Privacy Policy

Last updated: June 8, 2026

1. Data Controller

The data controller responsible for your personal data under the General Data Protection Regulation (GDPR) is:

2. What Data We Process

Depending on how you use our service, we may process the following categories of data:

  • Account and identity data: email address, authentication credentials, profile information
  • Subscription and billing data: subscription status, plan tier, and payment metadata processed by Whop (we do not store full payment card details)
  • API usage data: request logs, task IDs, endpoint usage, rate-limit counters, and error records
  • Media processing data: public URLs you submit for processing (e.g. video_url, photo_url), processed output files stored temporarily in our cloud storage, and associated task metadata
  • Technical data: IP address, browser type, device information, and timestamps collected for security and service operation
  • Communications: messages you send to us when contacting support

We process personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)): to create and manage your account, provide the FFmpeg API, process media tasks, deliver results, and administer your subscription
  • Legitimate interests (Art. 6(1)(f)): to secure our platform, prevent fraud and abuse, monitor API performance, and improve service reliability, balanced against your rights and freedoms
  • Legal obligation (Art. 6(1)(c)): to comply with applicable tax, accounting, and regulatory requirements
  • Consent (Art. 6(1)(a)): where required for optional activities such as non-essential cookies, analytics, or marketing communications; you may withdraw consent at any time

4. Media Processing and Storage

Free browser-based tools (MP4 to MP3, Audio Converter, and Video to GIF) process media entirely in your browser using FFmpeg compiled to WebAssembly. Your files never leave your device; nothing is uploaded to our servers during these conversions.

For the REST API and MCP server, processing is performed on our servers. When you submit a processing request via the API, you provide public URLs to source media. Our remote FFmpeg service downloads, processes, and returns results.

Completed output files may be stored temporarily in Supabase Storage (task-results bucket) so you can download them via the dashboard or API. Processed files are automatically deleted after 7 days. You may also delete files manually at any time through the dashboard or API.

We do not permanently archive your media unless required by law or explicitly agreed otherwise.

5. Data Retention

We retain personal data only as long as necessary for the purposes described above:

Data categoryRetention period
Account dataWhile your account is active, plus any legally required period after closure
Processed media files7 days (automatic deletion), or until you delete them
API and security logsUp to 12 months, then deleted
Billing recordsAs required by applicable tax and accounting law

6. Third-Party Processors

We use trusted third-party service providers (data processors) to operate our platform. They process data on our behalf under contractual safeguards:

  • Netlify: Website hosting and content delivery, Privacy policy
  • Supabase: Authentication, database, file storage, and edge functions, Privacy policy
  • Whop: Subscription billing and payment processing (current provider for new subscriptions), Privacy policy
  • Stripe: Former payment processor. All subscriptions have been migrated to Whop; Stripe no longer processes new transactions but may retain historical transaction records as required by financial and tax law., Privacy policy
  • Google (Analytics 4 / Tag Manager): Aggregate usage analytics and tag management, loaded only with your prior consent via the cookie banner, Privacy policy
  • FFmpeg processing service: Server-side video and audio processing (hosted on Coolify infrastructure)

We do not sell your personal data. We do not use third-party advertising networks at this time.

7. International Data Transfers

Some of our processors may store or process data outside the European Economic Area (EEA), including in the United States. Where such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

You may request further information about transfer safeguards by contacting us at info@droidapps.one.

8. Your Rights as a Data Subject

Under the GDPR, you have the following rights regarding your personal data (subject to applicable conditions and exceptions):

  • Right of access (Art. 15): request a copy of your personal data
  • Right to rectification (Art. 16): correct inaccurate or incomplete data
  • Right to erasure (Art. 17): request deletion of your data in certain circumstances
  • Right to restriction (Art. 18): limit how we use your data in certain circumstances
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format where applicable
  • Right to object (Art. 21): object to processing based on legitimate interests
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing

To exercise your rights, contact us at info@droidapps.one. We will respond within the timeframes required by applicable law (generally one month under the GDPR).

You also have the right to lodge a complaint with a supervisory authority. In Slovenia, the competent authority is the Information Commissioner of the Republic of Slovenia (IP RS).

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication, access controls, and regular security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Cookies

We use essential cookies to maintain your authentication session. Analytics (Google Analytics 4) and marketing (Google Tag Manager) cookies and scripts are used only with your prior consent via our cookie banner. You can change your choices anytime using Manage cookies in the site footer. For full details, see our Cookie Policy.

11. Children's Privacy

Our service is not directed at children under 15. Users under 15 require a parent or guardian's consent; users 15 and older may consent themselves. We do not knowingly collect personal data from children under 15 without verifiable parental or guardian consent. If you believe we have collected data from a child without appropriate consent, please contact us and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. Where required by law, we will provide additional notice.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at info@droidapps.one.