing.

AI Data Handling: AI-processed content is used only to generate responses and is not stored permanently by the AI service. Your conversations with the AI assistant are not used to train AI models. You can opt out of AI features at any time through your project settings.

Video Playback Analytics

Our video hosting provider (Bunny Stream) collects playback analytics to enable video review features and optimize performance. This includes:

  • Watch duration and completion rates
  • Seek positions and playback quality settings
  • Buffering events and playback errors
  • Device type and browser information

This data helps us provide features like viewing progress tracking and video performance optimization. Analytics data is processed in accordance with Bunny.net's privacy policy.

How We Share Your Information

We may share your information with:

  • Your Organization: Other users within your company or tenant account as permitted by your organization's settings.
  • Service Providers: Third parties who perform services on our behalf, including:
    • Cloud hosting (Supabase, Bunny.net)
    • Video hosting (Bunny Stream)
    • Email services (Resend)
    • Payment processing
    • Analytics (Google Analytics, with consent)
  • Legal Requirements: When required by law, court order, or government request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.
  • With Your Consent: When you direct us to share information with third parties.

We Do Not Sell Your Personal Information. We have not sold personal information in the preceding 12 months and do not sell personal information.

International Data Transfers

Our primary servers are located in Australia. Your personal information may be transferred to, and processed in, countries other than your country of residence, including:

  • Australia (primary data storage)
  • United States (cloud service providers, video hosting)
  • European Union (certain infrastructure services)

When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, and compliance with applicable data protection frameworks.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account Data: For the duration of your account plus 2 years after closure for legitimate business purposes.
  • Project Data: For the duration of your account or as agreed with your organization.
  • Transaction Records: 7 years for tax and legal compliance.
  • Analytics Data: 26 months (aggregated/anonymized data may be retained longer).

Your Rights by Region

European Union, UK & Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten") in certain circumstances.
  • Restrict Processing: Request that we limit how we use your data.
  • Data Portability: Receive your data in a structured, machine-readable format or have it transferred to another controller.
  • Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Lodge a Complaint: File a complaint with your local data protection authority.

California, USA (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.
  • Delete: Request deletion of your personal information, subject to certain exceptions.
  • Opt-Out of Sale: We do not sell personal information, so this right does not apply.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Correct: Request correction of inaccurate personal information.
  • Limit Use of Sensitive Information: Request limits on processing of sensitive personal information (we do not collect sensitive personal information as defined by CCPA).

Canada (PIPEDA)

If you are in Canada, you have the right to:

  • Access: Request access to your personal information held by us.
  • Correction: Request correction of inaccurate information.
  • Withdraw Consent: Withdraw consent to the collection, use, or disclosure of your information, subject to legal or contractual restrictions.
  • Complain: File a complaint with the Privacy Commissioner of Canada if you believe we have violated your privacy rights.

Australia (Privacy Act 1988)

If you are in Australia, you have rights under the Australian Privacy Principles including:

  • Access to your personal information
  • Correction of inaccurate information
  • Complaints to us or to the Office of the Australian Information Commissioner (OAIC)

New Zealand (Privacy Act 2020)

If you are in New Zealand, you have rights under the Privacy Act 2020 and the 13 Information Privacy Principles (IPPs), including:

  • Access: Request access to your personal information (IPP 6).
  • Correction: Request correction of inaccurate personal information (IPP 7).
  • Deletion: Request deletion of your personal information where it is no longer required for the purpose it was collected.
  • Purpose Limitation: Your information will only be used for the purpose for which it was collected (IPP 10).
  • Complaints: File a complaint with us or with the Office of the Privacy Commissioner (OPC) if you believe your privacy rights have been breached.

You can contact the Office of the Privacy Commissioner at www.privacy.org.nz.

Exercising Your Rights

To exercise any of your privacy rights, please contact us using the details below. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver targeted advertising (with your consent). Categories include:

  • Essential Cookies: Required for platform functionality and security.
  • Functional Cookies: Remember your preferences and enable enhanced features.
  • Analytics Cookies: Help us understand how you use our platform (Google Analytics).
  • Marketing Cookies: Used for advertising purposes (Google Ads, Meta Pixel).

You can manage your cookie preferences at any time through our Cookie Settings or your browser settings. For more information, see our Cookie Policy.

Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, secure authentication, regular security audits, and access controls. However, no method of transmission over the Internet is 100% secure.

Children's Privacy

Our platform is intended for business use and is not directed to individuals under 16 years of age (or 13 in jurisdictions where permitted). We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email notification.

Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us:

MyStdio Platform
Privacy Team
Email: privacy@mystdio.com

For users in the European Union, you may also contact your local data protection authority if you have concerns about how we handle your personal data.