Back to home

Privacy Policy

Effective Date: March 17, 2026

1. Introduction

EasyViral.ai ("EasyViral," "we," "our," or "us") operates the EasyViral.ai platform (the "Service"), an AI-powered video generation SaaS tool that enables users to create short-form video content for platforms such as TikTok, Instagram Reels, and YouTube Shorts.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our Service.

We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable regulations. We only collect personal data that is necessary for the purposes described in this policy.

Data Controller

The data controller responsible for your personal data is:

EasyViral.ai
1111B S Governors Ave # 89052
Dover, DE 19904
United States

Privacy Contact: [email protected]

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, login credentials, and profile details.
  • Authentication Data: Information from OAuth providers (Google, Apple) including name, email, and profile image.
  • Payment Information: Billing details processed securely by Stripe or our merchant-of-record provider. We do not store full card numbers.
  • Content Inputs: Prompts, topics, niche selections, voice preferences, and other configuration data you provide to generate videos.
  • Voice Data: If you use our voice cloning feature, we collect voice samples that you upload or record. Voice data is classified as biometric data in certain jurisdictions (see Section 2.4).
  • Support Communications: Messages, feedback, and inquiries you send to our support team.

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type, device type, operating system.
  • Usage Data: Features used, videos generated, credits consumed, subscription activity.
  • Log Data: Access timestamps, system events, security logs.
  • Cookie & Tracking Data: See Section 13 and our Cookies Policy.

2.3 Information from Third Parties

  • Social Media Integrations: When you connect social media accounts for video publishing, we receive access tokens, account identifiers, and basic profile information (such as username and profile image) necessary to publish videos on your behalf. We do not access your followers, direct messages, or analytics unless explicitly disclosed.
  • AI Processing Providers: Prompts and generation instructions may be processed by third-party AI infrastructure providers (see Section 7).
  • Analytics Providers: Aggregated usage insights from analytics services.

2.4 Voice Data and Biometric Information

Our voice cloning feature allows you to upload or record voice samples to create a custom AI voice for your videos. This voice data is:

  • Collected solely for the purpose of generating a personalized AI voice for your video content.
  • Processed by our third-party voice synthesis provider, ElevenLabs, under their applicable Privacy Policy.
  • Retained for up to 30 days after you delete your voice clone or deactivate the feature, after which it is permanently deleted from our systems. You may delete your voice clone and associated voice data at any time from your account settings.
  • Not sold, shared, or used for any purpose other than providing the voice cloning service.

Notice for users in Illinois, Texas, and Washington: Voice data may be classified as biometric data under state laws including the Illinois Biometric Information Privacy Act (BIPA). By uploading or recording voice samples for voice cloning, you consent to the collection, processing, and storage of your voice data as described in this section. You may withdraw consent and request deletion at any time by contacting [email protected].

2.5 Google OAuth Data

When you sign in with Google, we request access to your basic profile information (name, email address, and profile photo) solely for account creation and authentication purposes. We do not access your Google Drive, Gmail, Contacts, Calendar, or any other Google services beyond basic authentication without your explicit consent.

Data obtained through Google OAuth is used exclusively for the following purposes:

  • Creating and maintaining your EasyViral account
  • Authenticating your identity when you sign in
  • Displaying your name and profile photo within the Service

We do not use data received from Google APIs for advertising, retargeting, or any purpose unrelated to providing and improving the Service. Data received via Google APIs is not shared with third parties except as necessary to provide the Service (e.g., cloud infrastructure) or as required by law.

Google API Services User Data Policy Compliance: Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we limit our use of Google user data to the practices explicitly disclosed in this Privacy Policy, we do not allow humans to read Google user data unless we have your affirmative agreement, and we do not use or transfer Google user data for serving ads or for any purpose other than providing the Service.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, we process personal data under the following legal bases:

PurposeLegal Basis
Account creation & service deliveryContractual necessity
Subscription billing & fraud preventionContractual necessity + legitimate interest
AI content generationContractual necessity
Voice cloningExplicit consent
Security monitoringLegitimate interest
Compliance with tax & accounting lawsLegal obligation
Marketing communicationsConsent or legitimate interest (where permitted)
Analytics & service improvementLegitimate interest
Content moderation & abuse preventionLegitimate interest

4. How We Use Your Information

We use your data to:

  • Operate and maintain the Service
  • Generate AI-powered video content based on your inputs
  • Process subscription payments and manage billing
  • Allocate and track usage credits
  • Provide voice cloning functionality using your uploaded voice samples
  • Publish videos to connected social accounts (with your authorization)
  • Provide customer support
  • Improve platform quality, stability, and user experience
  • Detect fraud, prevent abuse, and enforce our Terms of Service
  • Comply with legal requirements

We do not sell, rent, or trade your personal data.

We do not use your personal data or generated content to train external AI foundation models.

5. Automated Decision-Making & Content Moderation

EasyViral uses automated systems to:

  • Detect prohibited or harmful content
  • Flag abusive behavior or policy violations
  • Restrict certain features to prevent misuse
  • Prevent fraudulent activity

These systems may result in automated restrictions on your account or content. Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects concerning you.

If you believe a restriction was applied incorrectly, you may request human review by contacting [email protected].

6. Data Sharing

We do not sell or share your personal information as defined under the CCPA. We may share data with the following categories of service providers who assist in operating our platform:

  • Hosting & infrastructure: Cloud hosting and database providers.
  • AI processing: Third-party AI providers used to generate video content, voice synthesis, and image generation.
  • Payment processing: Stripe for secure payment handling.
  • Analytics: Analytics services for aggregated usage insights.
  • Email delivery: Transactional and marketing email providers.
  • Advertising: Meta Pixel for campaign performance measurement (see Section 13.1).

We may also disclose information if required by law, to protect our rights, to prevent harm, or in connection with a merger, acquisition, or sale of assets.

7. AI & Sub-Processors

We use third-party service providers to operate the platform. These may include:

  • Stripe – payment processing
  • Hosting & cloud infrastructure providers
  • Email delivery providers
  • Analytics providers
  • AI processing providers– including but not limited to OpenAI, OpenRouter, Replicate, ElevenLabs, Sarvam AI, fal.ai, and other API-based model providers
  • Content trend data providers (e.g., Virlo API)

These providers process data strictly under contractual agreements (including Data Processing Agreements where required) and only for service delivery purposes.

We maintain a list of sub-processors involved in data processing. Our current sub-processors include Stripe (payment processing), ElevenLabs (voice synthesis), Sarvam AI (voice synthesis for Indian languages), OpenAI (AI content generation), OpenRouter (AI model routing and processing), Replicate (AI image and video processing), fal.ai (AI image and video processing), Virlo (content trend data), and our cloud infrastructure and analytics providers. For a complete and up-to-date list, please contact us at [email protected]. We will notify users of any material changes to our sub-processor list.

8. Data Retention

We retain personal data only as long as necessary for the purposes described below:

Data TypeRetention Period
Account DataUntil account deletion or 3 years of inactivity (no login or service usage)
Subscription & Billing Records7 years (legal obligation)
Generated Videos & AssetsUp to 90 days from generation, unless deleted earlier by the user
Voice Clone DataDeleted within 30 days after user removes the voice clone or account is deleted
Moderation Logs & Audit RecordsUp to 12 months
Usage Logs12 months
Support Records2 years

Account Deletion

When you request account deletion, your account is immediately deactivated and your data enters a 30-day retention period. During this period:

  • Access to the account is permanently disabled.
  • Your data is retained for up to 30 days to allow for account recovery requests, after which personal identifiers are permanently removed or anonymized.
  • Voice clone data is permanently deleted within 30 days of account deletion.
  • Generated videos and assets are permanently deleted within 30 days.
  • Certain financial, audit, and fraud-prevention records may be retained beyond 30 days as required by law (e.g., billing records for up to 7 years).

After the 30-day retention period, all personal data is permanently and irreversibly deleted from our systems, except for legally required records.

Users may delete generated content at any time from their dashboard. Deletion is processed promptly, though cached copies may persist briefly in our infrastructure before being fully purged.

9. Right to Erasure (GDPR Article 17)

Users may request deletion of their personal data.

We will erase personal data unless:

  • Retention is required by law (e.g., tax and financial records)
  • Data is necessary for the establishment, exercise, or defense of legal claims
  • Fraud prevention obligations require temporary retention

Deletion requests can be submitted to [email protected]. We will respond within 30 days and may request identity verification before processing.

10. Data Portability

Upon verified request, we will provide your personal data in a commonly used, machine-readable format (such as JSON or CSV) where technically feasible. Requests can be submitted to [email protected].

11. International Transfers

Your data may be processed outside your country of residence, including in the United States.

For EEA/UK users, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Other lawful transfer safeguards as required

12. Data Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • Encrypted storage of sensitive data at rest
  • PCI-DSS compliant payment handling via Stripe
  • Restricted internal access controls with role-based permissions
  • Monitoring and abuse prevention systems

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach affecting personal data:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where legally required under GDPR.
  • Affected users will be notified without undue delay if the breach presents a high risk to their rights and freedoms.

13. Cookies & Tracking

We use the following categories of cookies and tracking technologies:

  1. Essential Cookies– Authentication, session management, and security. These are necessary for the Service to function.
  2. Analytics Cookies– Performance measurement using services such as Google Analytics 4. Data collected includes page views, session duration, and feature usage. This data is sent to Google for processing under their privacy terms.
  3. Advertising Tools– Including Meta Pixel for campaign performance tracking (see Section 13.1).

Users in applicable jurisdictions may manage cookie preferences via our consent banner. For full details, see our Cookies Policy.

13.1 Meta Pixel Disclosure

We use the Meta Pixel on our website to measure the effectiveness of our advertising campaigns. The Meta Pixel collects the following data:

  • Page views and pages visited
  • Button clicks and interactions
  • Purchase and conversion events
  • Time spent on pages
  • Hashed identifiers (such as hashed email) for audience matching

This data is shared with Meta Platforms, Inc. and may be used by Meta for ad targeting, measurement, and optimization across their platforms (Facebook, Instagram). You can opt out of Meta's use of your data for ad targeting through your Facebook Ad Settings or by using our cookie consent banner to disable advertising cookies.

13.2 Do Not Track & Global Privacy Control

We do not currently respond to "Do Not Track" (DNT) browser signals, as there is no universally accepted standard for how to respond to such signals. However, you may manage your cookie and tracking preferences using our consent banner or your browser settings.

We recognize the Global Privacy Control (GPC) signal as a valid opt-out of sale or sharing of personal information as required under the California Consumer Privacy Act (CCPA) and applicable state privacy laws, including those in Colorado, Connecticut, and other jurisdictions that mandate honoring universal opt-out signals. If we detect a GPC signal from your browser, we will treat it as a request to opt out of any sale or sharing of your personal information.

14. Marketing Communications

We may send:

  • Transactional emails– Billing notices, security alerts, account notifications, and critical system messages. These cannot be opted out of as they are necessary for service delivery.
  • Marketing emails– Product updates, feature announcements, and promotional offers. You may opt out at any time using the unsubscribe link in any marketing email.

Certain critical notifications (such as security alerts or changes to our Terms of Service) may override marketing preferences when legally or operationally necessary.

15. Children's Privacy

The Service is not intended for children. In the United States, we do not knowingly collect personal data from children under the age of 13 in compliance with the Children's Online Privacy Protection Act (COPPA). In the European Economic Area and the United Kingdom, we do not knowingly collect personal data from individuals under the age of 16 in compliance with the GDPR. If we become aware that we have collected data from a child under the applicable minimum age, we will take steps to delete it promptly.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us at [email protected].

16. Your Rights

16.1 Rights Under GDPR / UK GDPR

If you are located in the EEA or UK, you have the right to:

  • Access – Request a copy of the personal data we hold about you
  • Rectification – Request correction of inaccurate or incomplete data
  • Erasure – Request deletion of your personal data (see Section 9)
  • Restriction – Request limitation of processing in certain circumstances
  • Portability – Receive your data in a structured, machine-readable format
  • Objection – Object to processing based on legitimate interest
  • Withdraw Consent – Where processing is based on consent, withdraw it at any time
  • Lodge a Complaint– You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated

16.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know– Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Delete– Request deletion of your personal information, subject to certain legal exceptions
  • Opt-Out of Sale/Sharing– We do not sell or share your personal information as defined under the CCPA. No opt-out action is required.
  • Limit Use of Sensitive Personal Information– You may request that we limit use of sensitive personal information (including biometric data such as voice samples) to what is necessary for the Service
  • Non-Discrimination– We will not discriminate against you for exercising your CCPA rights
  • Authorized Agent– You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority and your identity

Financial Incentive Disclosure: We may offer promotional credits, referral bonuses, or other incentives. These are not offered in exchange for the sale of personal information. The value of such incentives is based on business costs and is not tied to the value of your personal data.

16.3 Exercising Your Rights

To exercise any of the rights described above, contact us at [email protected].

Identity Verification: To protect your account security, we may need to verify your identity before processing data access, deletion, or portability requests. We may request additional information to confirm your identity.

Response Timeframes:

  • GDPR/UK GDPR requests: We will respond within 30 days. This period may be extended by up to 60 days for complex or numerous requests, with prior notification.
  • CCPA requests: We will respond within 45 days. This period may be extended by an additional 45 days where reasonably necessary, with prior notification.

17. Third-Party Links

Our Service may contain links to third-party websites, social media platforms, and external services. We are not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policies of any third-party services you interact with through our platform.

18. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

When changes are made:

  • The effective date at the top of this document will be updated.
  • For material changes, we will notify users via email or an in-app notification at least 30 days before the changes take effect.
  • Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

19. Contact Information

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, contact us at:

EasyViral.ai
1111B S Governors Ave # 89052
Dover, DE 19904, United States

Email: [email protected]

Website: https://easyviral.ai

Privacy PolicyTerms of ServiceRefund & CancellationCookies Policy