Back to varosity.ai

Legal

Privacy Policy

Effective April 24, 2026

Starter template. This document was drafted from common SaaS patterns and has notbeen reviewed by counsel. Review with a lawyer before relying on it for live transactions, disputes, or regulatory compliance. Flag any clauses that don't match how Varosity actually operates.

Varosity Inc.(“Varosity,” “we,” “our”) operates the Varosity service at varosity.ai and related surfaces. This Policy explains what personal information we collect, how we use it, who we share it with, and your rights over it.

1. Information we collect

Information you provide directly

  • Account data: your email address, display name, and any avatar image you upload when you create an account.
  • Provider credentials (BYOK): the third-party API keys you choose to store with us (Google, Replicate, Runway, ElevenLabs, etc.). These are encrypted at rest with AES-256-GCM and only decrypted in-memory when making a request to the corresponding provider on your behalf.
  • Content you submit: prompts, reference images, audio uploads, project titles, and any other material you add to your storyboard.
  • Generated outputs: videos, audio tracks, and thumbnails produced by third-party providers at your request.
  • Payment information: when you purchase credits, Stripe collects your card details directly. We receive a Stripe customer ID, billing email, amount, and transaction outcome from Stripe, but we do not receive or store your full card number, CVC, or bank account details.

Information collected automatically

  • Usage and logs: IP address, user agent, requested routes, referrer, and timestamps for operating the Service, diagnosing errors, and preventing abuse.
  • Cookies and local storage: a session cookie from our authentication provider (Supabase) that keeps you signed in. We do not use advertising cookies.

2. How we use information

  • To provide, operate, secure, and improve the Service;
  • To authenticate your account and route requests to the third-party provider you select;
  • To process payments, apply credits, send receipts, handle refunds, and prevent fraud;
  • To respond to support requests and send transactional email;
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use your prompts or generated outputs to train our own models.

3. Who we share information with

We share personal information only with:

  • Third-party AI providersyou select to generate media (Google, Replicate, Runway, ElevenLabs, fal.ai, Anthropic, and others). Your prompts and any uploaded reference materials are transmitted to the selected provider. Each provider's privacy policy governs their processing.
  • Infrastructure providers that host the Service: Vercel (application hosting), Supabase (database, auth, file storage), and Stripe (payments). These vendors are contractually bound to process data on our instructions only.
  • Law enforcement or other parties when required by law, subpoena, or valid legal process, or to protect the rights, property, or safety of Varosity, our users, or the public.
  • A successor entity in the event of a merger, acquisition, or sale of assets, subject to customary confidentiality protections.

4. Data retention

  • Account data is retained for the life of your account plus up to 30 days after deletion (for backup and audit purposes).
  • Project content (prompts, uploads, generated media) is retained until you delete the project or your account.
  • Billing records are retained for at least seven (7) years to meet tax and accounting obligations.
  • Log data is retained for up to 90 days unless required longer for security investigation.

5. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate personal information;
  • Delete your personal information (subject to retention obligations above);
  • Export your project content in a machine-readable format;
  • Withdraw consent or object to certain processing (where processing is based on consent);
  • Lodge a complaint with a supervisory authority (in the EU/UK, your national data-protection authority; in California, the California Attorney General).

To exercise any of these rights, email jon.kludt@varosity.com. We will verify your identity before acting on the request and respond within the timeframes required by applicable law.

6. California residents (CCPA/CPRA)

In the past 12 months, we have collected the categories of personal information described in Section 1, for the purposes described in Section 2, and shared them with the service providers described in Section 3. We do not sell personal information and do not share it for cross-context behavioral advertising. California residents have the rights listed in Section 5 and the right not to be discriminated against for exercising them.

7. International transfers

Varosity is operated from the United States and our infrastructure providers may process data in the U.S. and other jurisdictions. If you are located outside the U.S., you understand that your information will be transferred to and processed in the U.S.

8. Security

We use industry-standard safeguards including TLS 1.2+ in transit, AES-256-GCM encryption of BYOK credentials at rest, role-based access control, and the principle of least privilege. No method of transmission or storage is perfectly secure; we cannot guarantee absolute security.

9. Children

The Service is not directed to children under 18 and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy. Material changes will be announced on the Service or by email at least 14 days before they take effect.

11. Contact

Questions or requests regarding this Policy:
Varosity Inc.
12682 Footman Ln, Poway, CA 92064
jon.kludt@varosity.com