Last updated: 05/05/2026
This policy explains how Vortex Studio collects, uses, retains, and protects your personal data in the context of the SaaS platform.
The data controller is Vortex Studio, operated by Brice REVEL (sole trader), SIREN 101 996 700, SIRET 10199670000015, main activity: operation and commercialization of online digital services by subscription (SaaS). Company address available upon request from the publisher.
Depending on your use of the service, we may collect: account data (email, user identifier, authentication information), billing and subscription data, technical content required for generation (prompts, processing metadata), uploaded or generated video files and associated metadata (duration, resolution, model used), automated moderation analysis logs (detection scores, perceptual fingerprints, classification results), and technical security/monitoring logs.
Data is processed to: provide and secure the platform, manage authentication and sessions, execute generation requests, manage subscriptions/payments, provide customer support, automatically analyse content to detect and prevent the distribution of prohibited or illegal material, prevent fraud, and comply with our legal obligations.
Processing relies on: performance of the contract (provision of the SaaS service), legitimate interest (security, improvement, abuse prevention, platform integrity), legal obligation — including the French LCEN Act art. 6-I-5 and the EU Digital Services Act (DSA) for detecting and reporting illegal content, as well as accounting, tax and rights-defence obligations —, and consent where required (e.g. optional trackers).
Data is accessible to authorized Vortex Studio personnel and strictly necessary technical subcontractors (cloud hosting, database/authentication infrastructure, payment providers). Subcontractors act on instructions within an appropriate contractual framework.
Where providers are located outside the EU/EEA, transfers are governed by appropriate safeguards (standard contractual clauses, additional security measures) in accordance with GDPR.
Data is retained for as long as necessary to provide the service and meet associated legal obligations. Account data is retained for the lifetime of the account, then archived/deleted according to applicable legal deadlines (generally 3 to 5 years after closure). Generated video files are retained until explicitly deleted by the user or after 90 days of account inactivity, then permanently deleted. Temporary processing files (intermediate steps) are deleted within 24 hours of generation. Automated moderation analysis logs are retained for 12 months. Administrator access logs to content are retained for 12 months for internal audit purposes. Technical security logs are retained in accordance with applicable legal requirements (generally 1 year for connection data).
Under GDPR, you have the right of access, rectification, erasure, restriction, objection, and, where applicable, data portability. You may also set directives regarding your data after your death.
To exercise your rights, contact: contact@vortexstudio.io. Proof of identity may be requested. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).
Vortex Studio implements reasonable technical and organizational measures to protect your data against unauthorized access, loss, alteration, or disclosure. We continuously adapt our measures according to risks.
We automatically analyse uploaded and generated images and videos in order to detect prohibited, abusive or illegal content. This analysis is performed by automated tools (artificial intelligence, perceptual fingerprinting) and does not involve systematic human review of private content. Human access to content only occurs in the following cases: (a) a report from a user or third party; (b) a suspect score triggered by automated detection systems; (c) a legal obligation or order from a competent authority. Any human access to content by a Vortex Studio team member is logged (date, operator identity, reason). These logs are retained for 12 months and may be disclosed upon a CNIL audit or judicial proceedings. We do not engage in generalised, systematic surveillance of private content outside the situations described above.
The use of cookies and similar technologies is detailed in the Cookie Policy. A consent banner is displayed to collect your preferences when necessary.
This policy may be modified at any time to account for legal, technical, or operational changes. The applicable version is the one published on this page at the time of consultation.
Associated documents:
