Your media stays in your vault

When you use MMVault we collect and store:

• Account data: email address, authentication identifiers, workspace membership, and (if you sign in with Google) your Google account email and profile picture.
• Uploaded media: the original files you upload — videos, audio, images, screenshots.
• Derived data: transcripts, extracted screen text (OCR), scene descriptions, timestamps, key moments, clip suggestions, and vector embeddings used for semantic search inside your workspace.
• Usage data: product events such as uploads, searches, and asks; basic device info (browser user-agent); and server logs needed to operate the service.

We do not collect payment data during beta. We do not knowingly collect data from children under 13 (or the applicable minimum age in your jurisdiction). If you believe a child has provided us data, contact us and we will delete it.

We use the data above only to:

• Operate, maintain, and secure the service.
• Process your media with AI to make it searchable and answerable inside your workspace.
• Authenticate you and enforce workspace access.
• Diagnose errors, prevent abuse, and improve reliability.
• Communicate with you about your account or critical service changes.

Legal bases (where GDPR applies): performance of the contract with you, our legitimate interest in running and securing the service, and your consent where specifically requested.

Files and derived data are scoped to the workspace you uploaded them in. Only members of that workspace can search, ask, or view them. We do not surface your media to other users or in any public index.

MMVault staff can access stored data only when strictly required for support, debugging, or abuse investigation, under confidentiality obligations.

MMVault sends media to AI providers to generate transcripts, screen text, scene descriptions, and embeddings. Providers currently include Google and OpenAI models accessed through the Lovable AI Gateway.

We use providers that contractually do not train their foundation models on data sent through their APIs. We do not opt into training or data-sharing programs.

We rely on the following categories of sub-processors:

• Cloud hosting and database — Supabase / Lovable Cloud (managed Postgres, storage, auth).
• AI providers — Google (Gemini) and OpenAI (GPT) accessed via the Lovable AI Gateway, used to transcribe, OCR, describe, and embed your media.
• Authentication providers — Google OAuth, if you choose to sign in with Google.

These providers process data on our behalf under their own terms and security commitments. We do not sell your personal data and we do not share it for advertising.

We use strictly necessary cookies and browser local storage to keep you signed in and to remember workspace context. We do not use advertising cookies or third-party tracking cookies. Product usage events are stored in our own database and are not shared with ad networks.

We retain your media and derived data for as long as your account is active. When you delete a file, derived data linked to that file is deleted as well. When you delete your account, we delete your media, derived data, and account record within 30 days, except where we must retain limited records to comply with legal obligations or resolve disputes.

Data is stored on managed cloud infrastructure and may be processed in regions where our hosting and AI providers operate, including the EU and the United States. Where required, we rely on standard contractual clauses for international transfers.

Depending on where you live (e.g. EU/EEA, UK, California), you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to lodge a complaint with your data protection authority.

To exercise any of these rights, email us from your account address at the contact below. We will respond within a reasonable timeframe.

You can delete any file from your library at any time. Deleting a file removes the original, transcripts, screen text, scenes, moments, clip suggestions, and embeddings derived from it.

To delete your account and all associated data, contact us from your account email.

Files are stored on managed cloud infrastructure with encryption in transit and at rest. Access to derived data is enforced at the database level via row-level security tied to your workspace.

MMVault is operated as a private beta. For privacy questions, data requests, or to reach the data controller, email contact@mmvault.ai.