Kiridot legal
Privacy Policy
This Privacy Policy explains how Kiridot handles personal information and creative content when you use the AI video production platform.
Effective date: June 24, 2026
Kiridot is based in Canada and designs its privacy program around Canadian private-sector privacy principles, including accountability, identified purposes, consent, safeguards, openness, access, and complaint handling.
1. Our Role
Kiridot operates the Service and is responsible for personal information it collects and controls. When you upload content about other people, products, customers, creators, or brand contacts, you are responsible for ensuring that you have permission to provide that information to Kiridot.
Some information may be processed by third-party providers that help us provide AI generation, payment, storage, email, support, analytics, social publishing, and security services.
2. Information We Collect
Account and billing information
- Name, email address, username, password hash, date of birth if provided, profile information, workspace information, authentication state, email verification, password reset, and two-factor authentication settings.
- Subscription tier, credit balances, payment status, Stripe customer and payment references, invoices, transaction history, failed payment events, and billing support communications.
Creative content and production data
- Prompts, scripts, chat messages, storyboards, generated videos, generated images, generated audio, captions, thumbnails, product URLs, product descriptions, product images, brand names, logos, guidelines, colors, target audience, campaign goals, and auto-series schedules.
- Character and persona data, including names, appearance descriptions, demographic descriptors, voice or style preferences, reference images, generated portraits, and usage notes.
- User-uploaded videos, images, audio, and other files used for dubbing, voice-over, translation, captions, upscaling, character swap, motion swap, UGC, ad, narrated, cinematic, and related workflows.
Technical, security, and usage information
- IP address, device and browser data, user agent, locale, pages viewed, feature usage, API requests, errors, rate-limit data, cookies, session tokens, and approximate location inferred from network information.
- OAuth state, encrypted OAuth access or refresh tokens, social profile identifiers, usernames, channel/account IDs, publishing options, and publish job records when you connect social accounts.
3. How We Use Information
- Provide, authenticate, secure, operate, troubleshoot, and support the Service.
- Generate scripts, images, videos, voices, captions, translations, storyboards, UGC concepts, ad variations, and other requested outputs.
- Maintain workspaces, projects, characters, brand/product memory, credit balances, subscriptions, invoices, refunds, and usage history.
- Enable optional social publishing and connected account management at your direction.
- Detect, prevent, and investigate fraud, abuse, security incidents, policy violations, and harmful content.
- Send transactional emails, account notices, security alerts, billing updates, and marketing communications where permitted by law and your choices.
- Improve the Service using aggregated or de-identified analytics, diagnostics, and product telemetry.
4. AI Processing and Training
Kiridot sends relevant prompts, media, scripts, metadata, and outputs to AI and media-processing providers only as needed to provide the requested features, enforce safety rules, route jobs, troubleshoot, and maintain the Service.
Kiridot does not use your specific creative inputs or generated outputs to train or fine-tune Kiridot models without your explicit opt-in consent. Third-party AI provider processing is also subject to their contractual terms and policies.
5. Consent, Legal Bases, and Canadian Privacy Rights
We collect, use, and disclose personal information for identified purposes, with consent where required, and as otherwise permitted by applicable law. Consent may be express or implied depending on context, sensitivity, and reasonable expectations.
You may request access to, correction of, or deletion of personal information, withdraw consent where processing is based on consent, unsubscribe from marketing, or ask a privacy question by contacting [email protected].
6. Sharing and Disclosure
- Service providers and subprocessors that host, store, process, secure, analyze, email, bill, or generate content for the Service.
- Social platforms when you connect an account or instruct Kiridot to publish content.
- Professional advisors, auditors, insurers, payment networks, banks, tax authorities, and legal or regulatory bodies where needed.
- Law enforcement, courts, regulators, or other parties when required by law, to protect rights or safety, or under our Government Requests Policy.
- A successor organization in connection with a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets.
7. International Transfers and Subprocessors
Kiridot is based in Canada, but personal information and creative content may be processed in Canada, the United States, and other countries where Kiridot, its providers, AI models, payment processors, storage providers, or social platforms operate.
When we use service providers, we use contractual, technical, and organizational safeguards appropriate to the sensitivity of the information and the provider role. See our Subprocessors page for provider categories and verification notes.
8. Retention and Deletion
- Account, billing, tax, security, and legal records are retained as long as needed for the Service, compliance, disputes, fraud prevention, and business records.
- User uploads used as source inputs are generally retained for the job workflow and may be deleted after completion according to the media retention rules.
- Failed job artifacts may be deleted after a short operational period; technical outputs from tools may expire; core narrative videos, characters, and workspace brand assets may be retained while the workspace remains active.
- Deleted content may remain in backups, logs, and provider systems for a limited period before normal expiration, unless longer retention is required or permitted by law.
9. Security Safeguards and Incidents
We use safeguards designed for the sensitivity of the information, including encrypted OAuth token storage, HMAC-signed media URLs, authentication controls, rate limiting, access controls, logging, and provider security measures.
No system is perfectly secure. If we determine that a privacy or security incident requires notification under applicable law, we will notify affected individuals and regulators as required.
10. Cookies and Marketing Communications
Kiridot uses cookies and similar technologies for authentication, security, preferences, analytics, and product functionality. See the Cookie Policy for details.
Kiridot follows Canadian anti-spam principles for commercial electronic messages. You can unsubscribe from marketing emails, but we may still send transactional, security, billing, and service messages.
11. Children and Minors
Kiridot is not intended for children under 13. We do not knowingly collect personal information from children under 13. Quebec users should note that additional consent rules may apply to personal information of minors under 14. Contact [email protected] if you believe a child has provided personal information.
12. Contact and Complaints
- Privacy requests, security reports, and general support: [email protected]
- You may also contact the Office of the Privacy Commissioner of Canada or an applicable provincial privacy regulator if you are not satisfied with our response.