Remotion Privacy & Security Policy

Last Updated: February 9th, 2025

Remotion (“we,” “us,” or “our”) is committed to protecting the privacy and security of the personal data we collect, process, and store. This Privacy & Security Policy (“Policy”) describes how we collect, use, share, secure, and manage personal data. It also outlines our security practices to help ensure the confidentiality, integrity, and availability of the data we handle.

1. Scope

This Policy applies to all personal data collected, used, or processed by Remotion in relation to our services, products, websites, and any related offerings (collectively, the “Services”). It also covers how we protect and secure both personal and non-personal data within our organization.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, email address, phone number, IP address, etc.).
  • Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction.
  • Data Subject: The individual whose personal data is being processed.

3. Data Collection

3.1 Information You Provide to Us

We may collect personal data that you voluntarily provide when you:

  1. Register for an account.
  2. Contact us via email or other channels.
  3. Participate in surveys or research.
  4. Sign up for newsletters or marketing communications.
  5. Use our Services in any other manner.

The types of personal data we collect can include:

  • Contact Information: Name, email address, phone number.
  • Account Credentials: Username and password (stored securely).
  • Billing Information: Credit card details, billing addresses, and transaction records (collected and processed by our third-party payment processors).
  • Other Voluntary Information: Any additional data you choose to share.

3.2 Information Collected Automatically

When you use our Services, we automatically collect certain technical information, including:

  • Device Information: Hardware model, operating system, browser type.
  • Log Data: IP address, timestamp of access, pages viewed, and referring URLs.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to remember user preferences and authenticate user sessions. You may disable cookies through your browser settings; however, some features of our Services may not function properly without them.

3.3 Information from Third Parties

We may also receive personal data from third parties such as:

  • Analytics providers (e.g., Google Analytics).
  • Payment processors.
  • Publicly available sources.

4. Lawful Basis for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA) or the UK, we only process your personal data when we have a lawful basis to do so, including:

  • Consent: You have given clear consent to process your data for specific purposes.
  • Contract: Processing is necessary for the performance of a contract to which you are a party.
  • Legal Obligation: We need to comply with a legal or regulatory obligation.
  • Legitimate Interests: Processing is necessary for our legitimate interests (or those of a third party), provided these are not overridden by your rights and interests.

5. Use of Personal Data

We use the collected personal data for the following purposes:

  1. Service Provision: To provide, maintain, and improve our Services.
  2. Account Management: To create and manage user accounts.
  3. Customer Support: To respond to inquiries, technical issues, or other requests.
  4. Marketing and Communications: To send you updates, newsletters, or promotional materials, in accordance with your communication preferences.
  5. Analytics and Research: To monitor and analyze usage, trends, and user behaviors for product development and service improvement.
  6. Compliance and Enforcement: To comply with applicable laws, protect our rights, and enforce our agreements.

6. Data Sharing and Disclosure

We do not sell or rent personal data to third parties. We may share personal data in the following scenarios:

  1. Service Providers: With trusted third-party vendors and partners who assist us in providing our Services (e.g., payment processing, data hosting, analytics). These third parties are contractually obligated to safeguard personal data and only process it in accordance with our instructions.
  2. Legal Obligations: To comply with any applicable law, regulation, legal process, or governmental request.
  3. Business Transfers: In connection with mergers, acquisitions, reorganizations, or the sale of all or a portion of our assets, personal data may be transferred as part of the transaction. We will notify you of any change in ownership or use of your personal data.
  4. Consent: If you have expressly consented to such disclosure.

7. International Data Transfers

If we transfer personal data from the EEA/UK/Switzerland to a country that has not been deemed by the European Commission to have an adequate level of data protection, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) to protect personal data. We comply with applicable local data protection laws for all cross-border data transfers.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Once the retention period has expired, we will either securely delete or anonymize the data.

9. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  1. Access Controls
    • Role-based access management, granting data access only to authorized personnel who require it for their job functions.
    • Unique user IDs and strong password requirements.
  2. Encryption
    • Encryption of data in transit (e.g., via HTTPS/TLS).
    • Encryption of data at rest where feasible (e.g., using AES-256).
  3. Network Security
    • Firewalls, intrusion detection systems, and regular security assessments.
    • Segmented network architecture to minimize lateral movement in case of breaches.
  4. Physical Security
    • Secure office premises with restricted access (badges, keys, or access codes).
    • Secure data centers (provided by reputable hosting providers).
  5. Endpoint Security
    • Anti-malware and antivirus software on all company devices.
    • Mandatory device encryption and strong password policies.
  6. Vendor Management
    • Due diligence when selecting service providers.
    • Contracts ensuring vendors adhere to at least equivalent security standards.
  7. Incident Response & Breach Notification
    • A documented incident response plan outlining steps for detection, containment, eradication, and recovery.
    • Timely notification of affected individuals and relevant authorities, where required by law.

10. Your Rights and Choices

10.1 GDPR/EEA/UK Residents

If you are in the EEA, UK, or a jurisdiction with similar data protection laws, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Request corrections to any inaccurate or incomplete personal data.
  • Erasure: Request the deletion of your personal data in certain circumstances.
  • Restriction: Request to limit the processing of your personal data in certain circumstances.
  • Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
  • Objection: Object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at the details provided in the Contact Us section below.

10.2 California Residents (CCPA)

If you are a California resident, you may have the right to:

  • Know: Request information about the categories and specific pieces of personal data we have collected about you.
  • Delete: Request that we delete personal data about you that we have collected, subject to certain exceptions.
  • Opt-Out: Opt out of the sale of your personal data (though we do not sell personal data).
  • Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of these rights.

To exercise any of these rights, please contact us at the details provided below.

11. Children’s Privacy

Our Services are not directed at individuals under the age of 16 (or such other age as required by local law). We do not knowingly collect or solicit personal data from children. If you believe that a child under the applicable age has provided us with personal data, please contact us so that we can take appropriate action.

12. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal obligations, or other factors. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this Policy periodically to stay informed about our data protection practices.

13. Contact Us

If you have questions or concerns about this Policy or wish to exercise your data protection rights, please contact us using the following details: info[@]remotion[.]io