Privacy Policy

Last updated: February 2026

1. Introduction

I Love Video is operated by the TervenLabs project.

At I Love Video, we take your privacy seriously. This Privacy Policy explains how we handle your data when you use our video processing service, including when you sign in with email/password, Google, or Microsoft.

2. Data We Collect

Video Files

  • Videos you upload or retrieve via URL are processed on our servers.
  • Source uploads are stored temporarily in our Backblaze B2 upload bucket for processing.
  • Processed results are stored temporarily in our Backblaze B2 output bucket so you can download them.
  • Automatic retention windows: upload files are deleted automatically after approximately 24 hours, and output files are retained for approximately 48 hours before automatic deletion.
  • We do not store, analyze, or share the content of your videos.
  • When you provide a URL, we fetch the video on your behalf for processing. We do not permanently store the URLs you provide.

Email Address

  • If you create an account or sign in, we store your email address to manage your session, credits, and subscription.
  • We use your email for account authentication, password reset, verification flows, welcome emails, and subscription/account notifications.
  • We do not send marketing emails or share your email with third parties.

OAuth Sign-In Data (Google and Microsoft)

  • If you sign in with Google or Microsoft, we receive basic profile data from the provider, such as your email address and display name.
  • We use this data only to create or update your account and authenticate your session.
  • We do not receive or store your Google or Microsoft password.
  • Your use of Google or Microsoft sign-in is also subject to those providers' own privacy terms.

Payment Information

  • Payments are processed securely through Stripe.
  • We do not store your credit card details — Stripe handles all payment data.
  • Stripe may collect information as described in Stripe's Privacy Policy.

Session Data

  • An essential session cookie (ilv_session) is stored in your browser when you log in (expires after 30 days).
  • Session data is stored in Redis on our server and is deleted when you log out.
  • For anonymous upload ownership, we may set an essential cookie (ilv_anon_owner) so you can continue your upload/output flow in the same browser.
  • OAuth anti-forgery state values are short-lived and automatically expire.
  • Password reset tokens are single-use and expire after 1 hour.

Transactional Email Communications

  • We send transactional emails required to operate your account, such as verification, password reset, welcome, and subscription-related notifications.
  • Welcome emails may be sent after successful first account activation, including first-time social sign-in account creation.
  • We do not send promotional marketing campaigns.

Usage Analytics

  • We collect anonymized usage data for each video processing event: task type, file size, transaction cost, and a hashed IP address.
  • Raw IP addresses are never stored in analytics — only a truncated SHA-256 hash for counting unique users.
  • For logged-in users, your email may be associated with analytics events for subscription accounting.
  • Analytics data is used solely to improve the Service and monitor usage patterns.

Technical Information

  • We process your IP address for abuse prevention, rate limiting, and anonymous credit enforcement.
  • We do not use third-party tracking cookies or advertising analytics.

3. How We Use Your Data

  • Video Processing: Your videos — whether uploaded or fetched from a URL — are used solely to perform the processing operations you request.
  • Authentication: Your account can be authenticated via email/password or supported OAuth providers (Google/Microsoft). Passwords are hashed with bcrypt when used.
  • Subscription Management: Your email and Stripe customer ID are used to track your subscription status and usage quota.
  • Service Improvement: Anonymized usage analytics are used to understand usage patterns and improve the Service.
  • Transactional Emails: Your email is used to send account-related operational messages (verification, reset, welcome, and subscription updates).
  • Rate Limiting and Credit Enforcement: Your IP address and/or account email are used to enforce credits, limits, and anti-abuse protections.
  • Security: Technical data may be used to protect against abuse and maintain security.

4. Data Retention

For media files, we use short, automatic retention windows:

  • Upload bucket (source files): deleted automatically after approximately 24 hours.
  • Output bucket (processed files): retained for approximately 48 hours so you can download results, then deleted automatically by lifecycle policy.
  • We do not create separate long-term backups of your uploaded/processed media in our application workflow.
  • URLs you provide are used only for the immediate download and are not logged or retained.

Other data retention periods:

  • OAuth state tokens: About 10 minutes (auto-expire).
  • Login sessions: 30 days, or until you log out.
  • Email verification tokens: 24 hours.
  • Password reset tokens: 1 hour.
  • Auth rate-limit counters: Short-lived, auto-expiring buckets.
  • Anonymous credit counters (IP-based): Current month with automatic expiry after a short rollover buffer.
  • User accounts: Retained until you request deletion.
  • Subscription data: Retained while your subscription is active.
  • Analytics events: Retained indefinitely for aggregate reporting.

5. Data Security

  • All data transfers use secure HTTPS connections.
  • Media files stored in Backblaze B2 are encrypted at rest by the storage provider infrastructure.
  • B2 buckets are not public by default in our setup; access is restricted to authorized service credentials and time-limited signed URLs.
  • Payment processing is handled by Stripe's secure, PCI-compliant infrastructure.
  • Session cookies are HttpOnly and SameSite=Lax.
  • Password reset tokens are single-use and cryptographically random.
  • Stripe webhook signatures are verified to prevent spoofing.
  • Sensitive credentials are stored as environment variables, never in source code.

6. Third-Party Services

We use the following third-party services:

  • Backblaze B2: For temporary object storage of uploaded and processed media files (according to retention windows above).
  • Stripe: For payment and subscription processing. See Stripe's Privacy Policy.
  • Google OAuth: For optional Google sign-in. See Google Privacy Policy.
  • Microsoft OAuth / Microsoft Graph: For optional Microsoft sign-in and profile lookup. See Microsoft Privacy Statement.
  • FFmpeg: Open-source software for video processing (runs locally on our servers).
  • httpx: HTTP library used to download videos from direct URLs on your behalf (runs locally on our servers).
  • Hostinger SMTP: For sending transactional account emails (verification, reset, welcome, and subscription notifications). See Hostinger's Privacy Policy.

7. Your Rights

You have the right to:

  • Know what data we collect about you.
  • Request deletion of your account, subscription data, and associated analytics by contacting us.
  • Log out at any time to immediately invalidate your session.
  • Stop using social sign-in and revoke app access from your Google/Microsoft account settings.
  • Cancel your subscription at any time via the Stripe customer portal.
  • Opt out of any data collection (simply don't use the Service).

8. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

10. Contact Us

For privacy matters, the service operator is TervenLabs.

If you have questions about this Privacy Policy or your data, please contact us at [email protected].

Back to Home