Privacy Policy

Last updated: January 2, 2026

1. Introduction

VidiLex ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our video knowledge platform and related services (the "Service").

We operate in compliance with the General Data Protection Regulation (GDPR) and other applicable European data protection laws. This policy applies to all users of VidiLex, regardless of their location.

2. Data Controller

The data controller responsible for your personal data is:

VidiLex

Berlin, Germany
Email: privacy@vidilex.com

3. Types of Personal Data We Collect

3.1 Account and User Information

  • Name and email address
  • Organization name (if applicable)
  • Role and permissions within workspaces
  • Authentication credentials (hashed and encrypted)
  • Account creation date and last login information

3.2 Content Data

  • Video files and associated metadata you upload
  • Transcripts generated from your videos
  • Chapters, summaries, and annotations
  • Search queries and chat interactions
  • Workspace and folder structures

3.3 Technical Data

  • IP addresses and device information
  • Browser type and version
  • Usage logs and access patterns
  • Processing logs for audit purposes

3.4 Communication Data

  • Support requests and correspondence
  • Feedback and survey responses
  • Marketing preferences (if applicable)

4. How We Use Your Personal Data

We process your personal data for the following purposes:

4.1 Service Provision

  • To provide, maintain, and improve the VidiLex platform
  • To process video content and generate transcripts, chapters, and summaries
  • To enable search functionality and AI-powered question answering
  • To manage workspaces, user access, and permissions
  • To ensure data isolation between accounts and workspaces

4.2 AI Processing

VidiLex uses AI services for transcription and knowledge retrieval. You can choose between:

  • EU Infrastructure: EU-based transcription endpoints and EU-hosted LLMs (e.g., Mistral)
  • US Infrastructure: US-based transcription endpoints and US-hosted LLMs (e.g., Gemini)

Regardless of your AI infrastructure choice, all customer data is stored in European data centers. We maintain a zero-day data retention policy with all third-party AI providers, meaning your data is not stored by AI providers after processing.

4.3 Legal Basis for Processing

We process your personal data based on:

  • Contract performance: To fulfill our service agreement with you
  • Legitimate interests: To ensure platform security, prevent fraud, and improve our services
  • Legal obligations: To comply with applicable laws and regulations
  • Consent: Where you have provided explicit consent (e.g., for marketing communications)

5. Data Storage and Location

All customer data, including video files, transcripts, and user information, is stored in European data centers located within the European Union. This applies regardless of your chosen AI infrastructure (EU or US).

We do not transfer your personal data outside the European Economic Area (EEA) for storage purposes. When AI processing occurs via US-based endpoints, data is transmitted temporarily for processing only, subject to our zero-day retention policy.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:

6.1 AI Service Providers

We use third-party AI providers for transcription and knowledge retrieval. These providers process your data under strict contractual agreements that include:

  • Zero-day data retention requirements
  • Prohibition on using your data for model training
  • GDPR-compliant data processing obligations
  • Data deletion guarantees

6.2 Infrastructure Providers

We use European cloud infrastructure providers for hosting and storage. These providers operate under EU data protection standards and act as data processors under our instructions.

6.3 Legal Requirements

We may disclose personal data if required by law, court order, or regulatory authority, or to protect our rights, property, or safety.

7. Data Security

We implement technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms and access controls
  • Complete data isolation between accounts and workspaces
  • Role-based access control and permissions
  • Regular security assessments and monitoring
  • Processing logs and audit trails

8. Your Data Subject Rights (GDPR)

Under GDPR and European data protection laws, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you, including in machine-readable format.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data, subject to legal retention requirements.

Right to Restrict Processing (Article 18)

You can request limitation of how we process your personal data.

Right to Data Portability (Article 20)

You can request your personal data in a structured, commonly used, and machine-readable format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at privacy@vidilex.com. We will respond to your request within one month.

9. Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfill our legal obligations:

  • Account data: Retained while your account is active and for up to 30 days after account deletion
  • Content data: Retained until you delete it or request account deletion
  • Processing logs: Retained for up to 12 months for security and audit purposes
  • Legal requirements: Some data may be retained longer if required by law

When you delete content or close your account, we permanently delete your data from our systems, including backups, within 30 days.

10. Use of Customer Data for AI Training

We do not use your customer data to train AI models. This is a fundamental commitment:

  • Your video content, transcripts, and user interactions are never used for model training
  • Third-party AI providers are contractually prohibited from using your data for training
  • All AI processing is performed solely to provide the Service to you

11. Cookies and Tracking

We use essential cookies and similar technologies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Ensure platform security

We do not use tracking cookies or third-party analytics that share data with external parties. We may use anonymized, aggregated usage data to improve our services.

12. Children's Privacy

VidiLex is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our platform. The "Last updated" date at the top indicates when this policy was last revised.

14. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your data subject rights, please contact us:

VidiLex Privacy Team

Email: privacy@vidilex.com

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority. For users in Germany, this is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).