Rosyvid

Rosyvid – Privacy Policy

Last updated: 24th of February 2026

This Privacy Policy explains how Rosyvid Oy (Business ID: 3534575-4) ("Rosyvid", "we", "us") collects, uses, and protects personal data when you use the Rosyvid platform.

Rosyvid is operated from Finland and complies with the EU General Data Protection Regulation (GDPR).

1. Who This Policy Applies To

This policy applies to:

  • Creators who provide video content on Rosyvid
  • Buyers/Viewers who purchase or watch content
  • Visitors to Rosyvid pages where personal data is processed

2. Data Controller

Rosyvid Oy Business ID: 3534575-4 Finland Email: support@rosyvid.com

Rosyvid is the data controller for personal data processed through the platform.

3. What Data We Collect

We collect only data that is necessary to operate the service.

Account & Identity Data

  • Email address
  • Name (if provided)
  • Account ID and role (creator / viewer)
  • Authentication metadata

(Authentication is handled via our provider Clerk.)

Purchase & Transaction Data

  • Purchased collections
  • Purchase timestamps
  • Payment references
  • Payment status (paid, refunded, disputed)
  • Buyer's approximate location (such as country and city), derived from IP address and payment data

Note: Rosyvid does not store full payment card details. Payments are processed by our payment provider (currently Paddle).

Access & Usage Data

  • Entitlements (what content you have access to)
  • Watch progress (last playback position)
  • Basic access logs for security and reliability

Watch progress is stored per viewer and used to resume playback. We may in the future share anonymized and aggregated viewing statistics with Creators, but never individual viewer identities or personal data.

Creator Data

  • Display name
  • Collection titles and descriptions
  • Uploaded video metadata (such as titles, descriptions, and thumbnails)
  • Ratings and reviews submitted by Buyers
  • Content moderation classifications and review status (see Section 5)

Video files themselves are stored and delivered by our video hosting provider (see Section 7).

Communications

  • Transactional emails (receipts, access notifications)
  • Support and feedback communications sent to us

4. What We Do Not Collect

We do not intentionally collect:

  • Sensitive personal data (such as health, political beliefs, or biometric data)
  • GPS or device-level precise location data
  • Marketing profiles for third parties
  • Viewing behavior shared with creators

We may collect aggregated and anonymized usage data to improve the service, but we do not use individual tracking or profiling beyond what is necessary to operate Rosyvid.

5. How We Use Personal Data

We use personal data to:

  • Create and manage user accounts
  • Process purchases and grant access
  • Deliver video playback and resume progress
  • Send transactional emails
  • Provide customer support
  • Detect fraud and abuse
  • Analyze usage patterns to improve the service
  • Comply with legal obligations

We do not sell personal data or share it with third parties for advertising purposes. We may use your contact information to send you communications about Rosyvid's own services and features. You can opt out of these communications at any time.

Content Moderation & Safety

We use automated tools, including artificial intelligence, to review content and creator profiles for compliance with our Content Policy. This may include analysis of:

  • Creator profile information and content descriptions
  • Collection titles, descriptions, and metadata
  • Video content (such as audio transcripts or visual elements)

These tools help us identify potential policy violations and assess content risk. Automated analysis supports — but does not replace — human review. Final moderation decisions that affect your ability to use the platform are made or reviewed by Rosyvid staff.

Moderation classifications and review history are stored as part of our compliance records.

6. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract performance (providing purchased access, account functionality)
  • Legitimate interest (security, fraud prevention, service reliability)
  • Legal obligation (accounting, compliance with financial regulations)
  • Consent (where explicitly requested, e.g. communications)

7. Third-Party Processors

We use trusted third parties to operate the service. These currently include:

  • Paddle – payment processing, tax handling, and merchant of record services
  • Clerk – authentication and user management
  • Bunny.net – video hosting and delivery
  • Resend – transactional emails
  • Google Cloud – hosting and infrastructure
  • Google Ads – advertising measurement on marketing pages
  • AI/machine learning providers – content moderation and safety analysis

This list may change over time. These providers process data only as necessary to provide their services and under appropriate data protection agreements.

Our payment provider (Paddle) acts as an independent data controller for payment-related data processed through their systems.

8. International Data Transfers

Some of our service providers (such as Clerk and Google Cloud) are based outside the EU, which means your personal data may be processed in countries like the United States. Under GDPR, this requires legal safeguards to ensure your data remains protected to EU standards.

We ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (pre-approved contracts that require providers to protect your data to EU standards)
  • Other GDPR-compliant transfer mechanisms provided by our service providers

9. Data Retention

We retain personal data only as long as necessary:

  • Account data: while the account is active
  • Purchase records: 7 years as required by Finnish accounting law
  • Watch progress: until deleted by the user or account removal
  • Moderation records: retained for the life of the associated content or account, and as needed for compliance
  • Logs: limited retention for security and troubleshooting

When data is no longer needed, it is deleted or anonymized.

10. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Request data portability
  • Lodge a complaint with a data protection authority (in Finland: Tietosuojavaltuutettu)

You can exercise these rights by contacting us at support@rosyvid.com.

11. Account Deletion

You may request account deletion at any time.

Some data (such as purchase records) may be retained where required by law, but access to content and personal identifiers will be removed where possible.

12. Cookies & Tracking

Rosyvid uses the following types of cookies:

  • Essential cookies for authentication and session management (used across the platform)
  • Marketing cookies from Google Ads on our landing and marketing pages, used to measure the effectiveness of our own advertising campaigns

We do not use third-party cookies to build advertising profiles of our users or to serve targeted ads within the platform.

13. Security

We take reasonable technical and organizational measures to protect personal data, including:

  • Secure authentication
  • Encrypted connections (HTTPS)
  • Limited access to production data
  • Infrastructure-level security controls

No system is completely secure, but we aim to minimize risk.

14. Children's Privacy

Rosyvid is not intended for use by children under the age of 16 without parental involvement.

Creators are prohibited from uploading content that exploits or harms minors.

15. Changes to This Policy

We may update this Privacy Policy from time to time.

If changes are significant, we will notify users via the platform or email. Continued use of Rosyvid means acceptance of the updated policy.

16. Contact

For privacy-related questions or requests:

Rosyvid Oy Business ID: 3534575-4 Email: support@rosyvid.com Finland