LEGAL / PRIVACY
Privacy Policy
Last updated: March 4, 2026 · Effective date: March 4, 2026
1. Introduction
AutoQC GmbH (“AutoQC”, “we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the AutoQC platform — an AI-powered automated video quality control service.
This policy is prepared in compliance with the EU General Data Protection Regulation (GDPR 2016/679), the UK General Data Protection Regulation (UK GDPR), and other applicable data protection legislation in the jurisdictions in which we operate, including relevant provisions for users in the United States.
Please read this policy carefully. By using AutoQC, you acknowledge you have read and understood how we handle your personal data.
2. Data Controller
The entity responsible for your personal data as data controller under the GDPR is:
For all data protection requests or questions, please contact us at the email address above. We aim to respond within 30 days as required by the GDPR.
3. Personal Data We Collect
3.1 Account Data
When you register for an account, we collect your email address and a securely hashed version of your password. We do not store passwords in plain text.
3.2 Video Files
You may upload video files to the AutoQC platform for automated quality analysis. Files are stored on our servers for the duration of your account activity and are retained in accordance with Section 7 (Data Retention). AutoQC does not use your video content to train AI models or for any purpose beyond delivering the Service to you.
3.3 Analysis and Report Data
We store the results generated by our analysis engine, including quality scores, detected issues, timeline annotations, and exported PDF reports. These are linked to your account and accessible only by you.
3.4 Technical and Usage Data
We automatically collect certain technical information when you access the platform, including IP address, browser type and version, operating system, referring URLs, and service interaction logs. This data is used to maintain security, diagnose issues, and improve platform performance.
3.5 Payment Data
Payment processing is handled exclusively by Stripe, Inc. AutoQC does not store your full payment card details. Stripe processes payment data in accordance with its own Privacy Policy and PCI-DSS standards. We receive only limited transactional metadata from Stripe, such as billing status and subscription tier.
4. Legal Basis and Purpose of Processing
Under the GDPR, we rely on the following legal bases (Article 6) when processing your personal data:
| Processing Purpose | Legal Basis |
|---|---|
| Account registration and authentication | Art. 6(1)(b) — Performance of contract |
| Video analysis and service delivery | Art. 6(1)(b) — Performance of contract |
| Payment processing and billing | Art. 6(1)(b) — Performance of contract |
| Security monitoring and fraud prevention | Art. 6(1)(f) — Legitimate interests |
| Service improvement and diagnostics | Art. 6(1)(f) — Legitimate interests |
| Compliance with legal obligations | Art. 6(1)(c) — Legal obligation |
| Marketing communications (opt-in only) | Art. 6(1)(a) — Consent |
5. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We may share data with the following categories of processors and recipients:
- —Stripe, Inc.: Payment processing. Stripe operates under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs).
- —Cloud Infrastructure Providers: Hosting and storage services that run the AutoQC platform, operating under Data Processing Agreements (DPAs).
- —AI / OCR Processing Services: Third-party AI services used for advanced video analysis features such as subtitle and text detection. Data is transmitted under appropriate contractual safeguards.
- —Legal and Regulatory Authorities: Where required by applicable law, court order, or binding regulatory instruction.
6. Cookies and Tracking Technologies
AutoQC uses strictly necessary session cookies and authentication tokens to maintain your logged-in session and ensure core platform functionality. These cannot be disabled without affecting your ability to use the Service.
We do not currently use advertising, behavioural tracking, or third-party analytics cookies. Should this change, we will update this policy and seek your consent where required under the ePrivacy Directive and applicable national law.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this policy:
- —Account data: Retained for the lifetime of your account, plus up to 30 days after deletion for backup recovery purposes.
- —Video files: Retained while linked to your active account. Deleted upon your explicit request or upon account deletion.
- —Analysis reports: Retained while linked to your account. You may delete individual analyses at any time.
- —Payment and billing records: Retained for 10 years in accordance with German commercial and tax law (§ 147 AO, § 257 HGB).
- —Technical and security logs: Retained for up to 90 days for security monitoring and debugging.
8. International Data Transfers
AutoQC GmbH is established in Germany and primarily processes data within the European Economic Area (EEA). Where we engage service providers that transfer data outside the EEA (including to the United States), we ensure that appropriate safeguards are in place:
- —EU Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision 2021/914/EU
- —Adequacy decisions issued by the European Commission
- —The EU–U.S. Data Privacy Framework (DPF) where applicable
9. Your Rights
9.1 EU / EEA Residents (GDPR)
Under the GDPR, you have the following rights with respect to your personal data:
- —Right of access (Art. 15): Obtain a copy of the personal data we hold about you.
- —Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- —Right to erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
- —Right to restriction (Art. 18): Request that we limit how we process your data in certain circumstances.
- —Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- —Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
- —Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
- —Right to lodge a complaint: File a complaint with the competent data protection supervisory authority.
The competent supervisory authority for AutoQC GmbH is the German data protection authority for the federal state in which we are registered. You may also contact the national authority: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).
9.2 UK Residents (UK GDPR)
UK residents hold equivalent rights under the UK GDPR. You may lodge complaints with the Information Commissioner's Office (ICO).
9.3 California Residents (CCPA / CPRA)
California residents have the right to know what personal information we collect and how it is used, the right to delete personal information, and the right to opt out of the sale of personal information. AutoQC does not sell personal information. To exercise any California privacy rights, contact us at privacy@autoqc.app.
To exercise any of the rights above, please submit your request to privacy@autoqc.app. We will verify your identity and respond within 30 days. No fee is charged for standard requests.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These include encrypted data transmission (TLS), hashed password storage, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
11. Children's Privacy
AutoQC is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@autoqc.app and we will delete it promptly.
12. Changes to This Policy
We may revise this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes by email or via an in-platform notice at least 14 days before the changes take effect. The “Last updated” date at the top of this page indicates when the policy was most recently revised. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.
13. Contact
For any questions, requests, or complaints regarding this Privacy Policy or the handling of your personal data, please contact our privacy team: