1. Data Controller

CodeNomad
A private limited liability company incorporated in the Netherlands
KvK Number: 95085270
Email: privacy@visiomake.com

For all privacy-related inquiries, data subject requests, or concerns about your personal data, please contact us at the above email address.

2. Personal Data We Collect

2.1 Information You Provide

When you create an account or use our services, we collect:

• Account Information: Name and email address (required for registration)
• Company Information: Business details that may be provided when signing contracts (optional)
• Content Uploads: Images, 3D visualizations, and text prompts you upload to generate videos
• Communications: Messages you send to our support team

2.2 Information Collected Automatically

For functional purposes only, we automatically collect:

• File Metadata: File size and format for validation and storage management
• Usage Data: Service usage statistics to manage subscription limits
• Technical Data: Basic technical information needed for service operation

2.3 Information We Do NOT Collect

We do not collect:

• Professional status verification data
• Detailed file metadata beyond size and format
• Marketing or analytics data without explicit consent
• Personal data for AI model training purposes

3. How We Use Your Personal Data

3.1 Service Provision

We process your personal data to:

• Create and manage your account
• Process your uploaded content through our AI video generation service
• Generate videos from your text prompts and images
• Provide technical support and customer service
• Manage subscription plans and usage limits
• Process payments through our payment processor

3.2 Legal and Business Operations

We may also process your data to:

• Comply with legal obligations
• Monitor for prohibited content using third-party content moderation
• Maintain service security and prevent abuse
• Send transactional emails (account notifications, service updates)

3.3 What We Do NOT Do With Your Data

We do not:

• Use your data for personalized marketing without consent
• Share your personal data with third parties except as described below
• Use your content or data to improve our AI models
• Send newsletters or promotional emails without your explicit consent

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

4.1 Contract Performance (Article 6(1)(b) GDPR)

We process your account information, uploaded content, and usage data to provide our AI video generation services as agreed in our Terms and Conditions.

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

We process certain data for our legitimate business interests, including:

• Service security and fraud prevention
• Technical support and troubleshooting
• Legal compliance and safety monitoring

4.3 Legal Obligation (Article 6(1)(c) GDPR)

We process personal data when required by law, such as for tax reporting or law enforcement requests.

4.4 Consent (Article 6(1)(a) GDPR)

For marketing communications or optional features, we will obtain your explicit consent. You have the right to withdraw consent at any time.

5. Data Sharing and Recipients

5.1 Third-Party Service Providers

We share personal data with the following categories of recipients:

5.2 Data Processing Agreements

All third-party processors are bound by data processing agreements that ensure GDPR compliance and appropriate data protection measures.

5.3 Legal Requirements

We may disclose personal data if required by law, court order, or to protect our legal rights and interests.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the new entity with appropriate protections.

6. International Data Transfers

6.1 Current Storage Location

All personal data and generated content are currently stored within the European Union to ensure GDPR compliance.

6.2 Potential Future Changes

Our storage locations are subject to change. Should we transfer data outside the EU in the future, we will:

• Implement appropriate safeguards such as Standard Contractual Clauses
• Ensure adequate level of protection for your personal data
• Update this Privacy Policy and notify users of material changes

6.3 Third-Party Transfers

LumaAI may process data outside the EU. We ensure appropriate safeguards are in place for any international transfers through our service agreements.

7. Data Retention

7.1 Account Data

We retain your account information and personal data for 30 days after account termination to allow for account recovery and final data export.

7.2 Generated Content

Generated videos and uploaded content are retained according to your subscription plan:

• Active Accounts: Content retained per subscription storage limits
• Storage Exceeded: 7-day grace period to upgrade plan or delete content
• Terminated Accounts: 30-day data export period, then deletion

7.3 Legal Requirements

Some data may be retained longer if required by law, such as payment records for tax purposes.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Right to Information and Access (Articles 13-15 GDPR)

You have the right to know how we process your personal data and can request a copy of all personal data we hold about you.

8.2 Right to Rectification (Article 16 GDPR)

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure (Article 17 GDPR)

You can request deletion of your personal data in certain circumstances, including when the data is no longer necessary for our purposes.

8.4 Right to Restrict Processing (Article 18 GDPR)

You can request limitation of processing in specific situations, such as while disputing data accuracy.

8.5 Right to Data Portability (Article 20 GDPR)

You can request a copy of your personal data in a structured, commonly used format for transfer to another service provider.

8.6 Right to Object (Article 21 GDPR)

You can object to processing based on legitimate interests, including any direct marketing communications.

8.7 Rights Related to Automated Decision-Making

Our AI video generation service does not make automated decisions that significantly affect you. Content moderation decisions may be reviewed upon request.

8.8 Exercising Your Rights

To exercise any of these rights, contact us at: privacy@visiomake.com

We will respond to your request within 30 days. For account termination, we provide a 30-day data export period as outlined in our Terms and Conditions.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit and at rest
• Access controls and authentication systems
• Regular security audits and monitoring
• Staff training on data protection procedures
• Secure data processing agreements with third-party providers

10. Marketing and Communications

10.1 Transactional Emails

We send transactional emails necessary for service operation, including:

• Account registration and verification
• Service notifications and updates
• Payment confirmations and receipts
• Support responses

10.2 Marketing Communications

We do not send marketing emails without your explicit consent. If you consent to marketing communications, you can unsubscribe at any time.

10.3 Success Stories and Testimonials

We may contact clients about sharing success stories or testimonials, but participation is entirely voluntary and requires separate consent.

11. Cookies and Tracking

Our service uses essential cookies for functionality only. We do not use tracking cookies, marketing pixels, or analytics tools that collect personal data without your consent.

Essential cookies are necessary for:

• User authentication and session management
• Service functionality and preferences
• Security and fraud prevention

12. Children's Privacy

Our service is designed for business and professional use. We do not knowingly collect personal data from individuals under 18 years of age. If you become aware that a child has provided personal data, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, services, or legal requirements. Material changes will be notified via:

• Email notification to registered users
• Prominent notice on our platform
• Updated effective date at the top of this policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

14. Supervisory Authority

If you have concerns about our data processing practices that we cannot resolve, you have the right to lodge a complaint with the relevant supervisory authority:

15. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: