Privacy Policy
Last updated: March 9, 2026
1. Introduction
This Privacy Policy describes how MediaMind ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our AI-powered media analysis platform ("the Service").
MediaMind acts as the data controller for the personal information collected through the Service. By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
Account Data
When you sign in with Google OAuth, we collect your name, email address, and profile picture. This information is used to create and manage your account.
Media Content
Videos and images you upload are stored securely in Amazon S3. We process this content to provide you with analysis, transcription, and other features of the Service.
AI Analysis Data
When your media is processed, we generate and store AI-derived data including scene descriptions, transcriptions, virality scores, sentiment analysis, and face detection results.
Social Media Connections
If you connect social media accounts (such as YouTube or Instagram), we store encrypted OAuth tokens to enable publishing on your behalf. Tokens are encrypted using AES-256-GCM.
Payment Data
All payment processing is handled by Stripe. We do not store your credit card numbers or full payment details. We retain Stripe customer IDs and transaction records for billing purposes.
Usage Data
We collect information about how you use the Service, including chat history with the AI assistant, credit consumption, and feature usage patterns.
Technical Data
We automatically collect technical information such as your IP address, browser type, device information, and cookies necessary for the operation of the Service.
3. Biometric Data
Important Information About Face Data
MediaMind's face detection feature uses InsightFace to generate face embeddings — mathematical representations of facial features. We also estimate approximate age and gender from detected faces.
Purpose: Face embeddings are used solely for grouping and identifying the same faces across your personal media library. This helps you organize your content by the people who appear in it.
Storage: Face embeddings and associated metadata are stored in MongoDB, encrypted at rest.
Retention: Biometric data is retained until you delete the associated face, media, or your account.
User-Initiated Only: Face detection is performed only when you explicitly request it. You can opt out simply by not using the face detection feature.
BIPA/CCPA Compliance: We do not sell biometric data. We do not share face embeddings with third parties. You may request deletion of all biometric data at any time by deleting faces from your account or by contacting us.
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process and analyze your media content using AI
- Manage your account and subscription
- Publish content to connected social media platforms on your behalf
- Process payments and track credit usage
- Communicate with you about the Service, updates, and support
- Improve the Service and develop new features
- Comply with legal obligations
5. AI Processing and Third-Party AI Services
Your media content is processed by the following third-party AI services:
- Google Gemini — video and image analysis, scene detection, content insights, and virality scoring. Content is sent to Google Cloud for processing.
- Amazon Transcribe — speech-to-text transcription. Audio is processed through AWS.
- InsightFace — face detection and embedding generation. Processing occurs on our own infrastructure; face data is not sent to external services.
These services process your content solely for the purpose of providing analysis results to you. We do not use your content for training AI models.
6. Data Sharing
We do not sell your personal information. We share data only with the following categories of service providers, as necessary to operate the Service:
- Amazon Web Services (AWS) — cloud infrastructure, storage (S3), transcription, and message queues
- Google Cloud — AI processing (Gemini)
- Stripe — payment processing
- MongoDB Atlas — database hosting
We may also disclose information when required by law, to enforce our Terms of Service, or to protect the rights, safety, or property of MediaMind, our users, or the public.
7. Data Storage and Security
We implement industry-standard security measures to protect your data:
- Media files are stored in Amazon S3 with server-side encryption
- Social media OAuth tokens are encrypted using AES-256-GCM before storage
- All data in transit is protected using TLS encryption
- Database access is restricted and monitored
- We regularly review and update our security practices
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights
GDPR Rights (EU/EEA Users)
If you are located in the European Union or European Economic Area, you have the following rights:
- Access — request a copy of your personal data
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Portability — request your data in a machine-readable format
- Restriction — request restriction of processing
- Object — object to processing based on legitimate interests
- Withdraw Consent — withdraw consent at any time where processing is based on consent
CCPA Rights (California Residents)
If you are a California resident, you have the following rights:
- Right to Know — request disclosure of what personal information we collect, use, and share
- Right to Delete — request deletion of your personal information
- Right to Opt-Out — we do not sell personal information, so this right is automatically satisfied
- Non-Discrimination — we will not discriminate against you for exercising your rights
To exercise any of these rights, please contact us at contact@spectatr.ai.
9. Data Retention
- Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
- Account deletion: When you delete your account, your data is scheduled for deletion within 30 days.
- Backups: Data may persist in encrypted backups for up to 90 days after deletion, after which backups are rotated and the data is permanently removed.
10. Cookies and Tracking
MediaMind uses session cookies that are strictly necessary for the operation of the Service (authentication, session management). We do not use advertising trackers, third-party analytics cookies, or cross-site tracking technologies.
11. Children's Privacy
The Service is not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.
12. International Data Transfers
MediaMind processes and stores data in the United States. If you are located outside the United States, your data will be transferred to and processed in the US.
For users in the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for international data transfers.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
14. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
See also our Terms of Service