Privacy Policy

Last updated: February 10, 2026

1. Introduction

Ivy Interactive Video Editor ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use the Ivy Interactive Video Editor ("the Service").

By using the Service, you agree to the collection and use of information as described in this policy.

2. Data Controller

The data controller responsible for your personal data is the operator of Ivy Interactive Video Editor, an individual based in Morocco.

Contact: privacy@ivy-app.com

3. Information We Collect

3.1 Account Information

When you register for an account, we collect:

  • Email address - used for authentication, account recovery, and essential communications
  • Display name - used to personalize your experience within the Service
  • Password - stored securely as a cryptographic hash; we never store or have access to your plaintext password

In the event of a data breach affecting your personal data, we will notify affected users as required by applicable law.

3.2 Content You Create

We store the content you create and upload through the Service, including:

  • Video files and references to external video URLs (YouTube, Vimeo)
  • Images and media assets
  • Interactive elements (text overlays, quizzes, buttons, hotspots)
  • Project data and metadata (titles, descriptions, settings)

This content is stored to provide the Service to you and is not used for any other purpose.

3.3 Usage and Technical Data

We automatically collect certain technical information when you use the Service:

  • Log data - IP address, browser type, operating system, referring URLs, and access timestamps
  • Usage metrics - project count, storage usage, and feature usage for enforcing plan limits

We do not use third-party analytics or tracking services. We do not use cookies for advertising or cross-site tracking.

3.4 Payment Information

Payment processing is handled entirely by Paddle, our Merchant of Record. We do not collect, store, or have access to your credit card numbers, bank account details, or other financial information. Paddle processes your payment data in accordance with their Privacy Policy.

We receive from Paddle only the information necessary to manage your subscription: transaction identifiers, subscription status, plan tier, and billing period dates.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service - storing and processing your content, authenticating your identity, managing your projects
  • Account management - managing your subscription, enforcing plan limits, processing account changes
  • Essential communications - sending account-related emails such as password resets, email verification, and critical service notices
  • Security - detecting and preventing unauthorized access, abuse, or fraud
  • Service improvement - diagnosing technical issues and improving reliability

We do not sell your personal information. We do not use your data for advertising or profiling. We do not use your content to train machine learning models.

Legal Basis for Processing

We process your data based on:

  • Contract performance — to provide the Service you requested
  • Legitimate interest — to maintain security, prevent abuse, and improve reliability
  • Legal obligation — where required by law

5. How We Store and Protect Your Data

5.1 Infrastructure

Your data is stored using the following services:

  • Supabase - hosts your account data, project data, and metadata using PostgreSQL databases with row-level security policies
  • Cloudflare R2 - stores uploaded media assets (videos, images) with encryption at rest
  • Cloudflare Workers - serves the application and API with edge computing for low-latency access

5.2 Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all data transfers
  • Encryption at rest for stored data and media assets
  • Secure password hashing using industry-standard algorithms
  • Row-level security policies ensuring users can only access their own data
  • Session-based authentication with secure, HTTP-only cookies

5.3 Data Retention

We retain your data for as long as your account is active. When you delete a project, it is retained for 30 days (to allow restoration) before permanent deletion. When you delete your account, all associated data — including projects, assets, and profile information — is permanently deleted.

6. Third-Party Services

We share your information with third parties only as necessary to provide the Service:

Provider Purpose Data Shared
Supabase Authentication and database Account data, project data
Cloudflare Application hosting and asset storage Uploaded media, request logs
Paddle Payment processing (Merchant of Record) Email, billing details (collected directly by Paddle)

These providers act as data processors and process data only on our behalf and under our instructions. We do not share your data with any other third parties, except when required by law or to protect our legal rights.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access - request a copy of the personal data we hold about you
  • Correction - update or correct inaccurate personal data through your account settings
  • Deletion - delete your account and all associated data through your account settings
  • Export - export your projects using the built-in export feature
  • Objection - object to certain processing of your personal data
  • Restriction - request that we limit the processing of your personal data

To exercise any of these rights, you can use your account settings or contact us at privacy@ivy-app.com.

8. Cookies

We use only essential cookies required for the Service to function:

  • Authentication cookies - secure, HTTP-only session cookies that keep you signed in. These are strictly necessary and do not require consent.

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

9. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete the information promptly.

10. International Data Transfers

Your data may be processed in countries outside your own, including the United States and the European Union, where our infrastructure providers operate. We ensure that any such transfers comply with applicable data protection laws through appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

We may disclose personal data if required by law, legal process, or to protect the rights, safety, and security of the Service or its users.

12. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

privacy@ivy-app.com