Privacy Policy

Overview
Videowise, operated by Reeview, Inc. ("Videowise," "we," "us," or "our"), provides video infrastructure and interactive video applications for e-commerce brands. This Privacy Policy explains how we collect, use, share, and protect personal information when you interact with our services, website, or embedded technology on our customers' websites.

GDPR Roles and Responsibilities
Under the General Data Protection Regulation (GDPR) and UK GDPR, Videowise operates in two capacities:

As a Data Processor: When our customers ("merchants") embed Videowise widgets on their e-commerce websites, personal data collected from end users (such as consumers browsing a merchant's store) is processed by Videowise on behalf of the customer. In this case, the customer is the Data Controller and Videowise is the Data Processor. Processing is governed by the Videowise Data Processing Agreement (DPA), available at https://videowise.notion.site/Videowise-Data-Processing-Agreement-DPA.

As a Data Controller: When individuals create a Videowise dashboard account, interact with our website, or contact our support team, Videowise collects and processes personal data as an independent Data Controller for purposes such as authentication, account management, and security.

Customers are responsible for establishing a lawful basis to process personal data collected from their end users through Videowise widgets and must provide appropriate privacy notices to those users.

1. Information We Collect
1.1 Personal Identifiable Information (PII)
Videowise collects PII only when necessary to provide the Services. This may include information collected through embedded widgets, live shopping sessions, hosted applications, and user authentication. Types of PII may include email addresses, phone numbers, profile details, and any additional fields configured by our customers.

IP Address Processing: Videowise does not store IP addresses for identification, profiling, or analytics purposes. However, our infrastructure systems may temporarily process IP addresses for routing internet traffic, security monitoring, fraud detection, and misuse prevention.

1.2 Non-PII / Anonymous Data
We collect anonymous, non-identifying data including browser type, device type, video interaction metrics (views, engagement, click-through rates), performance logs, and error logs.

1.3 Cookies and Similar Technologies
Videowise uses cookies only when required for service operations. We use a cookie consent management tool on our website to obtain and manage your consent preferences.

- 1.3.1 Strictly Necessary Cookies: Essential for authentication, session management, and security. These cannot be disabled without impairing core service functionality.
- 1.3.2 Functional Cookies: Support improved usability and personalisation within the platform (e.g., remembering preferences).
- 1.3.3 No Advertising Cookies: Videowise does not use advertising cookies, retargeting cookies, or behavioural tracking cookies.
- 1.3.4 Customer-Controlled Cookies: Customer websites may place their own cookies independent of Videowise. Customers are solely responsible for obtaining consent for their own cookies.
- 1.3.5 Cookie Management: You may disable or manage cookies through your browser settings. Please note that disabling certain cookies may limit the functionality of the Services.
‍
2. How We Use Your Information
We use personal information to:

- Provide, maintain, and improve the Services;
- Authenticate users and manage accounts;
- Deliver service notifications and support communications;
- Generate aggregated analytics and performance insights;
- Ensure reliability, security, and fraud prevention;
- Comply with legal obligations.
Videowise does not use customer or end-user data for advertising purposes.

2.1 Legal Basis for Processing (GDPR Article 6)
We process personal data on the following legal bases:

- Contractual necessity (Article 6(1)(b)): Processing necessary to perform our contract with you, including providing the Services and managing your account.
- Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests in service security, performance monitoring, fraud prevention, and service improvement, where those interests are not overridden by your rights and freedoms.
- Legal obligations (Article 6(1)(c)): Processing necessary to comply with applicable laws, regulations, or legal proceedings.
- Consent (Article 6(1)(a)): Where customers collect optional custom data from end users via the Services, the customer is responsible for obtaining appropriate consent.
‍
3. How We Share Information
Videowise does not sell personal information. We do not share personal information for cross-context behavioural advertising.

3.1 Trusted Service Providers
We share limited personal data with trusted service providers who assist us in operating and improving the Services, including providers of hosting, email delivery, messaging, analytics, and customer relationship management tools. These providers are contractually bound to use personal data only for the purposes for which it was shared and to maintain appropriate security measures. A current list of our sub-processors is available at https://videowise.trust.site/subprocessors.

3.2 Customer-Initiated Third-Party Integrations
Customers may enable integrations with third-party services (such as e-commerce platforms, social media, or marketing tools). Data shared through such integrations is controlled by the customer, and Videowise is not responsible for third-party practices.

3.3 Internal Access
Authorised Videowise employees access personal data only when required to operate, support, or improve the Services, and only on a need-to-know basis.

3.4 Legal Requirements
We may disclose personal information when required by law, legal process, or governmental request, or when necessary to protect the rights, security, and integrity of Videowise, our customers, or the public.

3.5 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to the applicable privacy practices.

4. Data Export and Access Controls
Customers may export personal data through the Videowise dashboard, subject to user permissions and account role settings. Customers are responsible for managing access rights, securing exported data, and preventing unauthorised distribution.

5. Data Retention and Deletion
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. Specific retention periods are as follows:

Data Category - Retention Period
Account data (name, email, credentials) - Duration of active subscription + 30 days
Customer Content (videos, media) - Duration of active subscription + 30 days
End-user interaction data (analytics) - Duration of active subscription + 30 days, then anonymised
Service and error logs - Up to 6 months
Security and audit logs - Up to 12 months
Billing and transaction records - Up to 7 years (as required by tax and accounting laws)
Cookie data - As specified in cookie descriptions (session or up to 12 months)
Personal data is deleted within 30 days after account cancellation unless retention is required by applicable law. Anonymous and aggregated data may be retained indefinitely as it does not identify individuals.

6. Security Measures
Videowise implements industry-standard security measures consistent with our SOC 2 Type II certification, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
- Role-based access controls and multi-factor authentication;
- Continuous monitoring, intrusion detection, and anomaly alerting;
- Regular penetration testing and vulnerability scanning;
- Endpoint management with full-disk encryption and malware protection;
- Employee security training and confidentiality obligations.
Full details of our security controls are available at https://videowise.trust.site/controls.

You are responsible for safeguarding your account credentials and notifying us immediately if you suspect unauthorised access.

7. International Data Transfers
Personal data may be transferred to and processed in the United States or other jurisdictions where Videowise or its sub-processors operate. For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that do not provide an adequate level of data protection, we rely on:

- Standard Contractual Clauses (SCCs) approved by the European Commission;
- The UK International Data Transfer Addendum for transfers from the UK;
- Swiss-specific modifications to the SCCs for transfers from Switzerland;
- Additional technical and organisational safeguards.
Videowise has conducted a transfer impact assessment for transfers to the United States. A summary is available upon request to privacy@videowise.com.

For transfers of personal data from Brazil, we rely on transfer mechanisms approved under the LGPD, including Standard Contractual Clauses.

For transfers from Canada, we ensure a comparable level of protection as required under PIPEDA.

8. Customer Responsibilities
Customers using Videowise are responsible for:

- Obtaining lawful consent from end users where required;
- Maintaining their own privacy policies that accurately describe how personal data is collected and used through Videowise widgets;
- Configuring third-party integrations responsibly;
- Managing access permissions for their team members;
- Ensuring a lawful basis for processing end-user personal data.
‍
9. Children's Privacy
Videowise does not knowingly collect personal data from children under the age of 13 (or the applicable age of digital consent in the relevant jurisdiction). If we become aware that we have collected personal data from a child, we will take steps to delete that data promptly. Customers are responsible for ensuring age-appropriate compliance on their websites.

10. Data Breach Notification
In the event of a personal data breach affecting your data, Videowise will notify affected customers without undue delay and within 72 hours where required by applicable law. Notifications will include, to the extent available, a description of the breach, the categories of data affected, and the measures taken to address it. Customers are responsible for notifying their own end users when required by applicable law.

11. Limitation of Liability
To the maximum extent permitted by law, Videowise is not liable for indirect, incidental, special, or consequential damages, third-party service practices, or customer misuse of exported or integrated data. Our total liability is subject to the limitations set out in our Terms of Use or applicable Master Terms.

12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address associated with your account or through a notice on our website at least thirty (30) days before they take effect. We encourage you to review this page periodically.

13. Contact Us
For privacy questions, data protection inquiries, or to exercise your data subject rights:

Email: privacy@videowise.com
Address: Reeview, Inc. (DBA Videowise), 2093 Philadelphia Pike #2584, Claymont, DE 19703, USA

For general support inquiries: support@videowise.com
To report concerns confidentially, you may use our Whistleblowing Form at https://videowise.com/whistleblower (or contact privacy@videowise.com if the form is not yet available).

EU Representative
In accordance with Article 27 of the GDPR, Videowise has designated the following EU representative for data protection matters:
[Name and contact details of EU representative to be appointed]

If you are in the EEA, you may also contact our EU representative with any questions about how we process your personal data.

14. Data Subject Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:

- Right of access: Request confirmation of whether we process your personal data and obtain a copy of it.
- Right to rectification: Request correction of inaccurate or incomplete personal data.
- Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
- Right to restrict processing: Request that we limit how we process your personal data in certain circumstances.
- Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right to object: Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
- Right not to be subject to automated decision-making: See Section 18 below.

To exercise any of these rights, contact us at privacy@videowise.com. We will respond within the timeframe required by applicable law (generally 30 days under GDPR, 45 days under CCPA/CPRA).

Supervisory Authority
If you are located in the EEA or UK and are not satisfied with our response to your data protection request, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the UK, you may contact the Information Commissioner's Office (ICO) at https://ico.org.uk.

15. California Consumer Privacy Rights (CCPA/CPRA)
This section applies to California residents whose personal information is subject to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
Reeview, Inc. (DBA Videowise) does not sell or share personal information as defined by CCPA/CPRA.

Categories of Personal Information Collected
In the preceding 12 months, we may have collected the following categories of personal information:

Category - Examples - Collected
Identifiers - Name, email address, IP address, account ID - Yes
Commercial information - Subscription details, transaction history - Yes
Internet/electronic activity - Browsing history, interaction with Services - Yes
Geolocation data - Approximate location based on IP address - Yes
Professional information - Job title, company name - Yes
Inferences - Preferences derived from interaction data - Yes
‍
Your California Rights
California residents have the right to:

- Know what personal information we collect, use, and disclose;
- Delete personal information we hold about you;
- Correct inaccurate personal information;
- Opt out of the sale or sharing of personal information (Videowise does not sell or share PI);
- Limit use of sensitive personal information (Videowise does not collect sensitive PI as defined by CPRA);
- Non-discrimination for exercising your privacy rights.
To exercise these rights, contact us at privacy@videowise.com. We will verify your identity before processing your request.

16. Brazilian Data Protection Rights (LGPD)
This section applies to individuals located in Brazil whose personal data is subject to the Lei Geral de Protecao de Dados (LGPD).

Under the LGPD, you have the right to:

- Confirm the existence of processing of your personal data;
- Access your personal data;
- Correct incomplete, inaccurate, or out-of-date data;
- Request anonymisation, blocking, or deletion of unnecessary or excessive data;
- Request data portability;
- Request deletion of personal data processed with your consent;
- Obtain information about entities with whom your data has been shared;
- Be informed about the possibility and consequences of not providing consent;
- Revoke consent at any time.
To exercise these rights, contact us at privacy@videowise.com. Videowise processes personal data of Brazilian individuals in accordance with the legal bases set out in Article 7 of the LGPD.

17. Canadian Privacy Rights (PIPEDA)
This section applies to individuals located in Canada whose personal information is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).

Under PIPEDA, you have the right to:

- Access your personal information held by Videowise;
- Request correction of inaccurate personal information;
- Withdraw consent for the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions);
- File a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe your rights have been violated.

Videowise collects, uses, and discloses personal information of Canadian individuals only for identified purposes and with appropriate consent. To exercise your rights, contact us at privacy@videowise.com.

18. Automated Decision-Making and AI Features
Videowise does not use automated decision-making that produces legal or similarly significant effects on individuals.

Videowise uses artificial intelligence for certain features, including media file optimisation (compression, format conversion) and content recommendations. These AI features operate on content data (such as video files and metadata) and do not process personal data in a way that produces decisions with legal or similarly significant effects on individuals. Where AI features process personal data, such processing is governed by the terms of this Privacy Policy and the applicable DPA.

19. Do Not Track
Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, Videowise does not currently respond to DNT browser signals. However, Videowise does not engage in cross-site tracking or behavioural advertising.

20. Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, USA, without regard to its conflict of laws principles.