Privacy Policy
Plain-English version: we collect what we need to make video for you, run our business, and stay compliant. We use trusted tools (Google Workspace, HubSpot, Stripe, Vimeo, Frame.io, Cal.com). We do not sell your data. Your project content is not used to train AI models. You have the right to ask what we hold and have it deleted. Detail below.
Contents
- Who we are
- What we collect
- How we use your information
- Legal bases (GDPR)
- Sharing with third parties
- International data transfers
- Data retention
- Raw footage and project file handling
- AI usage and your data
- Your rights
- Cookies and tracking
- Security
- Breach notification
- Automated decision-making and profiling
- Children's privacy
- Changes to this policy
- Contact
1. Who we are
VideoRep is a presenter-led video production studio operated by The Video Experience Co Pty Ltd, an Australian company registered in New South Wales. For the purposes of the Australian Privacy Act 1988, the EU and UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), The Video Experience Co Pty Ltd is the data controller of personal information collected through videorep.co and our client engagements.
2. What we collect
We collect different categories of information depending on how you interact with us.
If you visit videorep.co
- Standard server logs (IP address, browser type, pages visited, referring URL, timestamps)
- Cookie and tracking information (see Cookies below)
- Analytics events via Google Analytics 4 (anonymised IP, page views, events)
If you book a discovery call or contact us
- Name, email, company, role, country
- What you tell us about your project, audience, offer, and goals
- Calendar metadata (the call you booked, scheduling history) via Cal.com
- Email correspondence
If you become a client
- Billing information (legal entity name, billing address, tax ID, payment method via Stripe or Upwork)
- Contract and Statement of Work content
- Project content you provide (scripts, brand assets, footage you supply, customer footage with releases, brand guidelines)
- On-camera content recorded as part of Coach + Capture engagements (your face, voice, and recorded sessions)
- Communications across email, Slack, project management tools, and recorded calls (Otter or Fathom transcripts) where applicable
If we receive your information from a referrer or partner
- Information shared by mutual contacts, agency partners, or referral sources, with your reasonable expectation that the introduction was wanted
3. How we use your information
We use the information we collect to:
- Deliver the Services we have agreed to perform under a Statement of Work
- Communicate about projects, scope, billing, and operations
- Process payments and maintain financial records as required by law
- Improve our services and the videorep.co experience (analytics, content performance review)
- Send service-related notifications (delivery alerts, scheduling, contract updates)
- Send marketing communications where you have opted in or where we have a lawful basis to send them under your jurisdiction's rules
- Comply with legal obligations (tax, recordkeeping, regulatory requests)
- Defend our legal rights and enforce our Terms of Service
We do not sell personal information. We do not provide your project content to AI model training datasets.
4. Legal bases (GDPR)
If you are in the European Economic Area or the United Kingdom, our lawful bases for processing your personal data are:
- Contract: processing necessary to deliver the Services you engaged us for
- Legitimate interest: running the business, communicating with prospective clients, security, basic analytics, defending legal claims
- Consent: marketing emails (where consent is required), non-essential cookies, on-camera Coach + Capture recordings, and any case-study publication featuring you
- Legal obligation: tax, accounting, and regulatory recordkeeping
5. Sharing with third parties
We use a small set of trusted vendors to operate the business. Each vendor processes only what they need for their function and is bound by their own privacy commitments.
| Vendor | Purpose | Data shared |
|---|---|---|
| Google Workspace (Gmail, Drive, Calendar, Sheets, Docs) | Email, document storage, scheduling, internal workflow | Communications, project files, contact information |
| HubSpot | CRM, contact records, deal tracking | Contact, company, deal stage, communication history |
| Stripe | Payment processing | Billing details, payment metadata |
| Upwork | Contract and milestone billing for Upwork-sourced engagements | Project scope, payment metadata |
| Vimeo | Video hosting and delivery | Video deliverables, viewer analytics where you embed our videos on your site |
| Frame.io | Review and approval of video cuts | Project-specific video files, your review comments |
| Cal.com | Discovery and strategy call scheduling | Name, email, calendar metadata for scheduled calls |
| Otter, Fathom | Meeting transcription (where you consent at the start of a call) | Audio of recorded calls, transcripts |
| Smartlead, ScaledMail, HeyReach | Outbound email and LinkedIn outreach infrastructure (prospect-facing only, not used for client communications) | Prospect contact information from public sources |
| Google Analytics 4 | Site analytics | Anonymised page-view events |
| Vercel | Site hosting | Server-log information |
We may also share information when legally required (court orders, regulatory requests, law enforcement) or to protect our rights, property, or safety.
If we are involved in a merger, acquisition, asset sale, or insolvency, your personal information may transfer to the relevant party, subject to the same privacy commitments described here. You will be notified by email of any such transfer.
6. International data transfers
VideoRep is based in Australia. Several of our trusted vendors are based in the United States or process data globally. By engaging us, you understand and consent to your information being transferred to and processed in the United States, the European Economic Area, the United Kingdom, and Australia, depending on the vendor.
For transfers from the EEA or UK to jurisdictions without an adequacy decision, we and our vendors rely on Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, and appropriate organisational and technical safeguards.
7. Data retention
We retain personal information for as long as we need it for the purposes described in this policy, or as long as required by law.
| Category | Retention period |
|---|---|
| Active client project files (scripts, briefs, communications) | For the life of the engagement plus 24 months |
| Final video Deliverables | Indefinitely (so we can re-supply if you lose copies); you can request deletion at any time |
| Raw camera footage (VideoRep presenter on camera) | 90 days after final delivery, then deleted. Not provided to clients except under custom legacy SOWs. |
| Raw camera footage (client on camera) | Delivered to the client on request. Our internal copy is retained for 90 days for re-supply if needed, then deleted. |
| Billing and tax records | 7 years (Australian tax law minimum) |
| Marketing list contacts (you opted in) | Until you unsubscribe or 24 months of inactivity (no opens, clicks, or replies) |
| Prospect outbound list (cold outreach) | 36 months from last interaction, sooner on request |
| Recorded call transcripts | 36 months unless you ask us to delete sooner |
| Site analytics | 14 months (Google Analytics 4 default) |
You can request deletion of your personal information at any time, subject to our retention obligations under tax and accounting law.
8. Raw footage and project file handling
Raw camera files contain biometric information about presenters and clients. We treat them with extra care.
- Stored on encrypted Australian and US-based cloud infrastructure (Google Workspace, Frame.io)
- Access restricted to active project team members
- Universal no-AI-replication rule. Raw camera files, deliverables, and project content are never provided to AI model training datasets, voice cloning systems, deepfake or synthetic-presenter pipelines, or any third-party use that would replicate the on-camera face or voice. This applies to every engagement, on every offer, regardless of who is on camera.
- Not sold, shared, or sublicensed without explicit client written consent
- Internal retention is 90 days from final delivery (see retention table above), then deleted
- If you are the on-camera face on a Coach-style engagement, you receive your own raw files; our internal copy is held for 90 days for re-supply, then deleted
- We will pursue takedown of any synthetic content derived from VideoRep deliverables without written permission
9. AI usage and your data
We use AI inside the production pipeline (editing acceleration, transcription, captioning, basic motion graphics). When AI is involved in processing your project content, the following rules apply:
- We use AI tools whose terms prohibit using customer content for model training (or with that setting explicitly enabled)
- We do not provide your raw camera footage, project files, or finished Deliverables to public AI model training datasets
- We do not consent to third-party AI training on our presenters' likenesses, and we will pursue takedown of any synthetic content derived from our deliverables without permission
- If your organisation requires an AI-free production workflow (regulated industry, public sector, NDA-bound work), tell us before we sign the SOW and we will accommodate where feasible
- Voice cloning, deepfake generation, AI-avatar replacement of presenters, and synthetic-presenter delivery are not part of any VideoRep engagement
10. Your rights
Depending on your jurisdiction, you have rights to:
- Access: request a copy of the personal information we hold about you
- Correction: ask us to fix incomplete or inaccurate information
- Deletion: request that we delete your personal information, subject to legal retention obligations
- Portability: receive your personal information in a structured, machine-readable format (GDPR, CCPA)
- Restriction or objection: ask us to stop or limit certain processing (GDPR)
- Withdraw consent: for processing based on consent, withdraw consent at any time without affecting prior lawful processing
- Opt out of sale: we do not sell personal information; however, California residents may exercise the right to opt out under the CCPA
- Lodge a complaint: with the Office of the Australian Information Commissioner (OAIC), or your local data protection authority in the EEA or UK
To exercise any of these rights, email hello@videorep.co. We will respond within thirty days, or sooner if your jurisdiction requires it.
11. Cookies and tracking
videorep.co uses a small set of cookies and tracking technologies:
- Strictly necessary cookies: session management, security, cookie-consent state. Always on.
- Analytics cookies: Google Analytics 4 with anonymised IP. Used to understand site usage and improve content.
- Marketing cookies: HubSpot tracking script for visitor identification when you become a known contact.
- Embedded media cookies: Vimeo and Cal.com embeds may set their own cookies governed by their respective privacy policies.
The cookie banner on videorep.co provides notice that cookies are in use. We are working toward a granular per-category consent platform. In the meantime, you can opt out of analytics and marketing cookies by adjusting your browser settings or emailing us at hello@videorep.co. If you are visiting from the European Economic Area or the United Kingdom and require explicit pre-consent before non-essential cookies are set, contact us before browsing further and we will accommodate the request manually.
12. Security
We use industry-standard security measures appropriate to the sensitivity of the information we handle. These include encrypted transit (HTTPS), encrypted storage (Google Workspace, Frame.io, Stripe), access controls limited to active project team members, two-factor authentication on all administrative accounts, and regular review of vendor security posture.
No system is perfectly secure. If you suspect your information has been compromised, contact us immediately at hello@videorep.co.
13. Breach notification
If a notifiable data breach occurs that is likely to cause serious harm, we will notify affected individuals and the relevant regulator (OAIC for Australia, supervisory authorities in the EEA, UK ICO, others as applicable) within the time frames required by your jurisdiction.
14. Automated decision-making and profiling
VideoRep does not use automated decision-making or profiling that produces legal or similarly significant effects on individuals. Routine automated processes (Google Analytics, HubSpot lead scoring for our internal prioritisation, Smartlead campaign automation) involve no consequential decisions about you. If we ever introduce such processing, we will update this policy and obtain consent where required by your jurisdiction.
15. Children's privacy
VideoRep is a B2B service. We do not knowingly collect personal information from children under sixteen. If you believe a child has provided personal information to us, contact us at hello@videorep.co and we will delete it.
16. Changes to this policy
We may update this Privacy Policy from time to time. Material changes (changes to data sharing, retention, or your rights) will be notified to active clients by email at least thirty days before they take effect. The "Last updated" date at the top of this page reflects the latest revision. Continued use of videorep.co or our Services after the effective date of an updated policy constitutes acceptance.
17. Contact
Privacy questions, rights requests, or complaints? Email hello@videorep.co.
Postal contact: The Video Experience Co Pty Ltd, attention Privacy Officer, 1/299 Elizabeth Street, Sydney NSW 2000, Australia.
Australian regulator: Office of the Australian Information Commissioner, www.oaic.gov.au.
EEA / UK clients: you may also lodge a complaint with your local supervisory authority. UK Information Commissioner's Office: ico.org.uk.