textbased.video is a Premiere Pro extension and companion desktop app that helps editors and journalists hand off video projects via the sender's own Google Drive. This policy describes what data we collect, why, and the choices you have over it.
1. Who we are
textbased.video is operated under the registered Australian business name text based video. For any privacy question or request, email support@textbased.video.
2. What we collect
Account & licence data
- Your email address and name (used to issue and identify your licence key).
- A one-way hardware fingerprint hash of the machine you activate on (a SHA-256 of your volume serial, hostname, and Windows user SID — we never see the underlying values, only the hash). This enforces your per-licence machine limit.
- Last-seen timestamps from periodic activation heartbeats.
Project metadata (sender side)
- Project names, recipient email addresses, invite codes, and the Drive folder ID your project lives in. We do not store project video, audio, or transcript content — those stay in your Google Drive.
- Encrypted return files. When a recipient finishes editing and clicks “Job finished”, the desktop app encrypts the edited XML and the recipient's typed note on the recipient's machine using a public key that lives only on the sender's (editor's) machine. We accept and store the resulting encrypted blob in our infrastructure (Supabase Storage). textbased.video does not have the decryption key. We cannot read the edit XML or the note. A small notification record lives alongside the ciphertext so the editor's textbased.video panel can show pending returns and let the editor pick the right one to import. That record contains: your project code, an opaque return identifier, a sequential return number, timestamps, the encryption algorithm version, and a small amount of cleartext metadata captured at upload time — the recipient-chosen edit name (e.g. “Edit 1” or whatever the recipient renamed the tab to), the cut count, and the sequence runtime in seconds. We do not store the filename, the edit XML content, or the note text — those remain encrypted end-to-end. If even the cleartext metadata above is more than your project allows, the desktop app's Export XML button (next to Job finished) bypasses our infrastructure entirely on the return path; for the send path the equivalent is Secure Send — together they keep every byte of your project off our servers.
Diagnostic logs (if you choose to send them)
- The textbased.video apps record local diagnostic logs to help debug crashes. These stay on your machine until you click Send logs in the app, at which point a redacted bundle is uploaded to us. Sensitive values (OAuth tokens, full Drive file IDs, full email addresses) are hashed or truncated before they leave your device.
3. Google Drive access
When you connect Google Drive, textbased.video requests one Drive scope:
- drive.file — to create and write files in folders the textbased.video extension creates on your behalf, and to read files you explicitly open in textbased.video via Google's Drive Picker. textbased.video does not request
drive.readonlyor any other broad-Drive scope.
Your Google OAuth tokens are stored only on your local machine, in a path managed by the operating system's user-data directory. They never reach our servers. You can revoke textbased.video's access at any time from your Google Account at myaccount.google.com/permissions.
Encrypted return files do not travel through Google Drive. The recipient's edited XML is encrypted on their machine and uploaded directly to textbased.video's encrypted-storage endpoint. Google Drive is used only on the send path.
Server Send (default). For Server Send projects, project files are stored in the editor's own Google Drive and shared via an unguessable "anyone with the link" URL (Google Drive's allowFileDiscovery: false mode). That URL travels only through HTTPS-authenticated channels — from the textbased.video extension to the textbased.video dashboard, and from the textbased.video dashboard to the recipient's textbased.video desktop app — with both legs gated by the project code. textbased.video does not host the project file bytes; we hold only the metadata pointing at the editor's Drive. Recipients explicitly agree, before download begins, not to redistribute the project code or download URL.
Secure Send (alternate). Editors who require stricter privacy can use Secure Send mode, where project files never leave the editor's computer except via the editor's own out-of-band delivery channel. In Secure Send nothing about the project file bytes — not the URL, not the size, not the filename — touches textbased.video's servers.
4. Why we collect it
- Licence enforcement. Email + hardware fingerprint + heartbeat let us issue and revoke licences and enforce per-licence machine limits.
- Project handoff. Invite codes and folder IDs let recipients open the right project in their textbased.video app.
- Support. If you choose to send a diagnostic log bundle, we use it to investigate the issue you reported.
5. Sub-processors
We use the third parties below to deliver textbased.video. Each one operates under their own published Data Processing Addendum (DPA), which includes Standard Contractual Clauses (SCCs) governing the transfer of personal data outside the EU/UK. The links go straight to their current DPA — review them for the canonical terms.
Vercel — application hosting
Vercel hosts both the public textbased.video site at textbased.video and the textbased.video admin + licence server at dashboard.textbased.video. Every API request the textbased.video extension or textbased.video desktop app makes — activating a licence, minting a project code, sending an invite email, uploading a diagnostic-log bundle — passes through Vercel's infrastructure on its way to our database.
What their DPA covers: Vercel processes data only on our documented instructions, is SOC 2 Type 2 certified, and publishes its own sub-processor list in their Trust Center. SCCs for EU/UK→US transfer are included.
DPA: vercel.com/legal/dpa · Trust Center: vercel.com/security
Supabase — database and storage
Supabase is where every textbased.video record lives: licence rows, per-machine activation records, project codes, email-send metadata, claim/open links, and any diagnostic-log metadata. Both the textbased.video extension (when it activates a licence or sends an invite) and the textbased.video desktop app (when it resolves a code or returns logs) ultimately read from and write to Supabase.
What their DPA covers: data is hosted on AWS in a region we select at project creation, encrypted at rest and in transit, with row-level security available. Supabase is SOC 2 Type 2 certified. SCCs for EU/UK→US transfer are included.
DPA: supabase.com/legal/dpa · Security overview: supabase.com/security
Supabase Storage holds encrypted return files. textbased.video does not control or possess the decryption keys; ciphertext sits in storage as opaque bytes for at most 24 hours after the editor imports a return, or 90 days if the return is never imported.
Resend — transactional email delivery
Resend delivers every email textbased.video sends: licence-key claim links to textbased.video extension users, and project-invite emails to recipients who use the textbased.video desktop app. Sensitive payloads (your licence key, your project name) are never placed in the email body — Resend receives only the recipient address, the textbased.video sender address, a generic subject, and a short-lived opaque link back to textbased.video.
What their DPA covers: Resend processes data only as needed to deliver email, is SOC 2 Type 2 certified, and applies a defined retention window to email content. SCCs for EU/UK→US transfer are included. Resend has no public API for deleting sent emails, so erasure requests you make to textbased.video are forwarded to them by us within our 30-day response window.
DPA: resend.com/legal/dpa
Cloudflare — DNS and edge protection
Cloudflare provides DNS for textbased.video and edge protection for traffic flowing into our hosts. It does not store textbased.video application data; it sees request metadata only (IP address, request URL, response code) for the duration needed to route and protect the request.
What their DPA covers: Cloudflare is SOC 2 Type 2 and ISO 27001 / 27018 certified, with extensive published trust documentation. SCCs for EU/UK→US transfer are included.
DPA: cloudflare.com/cloudflare-customer-dpa · Trust hub: cloudflare.com/trust-hub
Google — Drive storage you control
Project media — your rushes, your audio, your transcripts, the edited XML the recipient returns — never reaches textbased.video's servers. It lives in your Google Drive (sender side) and is accessed by the recipient's textbased.video desktop app through the OAuth grant you authorise. Google's handling of that data is governed by your own Google Account terms, which you accepted directly with Google.
What Google's DPA covers: the Google Cloud / Workspace Data Processing Addendum governs commercial Drive usage; consumer Drive usage is governed by the Google Privacy Policy. Either route includes SCCs for EU/UK→US transfer. textbased.video only ever holds an OAuth grant against your account — we never see your Drive credentials.
DPA: cloud.google.com/terms/data-processing-addendum · Privacy: policies.google.com/privacy
6. Lawful basis for processing (GDPR / UK GDPR)
Where the GDPR or UK GDPR applies, we rely on the following lawful bases under Article 6:
- Contract (Art. 6(1)(b)) — for the licence we issue you and the project-handoff features that make the product work. Without processing your email, machine fingerprint, project codes and Drive folder pointers, we cannot deliver the service you signed up for.
- Legitimate interests (Art. 6(1)(f)) — for activation heartbeats, anti-piracy checks (machine-count enforcement), and optional diagnostic-log uploads. Our interest is keeping the licence model honest and being able to fix bugs you report. We've weighed this against your privacy interests and the data points are minimal, minimised, and never used for marketing.
- Consent (Art. 6(1)(a)) — for the alpha-signup email form on textbased.video. You can withdraw at any time by emailing support@textbased.video and we will delete your row.
We do not process your data for advertising, profiling, automated decision-making with legal effect, or any other purpose outside operating the textbased.video product.
7. Your rights
If you are in the EU, UK, California, or another jurisdiction with data protection laws, you have the right to:
- access the data we hold about you,
- correct it if it's inaccurate,
- have it deleted (right to erasure),
- export it in a portable format,
- object to processing carried out under our legitimate interests basis,
- restrict processing while a dispute is being resolved, and
- lodge a complaint with your local data protection supervisory authority (e.g. the ICO in the UK, your national DPA in the EU, the OAIC in Australia, or the California Privacy Protection Agency in California) — though we'd appreciate hearing from us first so we can try to fix it.
Email support@textbased.video with your request. We'll respond within 30 days. There is no charge for the first request in any 12-month period.
For California residents (CCPA / CPRA): we do not sell your personal information and we do not share it for cross-context behavioural advertising, as those terms are defined under the CCPA. The rights above (access, deletion, correction, portability) are available to you on the same email channel; we will not discriminate against you for exercising them.
8. Cookies and tracking
The dashboard at dashboard.textbased.video and the public site at textbased.video use only strictly necessary first-party cookies — for session authentication on the admin dashboard and for short-lived claim-flow state on licence-claim pages. We do not currently run analytics, marketing pixels, ad-network trackers, or any third-party tracking cookies. If that changes (e.g. we add product analytics), we will update this page and add a consent banner before the change takes effect, in line with the EU ePrivacy Directive and equivalent regimes elsewhere.
9. Retention
Licence records are kept for the lifetime of your licence plus 12 months for audit. Diagnostic log bundles are kept for 90 days. Project-code records are kept for the project's lifetime plus 12 months. Hardware fingerprint hashes are deleted when you deactivate that machine from your licence.
Encrypted return files are deleted from storage 24 hours after the editor imports them, or 90 days after upload if the editor never imports them. Notification records (project code, return number, timestamps) are deleted on the same schedule. If you revoke a project code, all return files and notification records for that project are deleted immediately.
If you don't want textbased.video to host your encrypted return files at all, the textbased.video desktop app includes an Export XML button (next to Job finished) that saves the edited XML directly to your computer's downloads folder. You can then send that file to the editor by email, your own cloud drive, or any other channel — textbased.video sees nothing. The encrypted-upload path is the convenience default; the local export is always available as the “I prefer to send it myself” alternative.
We keep our own metadata record of every email textbased.video sends — sender, recipient, subject, timestamp, provider message ID. We do not duplicate the email body in our database; the body lives at our email provider Resend, governed by their retention policy. On request we will delete our metadata record and forward the deletion request to Resend. Resend has no public API for deleting sent emails, so this step is handled by us emailing them on your behalf within the 30-day response window described in section 7.
Sensitive content — your licence key, your project name, the Google Drive folder pointer — is never sent in the body of an email. Instead the email carries a short-lived opaque link to textbased.video that resolves the sensitive payload only when you click it. Licence-claim links are single-use and expire after 7 days; project-open links are valid for 30 days. The link table is automatically purged every 24 hours: redeemed links older than 30 days, and unredeemed links past their expiry, are removed.
Backups held by our infrastructure providers (Vercel, Supabase, Cloudflare, Resend) are purged on each provider's automatic schedule and are not directly accessible to us; deletion requests you make to textbased.video clear our operational systems immediately and are reflected in those backups as they roll over.
10. Children
textbased.video is a professional tool intended for video editors and journalists aged 18 and over. We do not knowingly collect data from children.
11. Changes
Material changes will be announced by email to active licence holders before they take effect. The “last updated” date at the top of this page reflects the current version.
12. Alpha-period compliance status
textbased.video is in private alpha. We aim to operate compliantly with the legislation that applies to us, and we want users to know exactly where we stand today rather than discover it later. This is an honest snapshot — if any of it looks wrong, please email support@textbased.video and we will correct it.
EU GDPR & UK GDPR
- Lawful basis: stated in section 6 above (contract, legitimate interest, consent, depending on the processing activity).
- Sub-processors + Standard Contractual Clauses: listed in section 5 above with links to each provider's DPA.
- Data subject rights: available via support@textbased.video, 30-day response window (section 7).
- EU representative (Article 27): not yet appointed. Article 27 applies if we are “not established in the Union” and our processing of EU personal data is more than “occasional”. During private alpha our user base is small and not regularly targeted at the EU, which is generally accepted as keeping processing “occasional”. We will appoint an EU representative at the paid-tier launch, when EU users are actively targeted.
- Data Protection Officer: not appointed. We do not meet any of the GDPR Article 37 triggers (public authority, large-scale systematic monitoring, large-scale processing of special-category data). We will reassess before paid launch.
California (CCPA / CPRA)
- We do not sell or share personal information (section 7).
- California rights honoured via the same support email channel.
EU ePrivacy / cookie law
- Strictly necessary first-party cookies only — no consent banner is required at present. Disclosed in section 8.
Australian Privacy Act 1988 (APPs)
- textbased.video is operated as a solo-developer business and is below the AU$3 million annual turnover threshold that formally binds an organisation to the Australian Privacy Principles. We adhere to the APPs in practice anyway, since most of what GDPR requires meets or exceeds them.
- We do not currently process “sensitive information” as defined by the Act (race, health, biometric identifiers, etc.), which is what would otherwise pull us in regardless of turnover.
Vendor compliance (not legislation, but worth knowing)
- Google OAuth verification: queued for submission. Until granted, the alpha cohort sees an “unverified app” consent screen on first sign-in. Google's drive.file scope is non-sensitive, so verification is required for production use but does not require the full CASA security audit that the broader drive.readonly scope would.
- Apple notarisation: not done for alpha. The macOS DMG is unsigned; Gatekeeper warns “unidentified developer”. Apple Developer Program enrolment + signed + notarised DMGs are paid-launch.
- Microsoft code signing: not done for alpha. The Windows installer is unsigned; SmartScreen warns “Unknown publisher”. EV-signed installers are paid-launch.
- Adobe CEP: the Premiere extension follows the Adobe CEP HTML extension model and is loaded via the standard
~/AppData/Roaming/Adobe/CEP/extensions/(Win) /~/Library/Application Support/Adobe/CEP/extensions/(Mac) install path. Bundle idcom.loopit.extension. Distributed unsigned during alpha; ZXP signing arrives with paid launch.
13. Contact
Email support@textbased.video for anything privacy-related.