Privacy Policy

Last updated: Febuary 27, 2026

This Privacy Policy describes how Studio Cosmo VOF, with registered office at Delaunoystraat 15, 1080 Sint-Jans-Molenbeek (Belgium) and company number 0630.603.037 (“Studio Cosmo”, “we”, “us” or “our”), processes your personal data when you use our websites, mobile applications, products and services, including our video (post)production platform (the “Platform”) (collectively, the “Service”).

We respect your privacy and process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws. Terms used in this Privacy Policy have the meaning given to them under the GDPR.

This Privacy Policy explains how we process personal data when we act as a data controller, meaning we determine the purposes and means of the processing.

In some situations, we also process personal data on behalf of the users of our Platform, in which case we act as a data processor. That type of processing is not governed by this Privacy Policy, as explained further below (Subsection 1.1).

1. Our role under data protection law

Depending on the context, Studio Cosmo may act either as a data controller or a data processor.

1.1. When Studio Cosmo acts as a data processor

We act as a data processor when we process personal data contained in media content that users upload, create, or manage when using our Platform, including associated tools, functionality and artificial intelligence components (“User Content”) on their behalf and according to their instructions. User Content may include video, audio, images, and other materials that contain information relating to identifiable individuals.

In these situations:

  • The user customer that uploads or controls the content is the data controller.
  • We process the personal data in User Content solely on behalf of the relevant user and in accordance with their instructions, in order to provide the functionality of the Service (for example, hosting, storing, editing, rendering, and exporting video content).
  • Our processing is governed by our Data Processing Addendum (DPA) or customer contracts. This Privacy Policy does not apply to such processing. If you have questions about personal data contained in User Content, you should contact the user or organization that uploaded or controls that content, as they act as the data controller for that processing.

1.2. When Studio Cosmo acts as a data controller

We act as a data controller when we process personal data for our own purposes and determine the means of that processing. This may include personal data relating to the operation and use of the Platform, such as account information, usage metadata, technical logs, security data, and platform management information, including where such data is generated in connection with User Content.

A full description of all purposes for which we act as a controller is provided in Section 3. This Privacy Policy applies to such processing, and all personal data processed in these contexts is subject to the conditions described in this Privacy Policy.

2. Personal data we process as data controller

When we act as a data controller, we may process the following categories of personal data:

2.1. Account and identification data

  • Name
  • Email address
  • Username or account ID
  • Organization and role (where applicable)
  • Login credentials (in secured form)

2.2. Contact and communication data

  • Information you provide when contacting us
  • Support requests and correspondence
  • Feedback or survey responses

2.3. Technical and device data

  • IP address
  • Device type, operating system, and browser information
  • Unique device identifiers
  • System configuration data

2.4. Usage and interaction data

  • Log data (dates and times of access, actions taken within the Service)
  • Feature usage and interaction patterns
  • Performance and diagnostic data
  • Error and crash reports

2.5. Security and integrity data

  • Information necessary to detect, prevent, and investigate misuse, fraud, or security incidents
  • Information relating to violations of our terms or content policies

2.6. Payment and transactional data (where applicable)

  • Billing address
  • Transaction history
  • Payment status information (payment card details are typically processed by our payment providers)

2.7. User Content

Our Platform allows users to upload and create content such as videos, images, audio, text, and related metadata (“User Content”). This content may contain personal data, including images of individuals, voices, and contextual information.

As described in Subsection 1.1, we process such User Content primarily as a data processor on behalf of users or business customers. We do not determine the purposes for which this content is collected or used by them. Certain limited processing of User Content may occur as part of our role as a data controller, for example where necessary to:

  • Ensure Platform and Service security and integrity (see Subsection 3.1)
  • Enable analytics, research, and Service improvement (see Subsection 3.2)
  • Detect misuse or violations of our policies (see Subsection 3.5)
  • Comply with legal obligations (see Subsection 3.5)

When we act as a data controller, we process personal data for the purposes described below. In doing so, we rely on one of the legal bases provided for in the GDPR, depending on the situation:

3.1. Providing and operating the Service

We may process personal data to:

  • Create and manage user accounts
  • Enable access to and use of the Service, including the Platform
  • Host and store content uploads (technical handling, not training)
  • Maintain, secure, and troubleshoot the Service
  • Monitor Platform performance and detect misuse
  • Improve Platform functionality for operational purposes (e.g., usability, stability, feature fixes)

Legal basis:

  • Performance of contract
  • Legitimate interests (to operate, secure, and maintain the Service)

3.2. Analytics, research, and Service improvement

We may process aggregated, de-identified data, or otherwise anonymized data or contextual data relating to the use of the Service for:

  • Analytics to understand user behavior and improve the user experience
  • Internal research and product development
  • Improving our artificial intelligence models and other Platform technologies
  • Aggregated statistical reporting

Legal basis:

  • Legitimate interests (to improve and innovate the Service)

3.3. Communications and support

We may process personal data to:

  • Respond to inquiries and provide support
  • Provide customer support
  • Send service-related notices and updates
  • Send administrative messages (e.g., account or security notices)

Legal basis:

  • Performance of contract
  • Legitimate interests (maintaining customer relationships and support)

3.4. Marketing, events and promotions

We may process personal data to:

  • Send marketing communications about our products and services
  • Personalize promotional content
  • Administer contests, events, and promotions
  • Communicate with participants

Legal basis:

  • Consent (where required)
  • Legitimate interests (where permitted and balanced against user rights)

You may opt-out of marketing communications at any time as described in the “Data subject rights” section (Section 7).

3.5. Compliance, safety and security

We use personal data to:

  • Prevent, detect and investigate fraud, misuse, security incidents and violations of our terms
  • Comply with legal and regulatory obligations
  • Protect the rights, safety, and property of users, third parties, and Studio Cosmo

Legal basis:

  • Legal obligation
  • Legitimate interests (protecting users and Platform integrity)

3.6. Other processing activities

We may process personal data for other purposes such as:

  • Billing and payment processing
  • Responding to legal requests from public authorities
  • Transfers in connection with business transactions (sale, merger, etc.)

Legal basis:

  • Performance of contract
  • Legal obligation
  • Legitimate interests

4. Data retention

We retain personal data described in Section 2 only for as long as necessary for the purposes set out in this Privacy Policy, taking into account legal, contractual, and operational requirements. In particular:

  • Account and identification data (Subsection 2.1): retained for the duration of the account and a limited period thereafter to manage reactivation, disputes, and legal obligations.
  • Contact and support communication data (Subsection 2.2): retained as necessary to handle requests, provide support, and maintain internal records.
  • Technical and device data (Subsection 2.3) and usage and interaction data (Subsection 2.4): retained for security, troubleshooting, performance monitoring, and operational analysis for a limited period.
  • Security and integrity data (Subsection 2.5): retained for as long as necessary to investigate incidents, enforce our terms and policies, prevent abuse, and comply with legal obligations. Retention periods for this data may be longer where required for legal claims or ongoing investigations.
  • Payment and transaction data (Subsection 2.6): retained as required for financial reporting, tax, and legal compliance.

5. Sharing of personal data

When acting as a data controller, we may share personal data with:

  • Cloud hosting and infrastructure providers
  • Security, monitoring, and analytics providers
  • Payment service providers
  • Professional advisers (legal, financial, auditors)
  • Public authorities where required by law or to protect our rights

These service providers are authorized to process personal data only as necessary to provide services to us and are subject to contractual safeguards.

We do not sell personal data.

Where we act as a data processor, personal data contained in User Content may be shared with carefully selected sub-processors strictly as necessary to provide the Service and in accordance with our Data Processing Agreement and applicable data protection laws.

6. International data transfers

Personal data may be transferred to and processed in countries outside the European Economic Area (EEA).

Where such transfers occur, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission, or
  • other legally recognized transfer mechanisms.

7. Data subject rights

Where we act as a data controller, individuals may have the following rights under applicable data protection law:

  • Right of access: You can request confirmation of whether we process your personal data and obtain a copy of such data.
  • Right to rectification: You can request that inaccurate or incomplete personal data we hold about you be corrected.
  • Right to erasure (“right to be forgotten”): You can request deletion of your personal data where it is no longer necessary for the purposes for which it was collected or processed, or where you have withdrawn consent.
  • Right to restriction of processing: You can request that we temporarily limit how we process your personal data, for example while a dispute about accuracy is resolved.
  • Right to data portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format and, where technically feasible, have it transferred to another controller.
  • Right to object to processing based on legitimate interests: You can object to certain types of processing where we rely on legitimate interests as our legal basis.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw your consent at any time; this will not affect the lawfulness of processing based on consent before withdrawal.

Note regarding User Content: Requests relating to personal data contained in User Content that is controlled by a Platform user should generally be directed to that user, as they are the data controller for that processing. Studio Cosmo will assist our Platform users where required by law.

8. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures take into account the nature of the data and the risks involved in processing.

9. Children

The Service is not intended for use by anyone under 13 years of age.

We do not knowingly collect personal data directly from children in a manner prohibited by applicable law. If you are a parent or guardian and believe that a child has provided us with personal data in violation of applicable law, please contact us using the details below.

If we become aware that we have collected personal data from a child without the consent of a parent or guardian where such consent is required, we will take steps to delete the information in accordance with applicable legal requirements.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will provide appropriate notice through the Service or by other means.

11. Contact

If you have questions about this Privacy Policy or our processing of personal data, please contact:

Email: info@studiocosmo.be

Address: Delaunoystraat 15, 1080 Sint-Jans-Molenbeek (Belgium)

You also have the right to lodge a complaint with your local data protection authority.