Back to RJVideo

RJVideo policies

RJVideo Privacy

This policy explains what personal data RJVideo collects, the legal basis under EU data-protection law, and your rights.

Last updated: May 25, 2026

1. Data controller

Regular Joe (Joe's Workshop), an independent EU-based creator, acts as data controller for RJVideo service data. Contact info@regularjoe.io for any data-protection request. Dodo Payments Inc. acts as an independent data controller for payment data under its own privacy notice — payment data is handled by Dodo as Merchant of Record and is not under RJVideo's control beyond the event metadata Dodo returns to apply credits.

2. What we currently collect

Empirically minimal today: account email (when sign-in ships in Phase C), credit balance, generation inputs and outputs, and server logs. We do not embed advertising or analytics scripts on rjvideo.app today; this page will be updated and a cookie notice surfaced if we change.

3. Purpose, data category, and legal basis (GDPR Art 6)

We map each processing activity to a GDPR Article 6 legal basis as follows. Providing the service (account, credits, generation history) uses account email, credit balance, and generation inputs/outputs on the legal basis of performance of a contract (Art 6(1)(b)). Applying credits after Dodo payment events uses Dodo order/event metadata on the legal basis of performance of a contract (Art 6(1)(b)). Security, abuse prevention, and service stability use server logs (IP, user agent, timestamp, request path) on the legal basis of legitimate interests (Art 6(1)(f)) — the interest is operational security. Compliance with tax, accounting, fraud, and legal-retention obligations uses billing records and support correspondence on the legal basis of legal obligation (Art 6(1)(c)). Responding to data-subject rights requests uses identifiers necessary to verify the requester on the legal basis of legal obligation (Art 6(1)(c)).

4. Account and billing data

When sign-in is live (Phase C), we will hold your account email and credit balance. Billing events flow through Dodo as Merchant of Record and independent controller for payment data; we never see your full card number, only event metadata necessary to apply credits.

5. Generation data

Uploaded source frames and generated reels are stored in Supabase Storage (EEA region where the project is hosted, currently eu-central-1) tied to your account. We retain this so you can preview, regenerate, and access history. You can request deletion via info@regularjoe.io at any time.

6. Server logs

Vercel, our hosting provider, collects standard server-side request logs (IP address, user agent, timestamp, request path) for operational and security purposes under Vercel's data-processor terms.

7. Cookies

We do not currently set advertising or analytics cookies on rjvideo.app. Essential cookies may be set by hosting (Vercel) or payment (Dodo) providers for technical session and security purposes. A cookie notice will be surfaced if we add any non-essential cookie.

8. Processors and independent controllers

Supabase Inc. (account and storage — processor under DPA), Vercel Inc. (hosting and CDN — processor under DPA), and Dodo Payments Inc. (payments and Merchant of Record — independent controller for payment data). Each EU-relevant processor is bound by EU Standard Contractual Clauses or equivalent safeguards. A copy or summary of our transfer safeguards is available on request via info@regularjoe.io.

9. International transfers

Where any processor's infrastructure transfers personal data outside the EEA, we rely on EU Standard Contractual Clauses or equivalent safeguards (the UK International Data Transfer Agreement where applicable).

10. Retention

Default retention: account and credit data for the lifetime of the account; generation inputs and outputs for the lifetime of the account unless you delete them; server logs typically for 90 days. After account deletion via info@regularjoe.io, we delete personal data within 30 days, retaining only what is required by tax, accounting, fraud, or legal-retention obligations — typically billing records for up to 10 years to comply with applicable national accounting, tax, and commercial laws.

11. Your GDPR rights

You have the rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (where consent applies), and the right to lodge a complaint with your EU supervisory authority. To exercise any right, email info@regularjoe.io; we respond within 30 days.

12. Children

The service is not designed for children. The minimum age is 16 per GDPR-K. We do not knowingly collect data from minors below 16.

13. Updates

Material changes will be flagged on rjvideo.app for at least 30 days. Last updated: May 25, 2026.

14. Contact

All privacy and data-protection inquiries can be sent to info@regularjoe.io.