Privacy Policy

This Privacy Policy explains what information Video AD Builder collects about you, why we collect it, how we use and share it, and the choices you have. We try to write in plain English because a policy you cannot read is a policy you cannot rely on.

Last updated: 25 May 2026.

Template disclaimer. These are template policies. Before publishing on a live commercial site, have your legal counsel review and adapt them to your specific jurisdiction and business model. This document is provided as a reasonable starting point, not as legal advice.

1. Who we are

Video AD Builder ("we", "us", "our") operates the AI-powered ad-generation platform available at videoadbuilder.com. We generate static banner images and short-form videos on behalf of marketing teams in more than forty countries. If you have any question about this policy or about your personal data, contact us at hello@videoadbuilder.com.

2. The information we collect

2.1 Account information

When you create an account we collect the information you give us directly: your name, your work email address, the country in which your organisation is based, and (where applicable) the name of your organisation. If you sign in via a third-party identity provider, we receive a verified email address and a unique identifier from that provider.

2.2 Billing information

When you subscribe to a paid plan, our payment processor collects the card number, expiry date and CVC on our behalf. We do not store full card numbers on our servers. We do store the last four digits of the card, the card brand, the billing address, and the invoice history associated with your account so that you can download receipts and so that we can comply with tax and accounting obligations.

2.3 Content you upload

You can upload reference images (for example, a product photograph) so that the generative models can produce variants that match your brand. These reference images are processed in memory for the duration of the generation request. We retain a temporary copy for up to seven days so that you can re-run or vary a generation, after which the copy is deleted. Reference images are never used to train any model, by us or by our sub-processors, unless you have explicitly opted in.

2.4 Prompts you submit

The text prompts you submit to the platform are stored against your account so that you can re-use them, share them within your team, and review the history of a campaign. We aggregate anonymised prompt patterns (with all personal data and brand-identifying text removed) to improve prompt-suggestion features. You can opt out of this aggregation at any time from your account settings.

2.5 Generated outputs

The banner images and video files produced by the platform are stored against your account for the lifetime of your subscription plus thirty days. You own these outputs (see our Terms of Service). We do not use them to train any model.

2.6 Usage telemetry

We collect technical information about how you use the service: the pages you visit within the application, the features you use, the time and date of your actions, the type of device and browser you use, your approximate location (derived from IP address at city level), and the credits you consume. This information is used to operate the service, debug problems, and inform product decisions.

2.7 Communications

If you email our support team or chat with us in-app, we keep a copy of that correspondence so that we can follow up and so that we can train our support team.

3. How we use your information

  • To provide the service. Generating ads, storing your assets, displaying your account, sending you the things you ask us to send.
  • To bill you. Charging your card, sending receipts, computing taxes, handling refunds or chargebacks.
  • To communicate with you. Transactional emails (receipts, account alerts, security notices) are sent on a service basis. Marketing emails are sent only with your consent and you can unsubscribe at any time.
  • To improve the product. Anonymised usage patterns help us decide what to build next.
  • To keep the service secure. Detecting abuse, preventing fraud, and complying with applicable law.

4. Legal bases (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data are: contract (to provide the service you have subscribed to), legitimate interest (to secure and improve the service in ways you would reasonably expect), legal obligation (to comply with tax and accounting law), and consent (for optional things like marketing emails and opting into training-data contribution).

5. Sub-processors

We rely on a small number of carefully chosen sub-processors to run the service. The current list is:

  • Google Cloud Platform (United States, European Union and other regions) — hosting, storage, and the Gemini and Vertex AI / Veo generative models that produce your banners and videos.
  • Stripe (United States and Ireland) — payment processing and invoicing.
  • A transactional email provider — delivery of receipts, password resets and other service emails.
  • A customer-support helpdesk — handling your support tickets.

We require every sub-processor to sign a data-processing agreement that obliges them to meet at least the standards described in this policy.

6. International transfers

Some of our sub-processors are located outside the European Economic Area. Where personal data leaves the EEA we rely on the European Commission's Standard Contractual Clauses (SCCs), supplemented by additional technical and organisational measures where required by local law. A copy of the relevant SCC module is available on request.

7. How long we keep your data

  • Account information: while your account is active, plus thirty days after closure to allow for export and undo.
  • Reference images: up to seven days from upload.
  • Generated outputs and prompts: for the lifetime of the account, plus thirty days.
  • Invoices and tax records: seven years, as required by accounting law in most of the jurisdictions in which we operate.
  • Support correspondence: three years.
  • Server logs and security telemetry: ninety days.

8. Your rights

Depending on where you live, you have some or all of the following rights with respect to your personal data. Where the GDPR applies, these correspond to Articles 15 through 22.

  • Access. Receive a copy of the personal data we hold about you.
  • Rectification. Correct inaccurate or incomplete data.
  • Erasure. Ask us to delete your personal data (subject to any legal obligation we have to retain it).
  • Portability. Receive your data in a structured, machine-readable format and have it transmitted to another controller.
  • Restriction. Limit how we process your data in specific circumstances.
  • Objection. Object to processing carried out on the basis of our legitimate interest, including for direct marketing.
  • Withdraw consent. Where we rely on your consent, you can withdraw it at any time without affecting the lawfulness of past processing.
  • Lodge a complaint. If you are in the EEA, with your national data protection authority. We would appreciate the chance to address your concern first.

To exercise any of these rights, email hello@videoadbuilder.com. We aim to respond to verified requests within thirty days.

9. California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, to delete it, to correct it, and to opt out of any "sale" or "sharing" of personal information. We do not sell personal information and we do not share it for cross-context behavioural advertising. To exercise any California right, use the same contact above.

10. Children

Video AD Builder is a business-to-business service. We do not knowingly collect personal data from children under sixteen in the European Union or under thirteen in the United States. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Security

We protect your data with industry-standard controls: TLS 1.2 or higher for all data in transit, AES-256 encryption for data at rest, role-based access controls inside the company, audit logging of administrative actions, mandatory two-factor authentication for staff with production access, and regular third-party penetration testing. No system is perfect, and we will notify affected users without undue delay if we ever become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms.

12. Cookies

We use a small number of cookies to operate the service and to remember your preferences. For details, see our Cookie Policy.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email and by an in-app notice at least thirty days before the changes take effect. The "Last updated" date at the top of this document always reflects the most recent revision.

14. Contact

For any privacy question, including data subject access requests, email hello@videoadbuilder.com. We aim to acknowledge your message within two business days and to resolve substantive requests within thirty days.