Skip to main content
TargetVid

Privacy Policy

Last updated: May 14, 2026

Effective: May 14, 2026

1. Overview

This Privacy Policy explains how Blue Snow Developers LLC (“Company,” “we,” “us,” or “our”) collects, uses, stores, and protects your personal information when you use TargetVid (“the Service”) available at targetvid.com.

We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of the Service, regardless of location, and addresses requirements under the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable data protection laws.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Authentication credentials (hashed password, or OAuth tokens if you sign in via Google)
  • Profile picture (if provided via Google OAuth)
  • Agent details (name, phone, brokerage, license number — if provided)

2.2 Listing & Property Data

When you create videos, we collect:

  • Property addresses
  • Listing details (price, bedrooms, bathrooms, square footage, year built, lot size, property type, listing status)
  • Photos you upload (processed through our AI pipeline for room classification and depth estimation)
  • Photos and listing details retrieved by our URL import feature from public real-estate listing pages (e.g., Redfin, Realtor.com). Source photos retrieved this way are owned by the original brokerage or photographer; we retain a temporary copy for up to 30 days to power your render, then delete it.
  • Branding assets (logos, colors, fonts, QR code URLs)
  • Open house dates and times

2.3 Payment Information

Payment processing is handled entirely by Stripe. We do not receive, store, or process credit card numbers, CVVs, or full bank account details. We receive from Stripe: your Stripe customer ID, subscription status, plan type, and billing cycle dates.

2.4 Usage & Analytics Data

We collect anonymous and pseudonymous usage data including:

  • Pages visited and features used
  • Video generation counts and formats
  • Share page views and engagement
  • Pipeline performance metrics (processing times, success/error rates)
  • Browser type, operating system, and screen resolution
  • IP address (anonymized for analytics, full for security logging)
  • Referring URLs

2.5 Automatically Collected Data

When you access the Service, our servers automatically record: access timestamps, request URLs, HTTP status codes, and response times. This data is used for security monitoring, debugging, and performance optimization.

3. How We Use Your Information

We use the information we collect for the following purposes:

Video generation: Your photos and listing data are processed through our AI pipeline (room classification, depth estimation, scene composition, narration generation) to produce cinematic videos. All AI processing occurs on our servers.
Data enrichment: Property addresses are geocoded and used to query public data APIs (Walk Score, school ratings, market data, climate, amenities, commute times, mortgage rates) to generate data visualization scenes in your videos.
Account management: To create and maintain your account, manage your subscription, authenticate your identity, and provide customer support.
Billing: To process payments, manage subscriptions, track usage against plan limits, and send billing-related communications.
Communication: To send service-related emails (welcome, video ready notifications, usage warnings, security alerts). Transactional email is sent via Brevo. Pre-launch waitlist emails (from the marketing site) are sent via Resend.
Analytics & improvement: To understand how the Service is used, identify and fix issues, and improve features. Analytics data is collected through PostHog and is used in aggregate.
Security: To detect and prevent fraud, abuse, and unauthorized access to the Service.

4. Data Sharing & Third Parties

We do not sell your personal data. We share data with third-party service providers only as necessary to operate the Service:

ProviderPurposeData Shared
SupabaseAuthentication & databaseAccount data, listing data, video metadata
StripePayment processingEmail, name, payment method details
Cloudflare R2File storagePhotos, rendered videos
VercelApplication hostingServer logs, request data
PostHogProduct analyticsAnonymized usage events, user ID
BrevoTransactional email (app surface)Email address, name
ResendPre-launch waitlist emailEmail address, name
Data APIsNeighborhood enrichmentProperty address / coordinates only

Data APIs include: Walk Score, FRED (Federal Reserve), NCES (school data), Open-Meteo, OpenStreetMap / Nominatim, OSM Overpass, Redfin, Google Distance Matrix, and Mapbox. These services receive only property addresses or geographic coordinates — never your personal data, photos, or account information.

We may also disclose your data if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

Data TypeRetention Period
Account informationUntil account deletion
Listing data & photos (you upload)Until you delete them or account deletion
URL-imported source photosUp to 30 days after the last render, then deleted
Generated videosUntil you delete them or account deletion
Render audit log (compliance + dispute defense)7 years (statute of limitations buffer)
Analytics data90 days (rolling)
Server logs30 days
Cached enrichment data24 hours to 30 days (varies by data source)
Payment records7 years (legal requirement)

Upon account deletion, all personal data, listing data, photos, and generated videos are permanently deleted within 30 days. Anonymized, aggregated usage statistics may be retained indefinitely for service improvement. Backups containing deleted data are purged within 90 days.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All data transmission uses HTTPS/TLS 1.3 encryption.
  • Encryption at rest: Videos and photos stored on Cloudflare R2 are encrypted at rest. Database hosted on Supabase with PostgreSQL encryption.
  • Authentication: Supabase Auth with bcrypt-hashed passwords, email verification, and OAuth 2.0 for Google sign-in.
  • Authorization: Row-Level Security (RLS) policies on all database tables ensure users can only access their own data.
  • Input validation: All API endpoints validate file types, file sizes, and input parameters. MIME type verification for uploads (JPEG, PNG, WebP only; 15MB max).
  • Security headers: Content Security Policy, HSTS, X-Frame-Options, and X-Content-Type-Options headers on all responses.
  • AI processing: All AI model inference (room classification, depth estimation, voice synthesis) occurs on our servers. Your photos are never sent to third-party AI services.

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@targetvid.com.

7. Your Rights

Regardless of your location, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data and account.
  • Right to data portability: Request an export of your data in a structured, machine-readable format (JSON).
  • Right to object: Object to specific uses of your data, including analytics tracking.
  • Right to restrict processing: Request that we limit how we use your data while a concern is being resolved.

To exercise any of these rights, contact us at privacy@targetvid.com. We will respond to verified requests within 30 days. We may request identity verification before processing your request.

Once you have an account on app.targetvid.com, you can also use these self-serve endpoints from your account settings:

  • Delete account: DELETE /api/account/me — soft-deletes the account; hard-deletes all listings, photos, and videos within 30 days.
  • Delete a single listing: DELETE /api/listing/[id] — removes the listing and its associated photos and videos.
  • Export your data: GET /api/account/export — returns a ZIP of your listings (JSON), photos, and rendered videos per the GDPR data portability right and the CCPA right to know.

Brokerages and rights holders who wish to opt their brokerage's listings out of our URL-import feature can email optout@targetvid.com. We maintain a denylist that blocks URL imports from opted-out brokerages.

8. Cookies & Local Storage

TargetVid uses only essential cookies and local storage. We do not use tracking cookies or third-party advertising cookies.

NameTypePurposeDuration
sb-*-auth-tokenCookieSupabase authentication sessionSession
cookie-consentLocal StorageRecords your cookie consent preferencePersistent
ph_*CookiePostHog anonymous analytics (if consented)1 year

You can clear cookies and local storage at any time through your browser settings. Note that clearing authentication cookies will sign you out of the Service.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the categories of sources, and the business purposes for collection.
  • Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No sale of data: We do not sell personal information as defined under the CCPA. We do not share personal information for cross-context behavioral advertising.

To submit a CCPA request, email privacy@targetvid.com with the subject line “CCPA Request.” We will verify your identity before processing the request and respond within 45 days.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) provides you with additional protections.

Legal basis for processing: We process your data under the following legal bases:

  • Contract performance: Processing necessary to provide the Service you requested (video generation, account management, billing).
  • Legitimate interest: Security monitoring, fraud prevention, and service improvement through anonymized analytics.
  • Consent: Analytics tracking via PostHog (you may opt out via our cookie consent mechanism).
  • Legal obligation: Retention of payment records as required by tax and accounting regulations.

In addition to the rights listed in Section 7, GDPR provides you with the right to lodge a complaint with your local data protection supervisory authority.

11. International Transfers

TargetVid is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. Our service providers (Supabase, Stripe, Cloudflare, Vercel, PostHog, Resend) may process data in various jurisdictions. We ensure all service providers maintain appropriate data protection standards. For EU/EEA users, transfers are conducted pursuant to Standard Contractual Clauses (SCCs) or other approved transfer mechanisms under GDPR.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@targetvid.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. For material changes, we will notify you at least 30 days in advance via email or a prominent notice on the Service. The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions, data access requests, or complaints, contact us at:

Blue Snow Developers LLC

Privacy inquiries: privacy@targetvid.com

Security reports: security@targetvid.com

General support: support@targetvid.com

We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.