Privacy Policy

Information We Collect

Account Information

When you create a Filmit.io account, we collect:

• Email address
• Password (stored securely as a hash — we never see or store your plaintext password)
• Account creation date

Usage Data

When you use Filmit Studio, we may collect:

• License status and subscription tier
• List of installed plugins and their versions
• Studio application version and operating system type
• Plugin install, update, and uninstall events

Payment Information

We use LemonSqueezy as our Merchant of Record. All payment processing is handled entirely by LemonSqueezy. We never see, store, or have access to your credit card numbers, bank account details, or other payment credentials. LemonSqueezy provides us with:

• Your name and email address (to link your purchase to your account)
• Transaction ID and order status
• Subscription status (active, cancelled, expired)

Analytics & Advertising Data

When you accept cookies via our cookie banner, third-party analytics and advertising services (Google Analytics 4, Microsoft Clarity, and Meta Pixel — disclosed by name in Section 03) load and collect data about your visit: page views, referral sources, browser type, approximate geographic location, click behavior, conversion events (signup, subscribe), and anonymized session replays. We use this data in aggregate to understand how visitors find and use filmit.io, improve usability, measure advertising performance, and build remarketing audiences for our ads on Meta platforms (Facebook, Instagram). If you decline cookies, none of these services load and we receive no third-party tracking data about your visit beyond first-party page view counts.

How We Use Your Information

We use the information we collect to:

• Create and manage your Filmit.io account
• Validate your license and deliver the correct plugin access for your subscription tier
• Deliver plugin installations, updates, and version management through Filmit Studio
• Send transactional emails (account confirmation, password resets, important service updates)
• Provide customer support when you reach out to us
• Improve our products based on aggregate usage patterns
• Detect and prevent abuse or unauthorized access

We do not sell your personal information for money. We use Meta Pixel (Facebook/Instagram) to measure ad performance and build remarketing audiences on Meta platforms — this is disclosed in Section 03 and only loads after you opt in via our cookie banner. We do not use your data for advertising on any other network. We do not build standalone marketing profiles from your usage outside the Meta retargeting context. You can decline or revoke cookie consent at any time, which prevents Meta Pixel (and analytics) from loading entirely.

Data Sharing & Third Parties

We share your information only with the service providers necessary to operate Filmit.io:

LemonSqueezy (Payments)

LemonSqueezy acts as our Merchant of Record and processes all payments, subscriptions, and refunds. They handle your billing information under their own Privacy Policy.

Supabase (Authentication & Database)

We use Supabase to manage user accounts, authentication sessions, and license data. Your email, hashed password, and license information are stored in our Supabase project. Supabase operates under their own Privacy Policy.

Resend (Transactional Email)

We use Resend to deliver account-related emails (password resets, license confirmations, etc.). Resend processes your email address to deliver these messages and operates under their own Privacy Policy.

Cloudflare (CDN & Delivery)

Plugin files and updates are delivered through Cloudflare's content delivery network. Cloudflare may log standard access data (IP addresses, request metadata) as part of their infrastructure. See their Privacy Policy.

Analytics, Session Recording & Advertising (Optional — Consent-Required)

When you click "Accept All" on our cookie banner, the following third-party services load and receive data about your visit. They do not load and we share nothing with them if you click "Decline."

• Google Analytics 4 (analytics) — receives anonymized page views, referral sources, browser type, approximate geographic location, and aggregate engagement events. Google may use this data for their own product improvement and analytics infrastructure beyond what Filmit.io sees. See Google's Privacy Policy. You can also disable Google Analytics across all websites by installing the Google Analytics Opt-Out Browser Add-on.
• Microsoft Clarity (session recording) — receives anonymized session replays (mouse movements, clicks, scroll behavior with form inputs masked), heatmaps, and aggregated visit data. Microsoft may use this data for their own purposes. See the Microsoft Privacy Statement.
• Meta Pixel (advertising) — receives page views, conversion events (signup, subscribe), and browser/device data so we can measure the performance of our ads on Facebook and Instagram and build remarketing audiences to re-engage visitors who didn't convert. Meta uses this data for ad delivery, audience building, and their own analytics across the Meta ecosystem. This is the only third-party service we use for advertising purposes. See Meta's Privacy Policy. You can adjust your ad preferences and opt out of Meta's interest-based ads in your Meta Accounts Center, or opt out industry-wide via YourAdChoices.com (DAA) and YourOnlineChoices.eu (EDAA).

Under CCPA/CPRA, "sharing" includes disclosing personal information to a third party for cross-context behavioral advertising. Our use of Meta Pixel qualifies as "sharing" under this definition, and our use of Google Analytics 4 and Microsoft Clarity may also qualify for their respective analytics purposes. We do not receive any payment in exchange for this data. You can opt out at any time by clicking "Decline" on the cookie banner, by refusing cookies in your browser settings, or by using the per-service opt-out tools linked above. Declining does not affect your ability to use Filmit.io or access any of our features.

Apart from the service providers and partners listed above, we do not share your personal information with any other third parties. We never sell your data for money, and aside from Meta (for our own ad campaigns), we do not share it with any advertiser, data broker, ad network aggregator, or third-party marketer.

Sign-In with Google & Google User Data

Filmit.io offers Google as an optional sign-in method. When you choose to sign in with Google, we receive a limited set of profile data from Google to authenticate you and provision your Filmit.io account. This section discloses how Filmit.io accesses, uses, stores, shares, and deletes Google user data, in compliance with the Google API Services User Data Policy and Limited Use requirements.

Data Accessed

We request the following standard OpenID Connect scopes when you sign in with Google: openid, email, and profile. From these scopes we receive:

• Your email address
• Your name (first name and last name, where available)
• Your Google account identifier (the sub claim)
• Your profile picture URL (if your Google account provides one)
• Your email verification status

We do not request, access, store, or process any data from Gmail, Google Drive, Google Calendar, Google Contacts, YouTube, Google Photos, or any other Google service beyond the basic profile data above.

Data Usage

We use the data received from Google solely to:

• Authenticate you to your Filmit.io account
• Create your Filmit.io profile if one does not yet exist (pre-filled with your name and email address)
• Display your name within Filmit Studio and on filmit.io so we can address you correctly
• Send transactional emails (account verification, license delivery, password resets, billing receipts, and important service notifications)
• Link your account to a paid subscription so we can deliver the correct plugin access tier

We do not use Google user data for advertising, behavioral profiling, building marketing audiences, training machine learning or AI models, or any purpose unrelated to operating your Filmit.io account. We comply with Google's Limited Use requirements.

Data Sharing

We share Google user data only with the infrastructure providers necessary to operate Filmit.io, all of whom act as data processors on our behalf:

• Supabase — stores your authentication record and account profile (Supabase Privacy Policy)
• Resend — receives your email address and name to deliver transactional emails (Resend Privacy Policy)
• LemonSqueezy — receives your email address and name when you subscribe, so the subscription can be linked to your Filmit.io account (LemonSqueezy Privacy Policy)

We do not share, sell, transfer, or disclose Google user data to advertisers, data brokers, third-party marketers, AI training providers, or any party not listed above. We do not allow any third party to access Google user data for their own purposes.

Data Storage & Protection

Google user data is protected by the same security measures we apply to all personal data:

• Transmitted exclusively over encrypted TLS/HTTPS connections
• Stored encrypted at rest in Supabase using AES-256
• Access protected by Row-Level Security policies that restrict reads and writes to authorized services and to the data subject
• Authentication events are logged for security audit purposes
• Internal access is limited to the small number of personnel who require it to operate the service, all of whom are bound by confidentiality obligations

Data Retention & Deletion

We retain Google user data only as long as you have an active Filmit.io account. Specifically:

• Profile data is retained while your account is active.
• If you delete your account, all associated Google user data is removed from our active systems within 30 days.
• You may delete your account at any time from your Account Settings page on filmit.io, or by emailing support@filmit.io from the address associated with your account.
• You may revoke Filmit.io's access to your Google account at any time via your Google Account permissions page. Doing so will prevent future sign-ins via Google but will not automatically delete your existing Filmit.io account.
• On request, we will provide a portable copy of your data in a standard machine-readable format before deletion.

Cookies & Local Storage

Website — Essential Cookies

We use first-party cookies and localStorage for essential functionality: remembering your login session, your cookie-consent choice, and basic preferences. These load on every visit and cannot be disabled if you want to use the site (they don't track you across other sites).

Website — Optional Analytics & Advertising Cookies

When you click "Accept All" on our cookie banner, third-party cookies from Google Analytics 4, Microsoft Clarity, and Meta Pixel load to help us understand how visitors use the site, measure ad performance, and build remarketing audiences for our ads on Meta platforms (Facebook, Instagram). Meta Pixel is the only advertising tracker we use. You can decline these at any time by clicking "Decline" on the banner, or revoke previously-granted consent by clearing your filmit-cookie-consent localStorage entry or contacting us at support@filmit.io.

We do not use TikTok pixel, LinkedIn Insight Tag, Twitter/X pixel, Pinterest tag, Snapchat pixel, or any other cross-site advertising tracker beyond Meta Pixel.

Filmit Studio (Desktop Application)

Filmit Studio stores data locally on your computer using standard Electron storage mechanisms:

• Authentication session tokens (JWT) to keep you signed in
• Application preferences (theme, language, window size)
• Cached license status for offline access

This data never leaves your machine except for authentication tokens sent to our servers to verify your session.

Data Security

We take the security of your information seriously and implement appropriate measures to protect it:

• All data transmitted between Filmit Studio and our servers is encrypted using TLS/HTTPS
• Passwords are hashed and salted — we never store or have access to your plaintext password
• Authentication uses secure JWT tokens with automatic expiration and refresh
• Our database access is restricted to authorized services only
• We regularly review our security practices and update them as needed

While we work hard to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to following industry best practices.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data: Retained while your account is active. If you delete your account, we will remove your personal information within 30 days.
• License and transaction records: Retained for up to 3 years after your last transaction for legal and accounting purposes.
• Usage logs: Aggregated and anonymized usage data may be retained indefinitely for product improvement. Individual usage logs are deleted within 90 days.
• Support correspondence: Retained for up to 2 years to provide context for ongoing support.

Your Rights

You have the following rights regarding your personal information:

• Access: You can request a copy of the personal data we hold about you.
• Correction: You can update or correct your account information at any time through Filmit Studio or by contacting us.
• Deletion: You can request that we delete your account and all associated personal data. We will process deletion requests within 30 days.
• Export: You can request a portable copy of your data in a standard machine-readable format.
• Objection: You can object to our processing of your personal data in certain circumstances.

To exercise any of these rights, visit your Account Settings page where you can export or delete your data directly, or send us a message through our contact form. We will respond to all requests within 30 days.

Children's Privacy

Filmit.io is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete that information.

International Users

Filmit.io is based in South Carolina, United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, you may have additional rights under those laws, including rights under the General Data Protection Regulation (GDPR). We are committed to respecting those rights. Our legal basis for processing your data includes:

• Contract performance: Processing necessary to deliver the services you signed up for (account, license validation, plugin delivery, transactional email).
• Legitimate interests: Aggregate first-party usage logs, preventing abuse, debugging crashes, securing accounts.
• Consent: Loading third-party analytics, session-recording, and advertising scripts (Google Analytics 4, Microsoft Clarity, Meta Pixel) and sending you optional marketing emails (Free Signup Nurture sequence, product announcements). You can withdraw consent at any time without affecting our other lawful processing — declining the cookie banner stops all third-party tracking, and clicking "Unsubscribe" in any marketing email stops those emails.

California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• Right to Know: You can request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information for money. We do share personal information with Meta Pixel (cross-context behavioral advertising on Facebook/Instagram) and may share with Google Analytics 4 and Microsoft Clarity for analytics purposes (see Section 03 for full details). Under CPRA's definition, these qualify as "sharing." You can opt out of all third-party sharing at any time by clicking "Decline" on our cookie banner, or by clearing your filmit-cookie-consent browser storage to re-trigger the banner on your next visit. You can also email support@filmit.io to request that we exclude your account from advertising audiences and analytics tracking permanently.
• Global Privacy Control (GPC): Filmit.io honors the Global Privacy Control browser signal. If your browser or browser extension sends a Sec-GPC: 1 header, we treat it as a verified opt-out request and automatically decline all optional analytics and advertising cookies (Google Analytics 4, Microsoft Clarity, Meta Pixel) without requiring you to interact with our cookie banner. You can still explicitly opt back in by resetting your preferences through the banner if you change your mind.
• Right to Limit Use of Sensitive Personal Information: We do not knowingly collect or process sensitive personal information (e.g. precise geolocation, government IDs, health data, racial/ethnic origin, religion, sexual orientation). Authentication credentials are handled by Supabase and are never logged in our systems.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. Declining analytics cookies does not change your access to any Filmit.io feature or paid plugin.

To submit a request, contact us at support@filmit.io. We will respond within 45 days as required by CCPA/CPRA.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email or through Filmit Studio for material changes
• Post the updated policy on this page

We encourage you to review this page periodically. Your continued use of our services after changes are posted constitutes your acceptance of the revised policy.

Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your information, we want to hear from you.