Last updated: 2026-06-09

This Privacy Policy explains how MyVideo.Email (“MVE“, “we“, “us“) collects, uses, stores, and shares information when you use the MyVideo.Email web application, browser extension, and mobile apps (collectively, the “Service“).

By using the Service you agree to the practices described here.

When you create an account, we collect:

• First name and last name
• Email address
• Optional: company name, phone number, billing address
• A bcrypt-hashed copy of your password (never the plaintext)
• The account’s plan / subscription level (essentials / business / premium)

We also generate and store:

• A numeric user id
• Timestamps for account creation, last activity, and deletion (if any)
• Per-account security telemetry described in Section 6

• Video files you record (audio + video tracks)
• Captions you generate or upload
• Email subjects, bodies, and recipient lists you compose
• Thumbnails (animated GIF and static) we generate from your videos
• Scheduled-send timing data
• Customer support / feedback content you submit

When you connect a third-party integration — Google, Microsoft, Keap, HighLevel, or HubSpot — we receive an OAuth refresh token that lets us act on your behalf against the scopes you approved on that provider’s consent screen. See Section 5 — Google Workspace API Services for specifics on what we access from Google, since Google’s policies require explicit disclosure.

When someone you sent a video to opens the email, plays the video, clicks the CTA, or replies, we record that interaction so you can see analytics. We collect:

• The fact that the recipient opened / played / clicked / replied
• A timestamp
• An IP address (used only to derive coarse geographic info; not exposed back to you as a raw IP)
• The recipient’s email address (already known to you — you put it in the To: line)

We do not place tracking pixels on third-party websites and we do not share recipient interaction data with any party other than you.

To run and protect the Service we capture:

• Server-side request logs (URL, status code, request id, response time) on the MVE backend
• Browser user agent at sign-in and OAuth issuance time
• Server-side security audit events (see Section 6 for the full list)
• Build / device info from the mobile apps (model, OS version, app version) at app start

We use the data in Section 1 to:

• Provide the core product: record, host, and deliver the videos and emails you create
• Send transactional emails (welcome, email confirmation, password reset, video-ready notifications, support replies) via Amazon SES
• Maintain analytics dashboards inside the Service so you can see how recipients engage with what you sent
• Protect the Service from abuse: per-account lockout on repeated failed sign-ins (Section 6), rate limiting on signin / signup / password reset endpoints, anomaly detection on refresh-token reuse
• Comply with legal obligations (tax, accounting, lawful requests)
• Communicate with you about the Service — product updates, billing, security notices

We do not:

• Sell your data to anyone
• Use your data for advertising on or off the Service
• Read the bodies of emails you sent through the Service for any purpose other than delivering them, generating their analytics, and protecting against abuse
• Use Google user data to train AI / ML models. (See Section 5.)

Full crypto inventory is documented in crypto-inventory.md.

We do not sell user data. We share data with the following categories of recipients only to the extent needed to provide the Service:

• Infrastructure providers (AWS — EC2, RDS, S3, CloudFront, SES, Transcribe): process data on our behalf under the AWS Data Processing Addendum.
• OAuth integration providers (Google, Microsoft, Keap, HighLevel, HubSpot): receive the requests we make using your authorized scope. They never receive other users’ data; the boundary is per-user OAuth.
• Recipients you choose: when you send a video email, the recipient receives the URL to view it and an animated thumbnail. The recipient’s interaction with that link is what produces the analytics in Section 1.4.
• Payment processor: subscription billing is handled by Keap. Card numbers and bank details are entered on Keap’s side; we never receive plaintext payment credentials.
• Lawful requests: if compelled by valid legal process. We challenge over-broad requests where possible.

A complete vendor list — including each vendor’s region, the data they receive, and the contractual control that limits their use — is maintained in vendor-list.md.

MyVideo.Email’s use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We commit to the following for data received under the scopes above:

1. No human reading. No MVE employee reads the contents of emails we send through Gmail or contact records we read on your behalf, except (a) with your explicit consent, (b) to respond to your support ticket about a specific record you reference, or (c) when required by law.
2. No data transfer. We do not transfer Gmail or Contacts data to any other party except (a) to fulfill a specific request from you, (b) to provide and improve our user-facing features (the email send itself is the feature), or (c) when required by law. We do not transfer this data to AI/ML providers for training or inference, with one explicit exception: future opt-in features that we will disclose here and that you will be able to control per-account.
3. No advertising use. We do not use Gmail or Contacts data to serve advertisements anywhere.
4. No internal repurposing. Beyond providing and securing the user-facing feature, MVE does not use this data for product analytics, model training, or any other internal purpose.

If we ever change these commitments, we will update this policy before the change goes live, and we will give existing users a chance to revoke the integration.

You can revoke MVE’s access to your Google account at any time:

1. Inside MVE: Integrations → Google → Disconnect. We will call Google’s /o/oauth2/revoke endpoint to invalidate the OAuth grant at Google, then drop the local copy of the token.
2. Independently of MVE: https://myaccount.google.com/permissions → find “MyVideo.Email” → Remove access.

Either path invalidates the same token. The revoke we initiate from MVE is recorded in our internal audit log so we can prove it ran.

We treat user data as in scope for the OWASP ASVS L2 controls. The material defenses are:

• Encryption in transit: all browser and mobile traffic to MVE uses TLS 1.2+. HSTS is enforced on app.myvideo.email and backend.myvideo.email with max-age=15552000; includeSubDomains.
• Encryption at rest: described in Section 3.
• Authentication: bcrypt-hashed passwords (no plaintext, ever), optional TOTP MFA for any user, MFA required for administrative accounts, per-account lockout after repeated failed sign-ins (default 10 failures in 15 minutes locks the account for 15 minutes).
• Refresh-token rotation: every successful refresh rotates the refresh token; the old one is revoked server-side. Detecting reuse of an already-rotated token revokes every active session for that account immediately — the response to a likely-stolen token.
• OAuth-grant revocation on account delete or provider disconnect: for providers that expose a public revoke endpoint (Google, HubSpot) we call it and record the result. For providers that do not (Microsoft, Keap, HighLevel), we record revoke_not_supported so the audit reviewer can see the gap.
• Audit log (security_audit_logs table): every sign-in success / failure, refresh, logout, password-reset request / success / failure, OAuth provider connect / disconnect / revoke, account deletion, admin destructive operation, and MFA enrollment event is recorded with an IP, user-agent, and a JSON metadata payload.
• Sub-resource Integrity (SRI) on every external script the web app loads from the WordPress help-widget host.
• Content Security Policy: tight default-src 'none' on the JSON API; the Next.js client has a CSP scoped to its required origins.

A complete crypto inventory is in crypto-inventory.md. The deploy and incident-response runbooks are at the same location.

You can delete your account at any time from My Account → Delete Account. When you do:

1. We attempt to revoke every OAuth grant you authorized (Section 5.3 and Section 4).
2. We delete your account profile, organization, video files, email records, recipient interaction history, OAuth refresh-token rows, MFA credentials, and any other data tied to your account.
3. We retain (a) audit-log entries that record what happened — without your personally identifying content — for security and compliance reasons, and (b) anything we are legally required to keep (e.g., billing records under applicable tax law).

The Service exposes the same deletion endpoint to admin operators — when an admin deletes a sub-user, the same cascade runs.

We do not currently auto-delete inactive accounts. If you stop using the Service and never delete your account, your data stays as you left it until you log in and delete it.

Encrypted DB snapshots are retained for 7 days. After deletion your data will roll off the most recent snapshot within that window. We do not restore data from backups except to recover from outages.

If you are in a jurisdiction that grants rights of access, rectification, portability, or erasure (for example GDPR or CCPA), you can exercise them via the in-product flows (My Account → Delete Account; the support ticket form for everything else) or by emailing [email protected]. We respond within 30 days.

The Service is not directed at children under 13 (or the higher age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has signed up, please contact us and we will delete the account.

The Service operates on AWS infrastructure in the United States. When you use the Service from outside the United States, your data is transferred to and stored in the United States subject to the AWS Data Processing Addendum.

We will update this Privacy Policy when our practices change. The “Last updated” date at the top reflects the most recent material revision. Any change that materially affects how we use Google Workspace data (Section 5) will be flagged with a banner on the sign-in page and via email to existing users with active Google integrations at least 30 days before the change takes effect.

For questions, requests, or to report a privacy concern:

Box Out Marketing
(480) 442-4098
2712 Loker Ave W #1091
Carlsbad, CA 92010

Email: [email protected]