VLSTUDIO ← Back to site
// Legal

Privacy
Policy

Last updated: July 1, 2026  ·  Effective: July 1, 2026
// TL;DR: video editing in the desktop app runs locally by default. Some features (AI chat, AI Visuals, cloud captions, Review) send data off your device, and we say exactly which ones below. We don't sell your personal data.

Contents

1. Who We Are

2. What We Collect

3. How We Use Your Data

4. Local Processing, AI Features & Your Footage

5. Authentication & Sign-In

6. Social-Platform Connections

7. Anti-Fraud Processing

8. Marketplace & Payments

9. Community Features

10. Tokens & Rewards

11. Jobs Board

12. Telemetry, Crash Reports & Diagnostics

13. Cookies & Local Storage

14. Sub-Processors & International Transfers

15. Data Retention

16. Your Rights

17. Children's Privacy

18. Changes to This Policy

19. Contact

1. Who We Are

VLStudio is a two-product creator suite: VLStudio Desktop (a video editing application) and VLStudio Web at vlstudio.live (analytics, community, marketplace, jobs board, and token economy). A desktop login and a web login are the same account, sharing one subscription and one entitlement record.

The controller responsible for your personal data is Vladyslav Zhminko, operating as VLStudio, Carrer de Valencia 191, 6.1, 08011, Barcelona, Spain. Contact details are in Section 19.

We use Supabase as our backend provider for authentication, database storage, file storage, and real-time features, shared across both products.

2. What We Collect

2.1 Account Data

When you create an account, we collect:

If you sign in with Google OAuth, Google gives us your name, email address, and profile picture. We do not receive or store your Google password.

2.2 Usage Data

2.3 Community Content

Content you choose to publish, community posts, comments, marketplace listings, job postings, and job applications, is stored on our servers and, depending on the feature, may be visible to other users or the public. See Section 9 and Section 11 for the specifics of who can see what.

2.4 Newsletter

If you subscribe to our newsletter, we store your email address to send product updates. See our Email & Marketing Consent Notice for how to unsubscribe and the current state of that mechanism, and our Cookie & Tracking Notice for browser storage generally.

3. How We Use Your Data

We do not sell, rent, or trade your personal data to third parties for advertising purposes.

4. Local Processing, AI Features & Your Footage

Timeline editing, rendering, and export in VLStudio Desktop run locally on your machine. Your raw video and audio files are not uploaded as part of ordinary editing. That said, several optional features do send data off your device, listed below in full. We do not describe VLStudio as a fully local product, because for these features it is not.

Project metadata (names, durations, collaborator lists) may sync to our database to power collaboration and the web portal. The features below are the exceptions to local-only processing:

All AI features above are gated behind the VLS-PRO subscription and only run when you actively use them.

5. Authentication & Sign-In

Authentication is handled by Supabase Auth. Your session token is stored in your browser's local storage (web) and used to authenticate your requests. A PKCE state value is stored temporarily in session storage during sign-in.

When you use Google Sign-In, you are also subject to Google's Privacy Policy. We receive only the minimum data required to create or link your account.

Password reset links are sent by email and expire after 24 hours.

6. Social-Platform Connections

VLStudio Web's analytics dashboard can connect to your YouTube, TikTok, and Instagram accounts. If you connect a platform:

Disconnecting a platform in your account settings removes it from your dashboard. Today, YouTube's disconnect does not yet delete the stored token server-side, and TikTok and Instagram do not yet have a dedicated disconnect/revoke flow; we are working to close this gap, and until then you can also revoke VLStudio's access directly from each platform's own account settings. Full detail, including the platforms' own required disclosures, is in our Social-Platform Data-Use Disclosure.

7. Anti-Fraud Processing

To limit abuse of the VLS-PRO free trial, we process:

This processing is based on our legitimate interest in preventing abuse of a paid feature. If our systems detect a card already tied to a prior trial, the new trial is automatically cancelled. This is an automated decision under GDPR Article 22; you can contact us (Section 19) to ask a human to review it.

8. Marketplace & Payments

The VLStudio Marketplace lets users list and browse digital products (presets, templates, plugins). We store cart contents, order history, seller listings, and reviews you submit.

Marketplace checkout is currently simulated. The checkout form collects a card number, CVV, expiry, and billing address, but no payment is actually charged, no gateway is contacted, and the order is marked "paid" regardless. No asset file is delivered on completion. See our Marketplace Terms of Use for the full disclosure. Do not enter real card details you would not want handled by an unfinished checkout flow; we are working to either fully wire this up to a real payment processor or remove the card-entry step until it is.

The VLS-PRO subscription and Power Token purchases, unlike the marketplace, are real charges processed by Stripe. VLStudio does not store your full card number; Stripe's handling of your payment data is governed by Stripe's own privacy policy.

9. Community Features

Community posts, comments, upvotes, and content reports are stored and linked to your account. Public posts are visible to all registered users, and the follower graph and your profile (including your email address) are currently readable by any authenticated user, and in some cases by anonymous visitors. Posts inside groups marked "private" are, today, also world-readable at the database level despite the "private" label. We are correcting this; until we do, treat any post, group membership, or profile field as potentially visible beyond its stated audience. You can delete your own posts and comments at any time.

10. Tokens & Rewards

VLStudio's reward system (Creator Points/XP, Power Tokens, achievements) logs every transaction against your account to calculate balances, display your activity feed, and prevent fraud. See our Virtual Currency & Tokens Terms for how tokens work.

11. Jobs Board

If you post a job listing or apply to one:

12. Telemetry, Crash Reports & Diagnostics

VLStudio Desktop uses Sentry for crash and error reporting, hosted in Sentry's EU region. Sentry is on by default in every packaged build; there is currently no in-app setting to turn it off, despite what earlier versions of this page said. Sentry receives stack traces, breadcrumbs, and, because file paths on your machine are sometimes included in error data, your operating-system username may be captured as part of a file path. We do not currently scrub this before it is sent. We are adding a real opt-out and reducing what is captured; until then, this is disclosed here rather than described as anonymized.

Separately, the desktop app keeps a local crash log on your own machine, appended to each time the app encounters an unhandled error. This file stays on your device and is not automatically uploaded, but it is not automatically cleared either.

An auto-update check happens periodically as an unauthenticated request to our update server; this request necessarily exposes your IP address and user agent to that server, the same as any web request would.

13. Cookies & Local Storage

The web portal uses browser local storage and session storage rather than traditional cookies for your authentication token and sign-in state, and loads Google Fonts and Stripe.js from their respective domains on every page, including this one. That is a cross-origin data transfer to Google and Stripe every time these pages load. We do not currently run third-party advertising trackers. Full detail and your choices are in our dedicated Cookie & Tracking Notice.

14. Sub-Processors & International Transfers

We share data with the following categories of service providers, each acting under our instructions:

ProviderRoleRegion
SupabaseAuth, database, storage, edge functions, realtimeUS-hosted cloud
StripeSubscription and token paymentsUS
GoogleOAuth sign-in, Gemini AI, YouTube Data API, Fonts, SearchUS
GroqAI chat and speech-to-textUS
RenderHosts our AI backendUS
Hugging FaceCaption model downloadUS / CDN
SentryCrash and error telemetryEU
Meta / InstagramAnalytics APIUS
TikTokLogin and analytics APIUS / global
Jamendo, PixabayIn-app music librariesEU
Microsoft Azure Trusted SigningWindows code signingUS

Where a provider processes personal data outside the EU/UK, that transfer relies on that provider's Standard Contractual Clauses or, where applicable, the EU-US Data Privacy Framework. We are in the process of formalizing Article 28 data processing agreements with each processor above; our internal sub-processor register and DPA tracker is maintained alongside this policy and is available on request.

15. Data Retention

16. Your Rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data, object to or restrict certain processing, and withdraw consent where processing relies on it. To exercise any of these rights, contact us at [[CONTACT_EMAIL_PRIVACY]] (interim: vlstudiopartners@hotmail.com). We aim to respond within 30 days. See Section 15 for the current, honest state of how completely we can act on a deletion request today.

17. Children's Privacy

Our age requirements and how we handle under-18 users are set out in one place, our Minimum-Age & Children's Policy, so the rules stay consistent with our Terms of Service. If you believe a child has provided us personal information in a way that policy does not permit, contact us and we will address it.

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make a material change, we update the "Last updated" date above and, where appropriate, notify registered users. See our Terms Versioning Policy for how we capture your acceptance of updates. Continued use of the Service after a change takes effect is acceptance of the updated policy, except where law requires fresh consent.

19. Contact

For privacy questions, data requests, or to report a concern: