RepairVideo.Pro: Privacy Policy

Purpose of this Privacy Policy

This Privacy Policy explains how our repair video review site collects, uses, stores, and shares personal and technical information from visitors, creators, and reviewers. Its purpose is to give clear, actionable information so users can understand what data we process, why we process it, and how we protect it. The policy also outlines users' rights regarding their data and the choices available for controlling information related to accounts, comments, uploaded repair videos, and viewing behavior.

Scope - Who and what this policy covers

This policy applies to anyone who uses or interacts with the site and related services, including:

Visitors who browse repair video pages without creating an account.
Registered users who create profiles, post reviews, or upload repair videos.
Contributors, moderators, and third-party contractors who assist with content or maintenance.
Business partners that integrate our video embedding, analytics, hosting, or payment services.

It covers data collected through:

The website and associated mobile or desktop apps.
User-generated content such as comments, review submissions, and uploaded repair videos (including metadata and thumbnails).
Communications with support or other users (messages, emails, and contact forms).
Automated collection mechanisms (cookies, web beacons, logs) that track device information, IP addresses, usage patterns, and performance metrics.

This policy also applies to processed data relating to content moderation, copyright takedown requests, and legal or safety investigations. It does not cover third-party sites or services accessed via links; those services have separate privacy practices.

Information We Collect

Personal information (name, email, account details)

We collect basic personal details when you register, sign up for newsletters, contact support, or otherwise provide them intentionally. Typical items include name, email address, username, password hashes, and profile information (location, bio, profile picture). For users who make purchases or subscribe to paid features, we also store billing contact details and transaction records. We keep only what's necessary to operate accounts, authenticate access, and communicate about service updates or support requests.

User-generated content (comments, review uploads, repair videos)

Content you submit-text comments, written reviews, ratings, uploaded repair videos, thumbnails, captions, and associated metadata (timestamps, device model, repair steps)-is collected and stored to display on the site and enable search, discovery, and moderation. Uploaded videos may include incidental personal data captured in footage (faces, voices, background details); you are responsible for removing sensitive personal data from recordings before uploading. We may create derivative items (transcoded formats, preview clips, thumbnails) to optimize playback and indexing. By posting content you grant the site a license to host, display, and distribute it per the terms explained elsewhere in this policy.

Technical data (IP address, device, browser, cookies)

We automatically collect technical details needed to deliver and secure the service: IP address, approximate geolocation derived from IP, device type and model, operating system, browser and version, screen resolution, and the referring site or search terms. We use cookies and similar technologies (local storage, web beacons) to remember preferences, keep you logged in, and enable features like watch history and saved playlists. Cookie types include:

Necessary cookies: session, authentication.
Performance cookies: site analytics and load monitoring.
Functional cookies: preferences, language.
Advertising/third-party cookies: used only if you opt in to personalized ads.

Usage data (pages visited, watch history, engagement metrics)

To improve content and recommendations, we record how people interact with the site: pages and videos viewed, time spent watching, playback events (pause, seek, resolution changes), search queries, clicks, likes, shares, and report/moderation actions. Aggregated and anonymized engagement metrics power content ranking, personalized suggestions, trending lists, and product repair guides. We retain watch history and activity logs tied to accounts to enable features like resume playback and curated recommendations; anonymous or aggregated versions may be stored longer for analytics and product development.

How We Use Your Information

To provide and improve review and repair video services

We use collected data to operate core site functions: create and manage user accounts, host and stream uploaded repair videos, display comments and reviews, and enable search and categorization. Personal and technical data let us authenticate users, enforce community rules, process payments, and perform content moderation. Video files and derived formats (thumbnails, transcodes) are stored and delivered via our hosting/CDN to ensure smooth playback and availability.

For personalization and content recommendations

Usage data and profile preferences power personalized features: recommended repair videos, "watch next" queues, saved playlists, and tailored search results. We analyze watch history, likes, subscriptions, and engagement patterns to surface relevant tutorials, parts recommendations, and troubleshooting steps. Personalization aims to make repair workflows faster and more relevant without exposing your identity to other users.

For communication (notifications, support, marketing-opt-in)

We send transactional messages (account alerts, password resets, billing receipts) and service-related notifications (policy updates, moderation actions) as needed. Marketing emails, newsletters, and promotional messages are only sent if you opt in; you can unsubscribe at any time. Support communications (helpdesk replies, dispute resolution) use your contact details to resolve issues and improve the experience.

For analytics and service security

Aggregated and pseudonymized data feed analytics used to measure site performance, feature usage, and content effectiveness-helping prioritize improvements, spot popular repair techniques, and refine search relevancy. Technical logs and monitoring data are also used to detect and prevent fraud, abuse, DDoS attacks, and other security threats. In incident cases, logs help investigate breaches and notify affected users per applicable laws.

Legal Bases for Processing (for GDPR/related users)

Consent

When required by law, we rely on clear, affirmative consent to process personal data-for example, using non-essential cookies, sending marketing emails, or collecting optional profile details. Consent is revocable: you can change cookie settings, unsubscribe from marketing, or delete consented data through account settings or by contacting support. We record consents to demonstrate compliance.

Contract performance

We process personal data necessary to fulfill our contract with you-creating and maintaining your account, processing subscriptions or purchases, delivering paid features, and enabling video uploads and streaming. Without this processing, we cannot provide core services like account access, content delivery, or billing.

Legitimate interests

For certain operations we rely on legitimate interests, balancing our needs with your privacy. Examples include: preventing fraud and abuse, maintaining platform security, optimizing site performance, and improving content discovery. We limit data use to what's necessary for these purposes and implement safeguards (minimization, access controls, retention limits) to protect your rights.

Legal compliance

We may process and disclose personal information to comply with legal obligations-responding to lawful requests from courts, law enforcement, or regulators; fulfilling tax and accounting requirements; and handling copyright takedown or safety investigations. When possible we seek to narrow requests and notify users unless prohibited by law.

User Content and Intellectual Property

Ownership of uploaded repair videos and reviews

You retain ownership of the original content you create and upload - including repair videos, written reviews, photos, captions, and associated metadata. Uploading content does not transfer your copyright; you remain the author unless you separately assign rights. Do not upload content you do not own or have permission to use (music, third-party footage, trademarked material) unless you have the necessary licenses.

License you grant us to host and display content

By posting content to the site you grant the service a non-exclusive, worldwide, royalty-free license to store, reproduce, transcode, distribute, display, and make derivative works (thumbnails, preview clips, lower-bitrate versions) as needed to operate the platform, deliver streaming, and promote the content within the service (e.g., recommendations, featured lists). This license lasts as long as the content is hosted on the platform and may be revoked by deleting the content; copies cached or archived for legal or backup purposes may persist for a limited time. If you choose to submit content under a different public license (e.g., Creative Commons), that license's terms will apply.

Moderation, takedown, and repeat infringement policy

We moderate user content to keep the community safe, useful, and lawful. Moderation actions may include removing content, issuing warnings, temporarily suspending features, or terminating accounts for serious or repeated violations. Grounds for removal include copyright infringement, personally identifiable information, illegal activity, hate speech, explicit or unsafe repair practices, or violations of our community guidelines.

Copyright takedowns: We respond to valid DMCA (or equivalent) notices and may remove allegedly infringing material. Users who believe content was wrongly removed can submit a counter-notice where legally available. Repeat infringers risk account termination.

Safety and privacy removals: If a video unintentionally exposes sensitive personal data (e.g., someone's image or private information), we'll expedite removal on verified request and may offer redaction guidance. For moderation disputes, contact support with evidence; for legal requests, we comply with applicable laws and endeavor to notify the uploader unless prohibited.

Sharing and Disclosure of Data

Third-party service providers (hosting, analytics, CDNs)

We share the minimum data required with trusted vendors who help operate the site. This includes:

Hosting and CDN providers: video files, thumbnails, and delivery metadata (file paths, formats, access logs) to store and stream content efficiently.
Transcoding and media-processing services: uploaded videos and derived assets (transcodes, thumbnails) to generate playable formats.
Analytics and performance vendors: pseudonymized or aggregated usage metrics, performance logs, and error reports to monitor site health and improve features.
Authentication, email, and payment processors: account identifiers, hashed credentials or tokens, email addresses for notifications, and billing details necessary to process subscriptions or purchases.

We require vendors to process data only for contracted purposes and to maintain industry-standard security. Where possible we use processors that offer data-protection commitments (e.g., SCCs for transfers from the EU).

Advertising and partners (if applicable)

If you opt into personalized ads or marketing, we may share limited data with advertising partners to deliver relevant promotions. Shared items may include anonymized audience segments, hashed identifiers, or consent flags-not raw personal data. Partners may set their own cookies or trackers; their use is governed by their policies. You can opt out of interest-based advertising via account settings, cookie preferences, or industry opt-out tools.

We do not sell personal information. Any paid promotional integrations or sponsored content are disclosed transparently on the site.

Legal requests and safety/security exceptions

We may disclose personal data when required by law or to respond to lawful requests from public authorities (courts, regulators, law enforcement). Disclosures may also occur to:

Prevent, investigate, or remediate fraud, security incidents, abuse, or threats to user safety.
Comply with subpoenas, court orders, or statutory obligations (tax, accounting).
Defend legal claims, enforce our terms, or protect the rights, property, or safety of users and the platform.

When feasible and legally permitted, we narrow requests, seek to limit scope, and notify affected users before disclosure. In emergencies involving imminent physical harm or threats to public safety, we may disclose information without prior notice.

Data Retention and Deletion

Retention periods for account, content, and logs

Account data: Active account profiles and core account fields (name, email, username, subscription status) are retained for the lifetime of the account. Inactive accounts are retained for up to 24 months after last sign-in before being flagged for deletion, unless you choose earlier deletion.
User-generated content (videos, reviews, comments): Content you upload remains hosted while your account is active or until you delete the content. Deleted content is removed from public view immediately; retained backups or caches may persist for up to 90 days for recovery and legal purposes.
Billing and transaction records: Transactional records, invoices, and payment metadata are retained for 7 years or the period required by applicable tax and accounting laws.
Logs and analytics: Short-term operational logs and security logs (access logs, error traces) are kept for 90-180 days for troubleshooting and security investigations. Aggregated or anonymized analytics used for product improvements may be stored indefinitely without personally identifiable information.
Legal holds and compliance: If required to comply with legal proceedings, investigations, or safety incidents, specific data may be retained beyond standard periods under a legal hold until the matter is resolved.

Retention periods are kept as short as practical and subject to change based on legal obligations or legitimate operational needs.

How users can request deletion or export of data

Account deletion: From account settings, choose "Delete account" to remove your profile and public content. Deletion removes access and de-links your profile; some traces (logs, backups, legal records) may remain per retention rules.
Content removal: Delete individual videos, reviews, or comments from your profile or content management page; removals take immediate effect publicly.
Data export (portability): Request a downloadable copy of your personal data and content via the "Export my data" option in account settings or by contacting privacy@ourdomain.example. Exports typically include profile details, uploaded video metadata, comments, watch history, and settings; large requests may take up to 30 days.
Right to be forgotten: To request complete erasure beyond self-service options, submit a deletion request through the privacy portal or email privacy@ourdomain.example with your account identifier. We verify requests to prevent unauthorized actions and respond within applicable legal timeframes (typically 30 days). We will confirm completion and note any data that must be retained for legal reasons.
Third-party data removal: If your content was shared with authorized third parties (CDNs, partners), we will instruct partners to remove account-linked data where feasible; timing may vary by partner capability and contractual terms.
Questions or disputes: For help with export or deletion, or if you believe something was not properly removed, contact support with details and we will investigate and remediate as appropriate.

For region-specific requests under laws like GDPR/CCPA, use the respective privacy request forms in account settings or the privacy contact; we process those requests in line with local legal requirements.

Security Measures

Technical and organizational safeguards

We protect user data with layered security controls aligned to industry best practices:

Encryption: TLS for data in transit and AES-256 or equivalent for sensitive data at rest (including backups where feasible). Passwords stored as salted hashes (e.g., bcrypt/Argon2).
Access controls: Role-based access, least-privilege policies, and multi-factor authentication for privileged accounts and admin tools.
Network and infrastructure protections: Firewalls, WAFs, intrusion detection/prevention, and segmented networks for production systems and storage.
Secure development: Code review, static/dynamic analysis, dependency scanning, and regular patching. Pre-deployment testing and staging environments mirror production controls.
Data minimization & retention policies: Limit data collection to necessary fields, mask or pseudonymize where possible, and enforce retention schedules and automated purging.
Vendor management: Contractual security requirements, vendor assessments, and periodic reviews for third-party processors (CDNs, hosting, analytics).
Operational practices: Logging and monitoring, incident response plans, employee security training, background checks for sensitive roles, and regular backups with tested recovery procedures.
Privacy by design: Integrating privacy/security decisions into feature design (consent gating, configurable sharing, safe defaults).

How we handle breaches and user notification

If we detect a security incident affecting personal data, we follow a defined incident response process:

Containment and assessment: Immediately isolate affected systems, assess scope and impact, and preserve forensic evidence.
Mitigation and remediation: Apply fixes, revoke compromised credentials/tokens, rotate keys, and patch vulnerabilities to prevent recurrence.
Notification: If personal data is reasonably likely to result in risk to individuals, we notify affected users promptly with clear details of what occurred, what data was involved, recommended user actions (e.g., change password, monitor accounts), and steps we've taken. Notifications are sent via email and in-product messages where possible.
Regulatory reporting: Where required by law (e.g., GDPR), we notify relevant supervisory authorities within mandated timeframes and provide cooperation during investigations.
Post-incident review: Conduct root-cause analysis, update security controls and policies, and publish a summary of lessons learned when appropriate.

We encourage users to enable strong, unique passwords and MFA where available; report suspicious activity to support; and follow our public security advisories for recommended actions.

International Data Transfers

Transfers outside user's country and safeguards (e.g., SCCs)

We may transfer and store data on servers or with processors located outside your country to deliver streaming, hosting, analytics, and support. When transfers occur, we implement appropriate safeguards to protect your data, such as:

Standard Contractual Clauses (SCCs): Contractual commitments with processors to ensure adequate protections when transferring data from the EU/EEA or UK to jurisdictions without an adequacy decision.
Data processing agreements: Written contracts that limit processor use to our instructions and require security, confidentiality, and breach-notification obligations.
Technical protections: Encryption of data in transit (TLS) and at rest; access controls and key management to limit exposure.
Vendor selection and assessment: Due diligence and periodic audits to verify that third parties maintain security and comply with applicable privacy requirements.
Minimization and localization: Where feasible, we localize storage or limit transferred data to the minimum necessary for the service.

If you are in a region with specific transfer restrictions and need details about where your account data is stored or the safeguards in place, contact our privacy team for region-specific disclosures and copies of applicable SCCs or transfer agreements.

Children's Privacy

Age restrictions and parental consent policy

Our service is intended for users aged 13+ (or older where local law requires a higher minimum). We do not knowingly collect personal information from children under the applicable age threshold without verifiable parental consent. Key points:

Age gating: Users register with a date of birth; suspected under-age accounts are subject to additional verification and may be restricted or removed.
Parental consent: For regions that require parental consent (e.g., GDPR states or COPPA in the U.S.), we obtain verifiable parental consent before collecting personal data from children and limit data collection to what is necessary to provide the service.
Content rules for minors: Content that depicts minors must comply with safety guidelines; avoid uploading videos that expose a child's sensitive information. We remove content involving exploitive or unsafe situations and report to authorities when required.
Rights for parents: Parents or guardians may request access to, correction of, or deletion of a child's data by contacting our privacy team and providing proof of relationship. We will verify requests to prevent unauthorized changes.
Education and safety: We provide guidance on safe uploading practices for creators working with minors (blur faces, remove location identifiers) and recommend parental supervision for minors using the service.

If you believe we have collected data from a child without required consent, contact privacy@ourdomain.example and we will promptly investigate and take corrective action.

Your Rights and How to Exercise Them

Access, correction, deletion, portability

Access: You can request a copy of personal data we hold about your account (profile, contact info, uploaded content metadata, watch history) via the account "Export my data" tool or by contacting privacy@ourdomain.example. We will provide data in a commonly used, machine-readable format.
Correction: Update profile fields, preferences, and public content directly in account settings. To correct data we cannot change via UI (e.g., historic logs), submit a correction request and we'll amend or annotate records where feasible.
Deletion: Use "Delete account" in settings to remove your profile and public content. For full erasure requests that exceed self-service options, submit a verified deletion request; we'll remove data per retention rules and notify you when complete. Some records (backups, legal holds) may persist as required by law.
Portability: Exported data includes profile details, comments, video metadata, and watch history. Large exports may take up to 30 days; you'll be notified when the file is ready.

Objection and restriction of processing

Object: Where processing is based on legitimate interests (e.g., analytics, personalization), you may object to that processing. We will assess and either cease the activity or demonstrate compelling legitimate grounds to continue.
Restriction: You can request restriction of processing (temporarily suspending use of your personal data) while a dispute or verification is resolved. Restricted data will not be used for new processing purposes beyond storage.
Marketing opt-out: Unsubscribe from marketing communications via links in emails or account settings; opt-out preferences are honored promptly.
Profiling: Request limits on automated profiling for recommendation or ad personalization; we'll provide human review and allow opt-out options where required by law.

How to submit a privacy request (contact form, email)

In-product: Use the privacy/request form in account settings for access, portability, correction, restriction, objection, or deletion requests. This is the fastest method and supports status tracking.
Email: Send requests to privacy@ourdomain.example with the subject line indicating the request type (e.g., "Data Export Request," "Delete My Account"). Include your account email and a short description of the request.
Verification: To protect privacy, we verify requests (sign-in, confirmation email, or identity documents where legally required) before fulfilling requests. Provide any requested verification promptly to avoid delays.
Response time: We respond to verified requests within applicable legal timeframes (typically 30 days). If we need more time, we'll notify you with reasons and an expected date.
Escalation & complaints: If dissatisfied with our response, you may escalate internally via the privacy contact or file a complaint with your local supervisory authority (e.g., data protection regulator). Provide case references from our replies when available.

For region-specific forms (GDPR, CCPA/CPRA) use the dedicated links in account settings or contact privacy@ourdomain.example for assistance.

Changes to This Privacy Policy

How we notify users of updates

We publish material changes to this policy on the site and notify registered users by email and in-product notices when the changes are significant (e.g., new data uses, new categories of shared data, or expanded retention). Minor clarifications or routine edits are posted on the policy page without separate notification. For changes that require consent (e.g., new marketing or tracking), we present a consent banner or settings prompt and will not apply the new processing to you until you accept.

Effective date and version history

This policy is effective as of the date shown below. We maintain a version history on the privacy page with the effective date and a brief summary of material changes for each version so users can review what changed and when. If a change materially reduces your rights or increases data sharing, we highlight that change and provide instructions for opting out or deleting your account.

Effective date: December 14, 2025

Additional Notices for Specific Regions

GDPR (EU) summary

Legal bases: We process EU personal data based on consent, contract performance, legitimate interests, or legal obligations as described above.
Rights: EU users have rights to access, rectification, erasure, restriction, objection, portability, and to withdraw consent. Requests handled via the privacy portal or privacy@ourdomain.example; verified requests answered within 30 days.
Representative & transfers: Where required, we appoint an EU representative and use safeguards (SCCs, data processing agreements) for transfers outside the EEA. Copies of SCCs and DPIAs are available on request.
Automated decisions: Automated profiling for recommendations is used; EU users can request human review or opt out where applicable.

CCPA/CPRA (California) summary

California consumer rights: California residents may request: (1) disclosure of categories of personal information collected, sold, or shared; (2) access to specific pieces of personal information; (3) deletion of personal information; (4) opt-out of sale/sharing of personal information; and (5) nondiscrimination for exercising rights.
No sale of personal information: We do not sell personal information. If sharing for targeted advertising occurs, opt-out controls are provided in account settings and via the global opt-out signal.
How to submit requests: Use the privacy portal, "Do Not Sell or Share My Personal Information" link, or contact privacy@ourdomain.example. We verify requests and respond within statutory timelines.

Other regional disclosures (UK, Canada, Australia)

UK: UK residents have rights mirroring the GDPR. We comply with UK data protection law, use SCCs or equivalent safeguards for transfers, and work with the UK ICO on regulatory matters. Contact privacy@ourdomain.example for UK-specific inquiries.
Canada: Under Canadian privacy laws (PIPEDA and provincial rules), we obtain meaningful consent, limit collection, and provide access/correction mechanisms. Canadian users can contact our privacy team or file complaints with the applicable provincial privacy commissioner.
Australia: We comply with the Australian Privacy Principles (APPs) - collecting only necessary data, providing access and correction rights, and handling cross-border disclosures with contractual safeguards. Privacy complaints can be submitted to our privacy officer or the Office of the Australian Information Commissioner (OAIC).

For detailed, region-specific notices (data retention differences, lawful bases, regional contact details, or regulator references), visit the regional privacy pages or contact privacy@ourdomain.example.