VX WORKFLOW
Legal

Privacy Policy

Last updated: 19 May 2026

This Privacy Policy explains how VX Workflow LLC ("we", "us", "our") collects, uses, and protects your personal information when you use usevx.com (the "Service"). We operate the Service internationally. If you're in the UK or EU, we also try to align with the GDPR, see section 9.

1. What we collect

We collect:

  • Account info: your name, email, company name, role, and country.
  • Payment info: handled entirely by Stripe, we never see or store your card details. We do store a Stripe customer ID so we can match invoices to your account.
  • Workspace + project data: briefs you write, notes you leave, files you upload, and the finished edits we deliver. This is the substance of the Service.
  • Usage data: standard server logs (IP address, browser type, page paths, timestamps) for security, debugging, and uptime monitoring.
  • Communications: emails and support messages you send us.

2. Why we collect it

We use your information to:

  • provide the Service (edit your footage, deliver finals);
  • process payments and send transactional emails (welcome, payment confirmations, payment-failed notifications, project notes);
  • respond to support requests;
  • investigate abuse, fraud, and security incidents;
  • improve the Service in aggregate (we don't sell your data or use it for advertising).

3. Who we share it with (sub-processors)

We use the following third-party services to run VX Workflow. Each one only receives the data necessary for its role:

  • Supabase (database, authentication): account, workspace, project, and notification data. Hosted in the AWS region we selected at project creation.
  • Cloudflare R2 (file storage): raw footage and delivered video files. R2 has zero egress fees and stores data globally on Cloudflare's network.
  • Stripe (payment processing): billing and payment data. Stripe is PCI-DSS compliant and shares only minimal metadata back with us.
  • Resend (email delivery): your email address and the contents of transactional emails (welcome, notifications, digest summaries).
  • Sentry (error monitoring, when enabled): error events including the URL, browser, and stack trace when something breaks. We don't intentionally send personal data, but error context occasionally includes user IDs or email addresses.
  • Vercel (hosting): receives standard web traffic to serve the Service.

We don't sell your personal information. We don't share it with advertisers. We only disclose it where required by law (e.g. a valid court order or law-enforcement request).

4. How long we keep it

We keep account and workspace data for as long as your account is active. When you delete your account or your account is terminated, we delete personal information within 30 days except where we're required to keep it longer (e.g. financial records for tax purposes, typically 7 years).

Backups are retained for up to 30 days on a rolling basis; deleted data continues to exist in backups until they age out.

5. Security

We take reasonable steps to protect your information: encrypted connections (HTTPS), encrypted-at-rest storage on Supabase and R2, row-level access controls in our database, principle of least privilege for staff accounts. No system is perfectly secure, if a data breach affects your information and is likely to cause serious harm, we'll notify you as required by applicable data-breach notification laws.

6. Your rights

You can ask us to:

  • access the personal information we hold about you;
  • correct anything that's inaccurate;
  • delete your account and the personal information attached to it (subject to legal retention obligations);
  • export your data in a portable format;
  • opt out of non-essential communications (you can't opt out of transactional emails like payment-failed notifications while you have an active subscription).

Email support@usevx.com with any of these requests. We aim to respond within 30 days.

7. Cookies

We use a small number of cookies to make the Service work, see our Cookie Policy for the full list and how to control them.

8. Children

The Service is not directed at people under 18. We don't knowingly collect personal information from children. If you believe we have, email us and we'll delete it.

9. International transfers + GDPR

Our sub-processors store and process data in regions including the US, EU, and Asia-Pacific, and transfers happen any time you use the Service. By using VX Workflow, you consent to these transfers.

If you're in the UK or EU, our lawful basis for processing your data is (a) performance of our contract with you (providing the Service), and (b) our legitimate interests in running and securing the Service. You have additional rights under the GDPR including the right to object to processing and the right to lodge a complaint with your local data protection authority. Email us first so we can try to resolve it directly.

10. Changes

We update this Policy when our practices change. The "last updated" date at the top reflects the most recent material change. For substantive changes that affect how we use your personal information, we'll email registered account holders before the change takes effect.

11. Contact + complaints

For privacy questions or complaints:

VX Workflow LLC
Email: support@usevx.com