Legal
Privacy
Policy
Last updated: 27 March 2026 · Applies to vydra.studio
Overview
Vydra Studio (“Vydra”, “we”, “us”) is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, why we collect it, and how we handle it.
By using Vydra Studio at vydra.studio, you agree to the practices described in this policy.
Information we collect
We collect the minimum amount of information required to operate the service.
- Account information: When you sign in with Google, we receive your name, email address, and profile picture from Google. We store your name and email to identify your account.
- Session data: We set a secure, HTTP-only session cookie to keep you signed in across visits. This cookie contains a session identifier only — no personal data is embedded in it.
- Uploaded media: Files you upload (video, audio, images) are stored on our servers to provide the editing and rendering service. These files are associated with your account.
- Usage metadata: We track upload and render quota consumption per billing period to enforce plan limits. This data is associated with your account.
- IP address and user agent: Recorded when sessions are created for security and rate-limiting purposes.
What we do not collect
- We do not store payment card numbers or banking details. All payment processing is handled by Stripe — see their privacy policy.
- We do not sell, rent, or share your personal information with third parties for marketing purposes.
- We do not use tracking pixels or third-party advertising tags on the application.
How we use your information
- To authenticate you and maintain your session.
- To store and process your project files and media for the editing service.
- To enforce plan limits and track quota usage.
- To manage your subscription via Stripe if you upgrade to a paid plan.
- To send essential service communications (e.g., billing receipts sent by Stripe).
Third-party services
Vydra uses a small number of third-party services to operate:
- Google OAuth: Used for sign-in. When you sign in with Google, your name, email, and profile picture are shared with Vydra. Google's privacy policy governs how Google handles your data during authentication.
- Stripe: Used for subscription payments. If you subscribe to a paid plan, you interact with Stripe's payment forms directly. Vydra does not see your card details. Stripe's privacy policy applies to payment data.
Vydra does not pass your personal data to any other third parties without your explicit consent, except as required by law.
Cookies
Vydra uses one first-party session cookie (vydra_session) to maintain your authenticated session. This cookie is:
- HTTP-only — not accessible to JavaScript on the page.
- Secure in production — transmitted over HTTPS only.
- Session-scoped — expires after a fixed inactivity period.
We also set a transient guest session cookie (vydra_guest) for unauthenticated users. This cookie holds a temporary session identifier and is removed when you sign in. We do not use tracking or analytics cookies.
Data retention
- Uploaded media files are retained while your account is active and you remain within plan storage limits. Files may be purged after an inactivity period as described in our Terms of Service.
- Guest session data (projects and media created before signing in) may be deleted without notice after the guest session expires.
- Render output files are automatically deleted after 24 hours following render completion.
- When you delete your account, your personal information and associated media are removed from our live systems. Backups may retain copies for a limited period in line with standard backup rotation.
Security
Vydra transmits all data over HTTPS. Session cookies are HTTP-only and have the Secure flag set in production. Access to your data on our servers is restricted to the application process running on the dedicated host. We do not share database or server access with third parties.
While we take reasonable steps to protect your data, no internet-connected system is completely immune to risk. We encourage you to use a strong, unique password for your Google account.
Your rights
Under the Australian Privacy Principles, you have the right to:
- Request access to the personal information we hold about you.
- Request correction of inaccurate or incomplete information.
- Request deletion of your account and associated data.
To exercise any of these rights, contact us at support@vydra.studio. We will respond within a reasonable timeframe.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be noted by an updated date at the top of this page. Continued use of Vydra Studio after changes are posted constitutes your acceptance of the updated policy.