Privacy Policy

textbased.video is a Premiere Pro extension and companion desktop app that helps editors and journalists hand off video projects via the sender's own Google Drive. This policy describes what data we collect, why, and the choices you have over it.

1. Who we are

textbased.video is operated under the registered Australian business name text based video. For any privacy question or request, email support@textbased.video.

2. What we collect

Account & licence data

• Your email address and name (used to issue and identify your licence key).
• A one-way hardware fingerprint hash of the machine you activate on (a SHA-256 of your volume serial, hostname, and Windows user SID — we never see the underlying values, only the hash). This enforces your per-licence machine limit.
• Last-seen timestamps from periodic activation heartbeats.

Invitation records (sender side)

• For each project you send, we keep a small record containing: the invitation code, the recipient's email address, your return-path public key (used by the recipient to encrypt their edit when they're done), redemption state, timestamps, and a revoked-at marker if the invitation has been cancelled. We do not store project video, audio, transcripts, file names, folder IDs, Drive URLs, or project titles — those stay in your own Google Drive.
• Encrypted return files. When a recipient finishes editing and clicks “Job finished”, the desktop app encrypts the edited XML and the recipient's typed note on the recipient's machine using a public key that lives only on the sender's (editor's) machine. We accept and store the resulting encrypted blob in our infrastructure. textbased.video does not have the decryption key. We cannot read the edit XML or the note. A small notification record lives alongside the ciphertext so the editor's textbased.video panel can show pending returns and let the editor pick the right one to import. That record contains: your project code, an opaque return identifier, a sequential return number, timestamps, the encryption algorithm version, and a small amount of cleartext metadata captured at upload time — the recipient-chosen edit name (e.g. “Edit 1” or whatever the recipient renamed the tab to), the cut count, and the sequence runtime in seconds. We do not store the filename, the edit XML content, or the note text — those remain encrypted end-to-end. If even the cleartext metadata above is more than your project allows, the desktop app's Export XML button (next to Job finished) bypasses our infrastructure entirely on the return path and saves the edited XML directly to the recipient's downloads folder.

Where your project link lives

• textbased.video does not store anything about your project's media on our servers — not the URL, not the file name, not the file size, not the project's structure. The encrypted location of your project, the key to decrypt it, and your editor's return-path public key all travel inside the invitation email itself. Our servers see this information momentarily while the email is being sent, then drop it from memory. The email service that delivers the invitation (currently Resend) holds the email body for up to 30 days. Beyond that window, no path inside our infrastructure leads to your project files.
• When the recipient opens your project for the first time, the invitation code is permanently marked as redeemed and the Drive sharing link is automatically revoked from your Drive. After that point, the original email link no longer reaches the project files — even for someone who later finds the email. If you need to give access again, the editor re-sends from the extension; that creates a fresh invitation and a fresh link.
• If your invitation link breaks for any reason — file moved on Drive, share revoked, email lost — the editor sends the project again. It's one click on their side.

Send confirmations

• Every time you click Send or Resend in the textbased.video extension, you confirm the recipient's email in a tickbox modal first. We log that confirmation (project code, recipient email, your editor email, action type, timestamp, IP, browser user-agent) so we can verify which sends were authorised — used only for support and dispute resolution.

Diagnostic logs (if you choose to send them)

• The textbased.video apps record local diagnostic logs to help debug crashes. These stay on your machine until you click Send logs in the app, at which point a redacted bundle is uploaded to us. Sensitive values (OAuth tokens, Drive URLs, Drive file and folder IDs, project titles, encryption keys, ciphertext, deep-link URLs, licence keys, and full email addresses) are hashed, truncated, or omitted before the bundle leaves your device.

3. Google Drive access

When you connect Google Drive, textbased.video requests one Drive scope plus standard sign-in scopes:

• drive.file — to create and write files in folders the textbased.video extension creates on your behalf, and to read files you explicitly open in textbased.video via Google's Drive Picker. textbased.video does not request drive.readonly or any other broad-Drive scope.
• userinfo.email, userinfo.profile, and openid — to identify the Google account your licence is tied to. We see your email, name, and the opaque OpenID identifier; we do not see anything else from your Google account.

Your Google OAuth tokens are stored only on your local machine, in a path managed by the operating system's user-data directory. They never reach our servers. You can revoke textbased.video's access at any time from your Google Account at myaccount.google.com/permissions.

Encrypted return files do not travel through Google Drive. The recipient's edited XML is encrypted on their machine and uploaded directly to textbased.video's encrypted-storage endpoint. Google Drive is used only on the send path.

Project files live in your own Google Drive. textbased.video never holds the file bytes. The link to your Drive folder is encrypted on your machine before it leaves; only the recipient's invitation email contains the key to decrypt it. Recipients explicitly agree, before download begins, not to redistribute the project code or download link.

4. Why we collect it

• Licence enforcement. Email + hardware fingerprint + heartbeat let us issue and revoke licences and enforce per-licence machine limits.
• Project handoff. Invitation codes let recipients open the right project in their textbased.video app.
• Support. If you choose to send a diagnostic log bundle, we use it to investigate the issue you reported.

5. Sub-processors

We use the third parties below to deliver textbased.video. Each one operates under their own published Data Processing Addendum (DPA), which includes Standard Contractual Clauses (SCCs) governing the transfer of personal data outside the EU/UK. The links go straight to their current DPA — review them for the canonical terms.

Vercel — application hosting

Vercel hosts both the public textbased.video site at textbased.video and the textbased.video admin + licence server at dashboard.textbased.video. Every API request the textbased.video extension or textbased.video desktop app makes — activating a licence, minting an invitation code, sending an invitation email, uploading a diagnostic-log bundle — passes through Vercel's infrastructure on its way to our database.

What their DPA covers: Vercel processes data only on our documented instructions, is SOC 2 Type 2 certified, and publishes its own sub-processor list in their Trust Center. SCCs for EU/UK→US transfer are included.

DPA: vercel.com/legal/dpa · Trust Center: vercel.com/security

Supabase — database and storage

Supabase holds our records: licence rows, per-machine activation records, invitation records, the send-confirmation audit log, encrypted return ciphertext, licence-claim links, alpha-acceptance records, landing-page email signups, and diagnostic-log metadata. Both the textbased.video extension (when it activates a licence or sends an invitation) and the textbased.video desktop app (when it opens a project or uploads an encrypted return) ultimately read from and write to Supabase.

What their DPA covers: data is hosted on AWS in a region we select at project creation, encrypted at rest and in transit, with row-level security available. Supabase is SOC 2 Type 2 certified. SCCs for EU/UK→US transfer are included.

DPA: supabase.com/legal/dpa · Security overview: supabase.com/security

Supabase Storage holds encrypted return files. textbased.video does not control or possess the decryption keys; ciphertext sits in storage as opaque bytes for at most 24 hours after the editor imports a return, or 90 days if the return is never imported.

Resend — transactional email delivery

Resend delivers every email textbased.video sends: licence-key claim links to textbased.video extension users, and project invitations to recipients who use the textbased.video desktop app. Licence keys themselves are never placed in the email body. Project invitations carry a self-contained URL whose secret material (the encrypted project link, the decryption key, and the editor's return-path public key) lives only in the URL fragment — Resend holds those values for up to 30 days as part of the email body and we discard them from our infrastructure once the email is sent.

What their DPA covers: Resend processes data only as needed to deliver email, is SOC 2 Type 2 certified, and applies a defined retention window to email content. SCCs for EU/UK→US transfer are included. Resend has no public API for deleting sent emails, so erasure requests you make to textbased.video are forwarded to them by us within our 30-day response window.

DPA: resend.com/legal/dpa

Cloudflare — DNS and edge protection

Cloudflare provides DNS for textbased.video and edge protection for traffic flowing into our hosts. It does not store textbased.video application data; it sees request metadata only (IP address, request URL, response code) for the duration needed to route and protect the request.

What their DPA covers: Cloudflare is SOC 2 Type 2 and ISO 27001 / 27018 certified, with extensive published trust documentation. SCCs for EU/UK→US transfer are included.

DPA: cloudflare.com/cloudflare-customer-dpa · Trust hub: cloudflare.com/trust-hub

Google — Drive storage you control

Project media — your rushes, your audio, your transcripts, the edited XML the recipient returns — never reaches textbased.video's servers. It lives in your Google Drive (sender side) and is accessed by the recipient's textbased.video desktop app through the OAuth grant you authorise. Google's handling of that data is governed by your own Google Account terms, which you accepted directly with Google.

What Google's DPA covers: the Google Cloud / Workspace Data Processing Addendum governs commercial Drive usage; consumer Drive usage is governed by the Google Privacy Policy. Either route includes SCCs for EU/UK→US transfer. textbased.video only ever holds an OAuth grant against your account — we never see your Drive credentials.

DPA: cloud.google.com/terms/data-processing-addendum · Privacy: policies.google.com/privacy

6. Lawful basis for processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following lawful bases under Article 6:

• Contract (Art. 6(1)(b)) — for the licence we issue you and the project-handoff features that make the product work. Without processing your email, machine fingerprint, and invitation codes, we cannot deliver the service you signed up for.
• Legitimate interests (Art. 6(1)(f)) — for activation heartbeats, anti-piracy checks (machine-count enforcement), and optional diagnostic-log uploads. Our interest is keeping the licence model honest and being able to fix bugs you report. We've weighed this against your privacy interests and the data points are minimal, minimised, and never used for marketing.
• Consent (Art. 6(1)(a)) — for the alpha-signup email form on textbased.video. You can withdraw at any time by emailing support@textbased.video and we will delete your row.

We do not process your data for advertising, profiling, automated decision-making with legal effect, or any other purpose outside operating the textbased.video product.

7. Your rights

If you are in the EU, UK, California, or another jurisdiction with data protection laws, you have the right to:

• access the data we hold about you,
• correct it if it's inaccurate,
• have it deleted (right to erasure),
• export it in a portable format,
• object to processing carried out under our legitimate interests basis,
• restrict processing while a dispute is being resolved, and
• lodge a complaint with your local data protection supervisory authority (e.g. the ICO in the UK, your national DPA in the EU, the OAIC in Australia, or the California Privacy Protection Agency in California) — though we'd appreciate hearing from us first so we can try to fix it.

Email support@textbased.video with your request. We'll respond within 30 days. There is no charge for the first request in any 12-month period.

For California residents (CCPA / CPRA): we do not sell your personal information and we do not share it for cross-context behavioural advertising, as those terms are defined under the CCPA. The rights above (access, deletion, correction, portability) are available to you on the same email channel; we will not discriminate against you for exercising them.

8. Cookies and tracking

The dashboard at dashboard.textbased.video and the public site at textbased.video use only strictly necessary first-party cookies — for session authentication on the admin dashboard and for short-lived claim-flow state on licence-claim pages. We do not currently run analytics, marketing pixels, ad-network trackers, or any third-party tracking cookies. If that changes (e.g. we add product analytics), we will update this page and add a consent banner before the change takes effect, in line with the EU ePrivacy Directive and equivalent regimes elsewhere.

9. Retention

Licence records are kept for the lifetime of your licence plus 12 months for audit. Diagnostic log bundles are kept for 90 days. Invitation records are kept for the project's lifetime plus 12 months. Hardware fingerprint hashes are deleted when you deactivate that machine from your licence.

Encrypted return files are deleted from storage 24 hours after the editor imports them, or 90 days after upload if the editor never imports them. Notification records (project code, return number, timestamps) are deleted on the same schedule. If you revoke an invitation, all return files and notification records for that project are deleted immediately.

If you don't want textbased.video to host your encrypted return files at all, the textbased.video desktop app includes an Export XML button (next to Job finished) that saves the edited XML directly to your computer's downloads folder. You can then send that file to the editor by email, your own cloud drive, or any other channel — textbased.video sees nothing. The encrypted-upload path is the convenience default; the local export is always available as the “I prefer to send it myself” alternative.

We keep our own metadata record of every email textbased.video sends — sender, recipient, subject, timestamp, provider message ID. We do not duplicate the email body in our database; the body lives at our email provider Resend, governed by their retention policy. On request we will delete our metadata record and forward the deletion request to Resend. Resend has no public API for deleting sent emails, so this step is handled by us emailing them on your behalf within the 30-day response window described in section 7.

Licence-claim emails carry a single-use opaque link that expires after 7 days; the link table is automatically purged daily. Project invitations carry a self-contained URL whose secret material lives only in the URL fragment — our servers never see it, and we don't keep a copy. The licence key itself is never sent in the body of an email.

Backups held by our infrastructure providers (Vercel, Supabase, Cloudflare, Resend) are purged on each provider's automatic schedule and are not directly accessible to us; deletion requests you make to textbased.video clear our operational systems immediately and are reflected in those backups as they roll over.

10. Children

textbased.video is a professional tool intended for video editors and journalists aged 18 and over. We do not knowingly collect data from children.

11. Changes

Material changes will be announced by email to active licence holders before they take effect. The “last updated” date at the top of this page reflects the current version.

12. Alpha-period compliance status

textbased.video is in private alpha. We aim to operate compliantly with the legislation that applies to us, and we want users to know exactly where we stand today rather than discover it later. This is an honest snapshot — if any of it looks wrong, please email support@textbased.video and we will correct it.

EU GDPR & UK GDPR

• Lawful basis: stated in section 6 above (contract, legitimate interest, consent, depending on the processing activity).
• Sub-processors + Standard Contractual Clauses: listed in section 5 above with links to each provider's DPA.
• Data subject rights: available via support@textbased.video, 30-day response window (section 7).
• EU representative (Article 27): not yet appointed. Article 27 applies if we are “not established in the Union” and our processing of EU personal data is more than “occasional”. While the product is in private alpha and EU users are not actively targeted, processing is treated as “occasional”. We will appoint an EU representative at the paid-tier launch, when EU users are actively targeted.
• Data Protection Officer: not appointed. We do not meet any of the GDPR Article 37 triggers (public authority, large-scale systematic monitoring, large-scale processing of special-category data). We will reassess before paid launch.

California (CCPA / CPRA)

• We do not sell or share personal information (section 7).
• California rights honoured via the same support email channel.

EU ePrivacy / cookie law

• Strictly necessary first-party cookies only — no consent banner is required at present. Disclosed in section 8.

Australian Privacy Act 1988 (APPs)

• textbased.video is operated as a solo-developer business and is below the AU$3 million annual turnover threshold that formally binds an organisation to the Australian Privacy Principles. We adhere to the APPs in practice anyway, since most of what GDPR requires meets or exceeds them.
• We do not currently process “sensitive information” as defined by the Act (race, health, biometric identifiers, etc.), which is what would otherwise pull us in regardless of turnover.

Vendor compliance (not legislation, but worth knowing)

• Google OAuth verification: submission in preparation — we will be applying formally very soon. Until granted, users see an “unverified app” consent screen on first sign-in. Google's drive.file scope is non-sensitive, so standard OAuth verification applies (no third-party security assessment required).
• Apple notarisation (macOS desktop app): completed. The macOS DMG is signed with an Apple Developer ID certificate and notarised by Apple, with the notarisation ticket stapled to the DMG. macOS Gatekeeper opens the app cleanly on first install — no “unidentified developer” warning.
• Microsoft code signing (Windows installer): not done for alpha. The Windows installer is unsigned; SmartScreen warns “Unknown publisher”. OV-signed installers + Microsoft Store submission arrive with the paid launch.
• Adobe CEP (Premiere extension): the Premiere extension ZXP is self-signed for alpha distribution and installed via a third-party extension manager. Adobe Exchange-blessed distribution arrives with the paid launch.

13. Contact

Email support@textbased.video for anything privacy-related.