TERMS OF SERVICE

Applies to all subscribers

These Terms of Service (the “Agreement”) govern your access to and use of the video hosting, video player, encryption and related services provided by VdoCipher Media Solutions Pvt. Ltd. (“VdoCipher”, “we”, “us”). By registering for a VdoCipher account, or by accessing or using the Services, you (the “Subscriber” or “you”) agree to be bound by this Agreement. If you do not agree, do not register for or use the Services. Each of you and VdoCipher is a “Party” and together the “Parties”. VdoCipher may update this Agreement from time to time; the version published on this page applies to your continued use of the Services.

1. Subject Matter

1.1 The Subscriber engages VdoCipher to integrate and provide video hosting, video player, and video encryption services, for online and offline playback within the Subscriber’s application and website, subject to the terms and conditions of this Agreement (the “Services” or the “Licensed Services”).

2. Service Description and Security

2.1 VdoCipher provides a server-to-player encrypted video hosting and streaming solution, with API and SDK integration for websites and applications, enabling businesses to upload videos and stream them over the internet to their clients, prospects and subscribers. VdoCipher may, from time to time, make additional technology solutions available to the Subscriber as they become available.

2.2 Security of the Subscriber’s Videos.

DRM encryption. VdoCipher provides Google Widevine DRM encryption for the Subscriber’s videos (the same class of technology used by major streaming services for premium content) and offers option for integration of Apple FairPlay DRM for iOS; together with VdoCipher’s proprietary encryption for iOS and Android.
Anti-piracy measures. Through a combination of DRM encryption, dynamic watermarking, piracy blocker & identification, and screen-capture blocking in applications, VdoCipher uses commercially reasonable efforts to protect the Subscriber’s videos from being downloaded or shared across the web, except where the Subscriber chooses to permit this.
Option for Non-Encrypted Video Hosting Account: VdoCipher also has option to have non-DRM and non-encrypted video hosting. VdoCipher does not encrypt content for such account. Such account creation is solely the decision of Subscriber.
No third-party sharing. VdoCipher will never share the Subscriber’s account videos with any third party.
Storage. VdoCipher stores the Subscriber’s videos in protected form on VdoCipher’s Amazon Web Services (AWS) S3 or Google Cloud Platform’s storage, with raw files kept separate from encrypted files.

2.3 Piracy disclaimer.

Notwithstanding the security measures described above, VdoCipher does not take responsibility for piracy of any videos from the Subscriber’s site or application. The Subscriber is solely responsible for its own content and for the consequences of posting or publishing it, and VdoCipher expressly disclaims any and all liability in connection with the Subscriber’s content.

2.4 Authentication Keys. The Subscriber: (a) is responsible for protecting all authentication key(s) provided for the APIs; (b) shall not disclose the authentication key(s) to any third party except employees or contractors who require them to conduct the Subscriber’s business; (c) shall not use the authentication key(s) for any purpose other than exercising the rights granted under this Agreement; and (d) is responsible for all activity that occurs using the authentication key(s). The Subscriber shall notify VdoCipher promptly of any unauthorised access to any authentication key(s).

2.5 Content and access.

For communication purposes, VdoCipher holds only the Subscriber’s company name, the names, email addresses and telephone numbers of the Subscriber’s personnel, and related contact details. VdoCipher securely hosts the Subscriber’s videos and audio on its AWS & Google Cloud servers. Only the Directors of VdoCipher have technical access to the Subscriber’s videos; no other VdoCipher personnel have access to the Subscriber's videos.

2.6 Intellectual property.

The Subscriber exclusively owns all rights in and to its video and audio content, and VdoCipher claims no rights in such content. VdoCipher acts solely as a technical partner enabling the hosting and security of the Subscriber’s videos on the Subscriber’s website and application.

3. Monitoring and Reporting

VdoCipher provides bandwidth and storage usage information in the dashboard, updated on a daily basis.

4. Pricing and Payments

Pricing and payment terms are mentioned below. No Indian GST is applicable for clients outside India and the payment is charged in USD as applicable for the plan. For clients from India, additional GST at the prevailing rate of 18% is applicable. The USD-to-INR conversion for Indian clients is applied on the date of invoicing. The Subscriber’s plans carry bandwidth, storage, validity date and other credit limits, and it is the Subscriber’s responsibility to track the usage of its account and act accordingly. Usage data is updated daily in the dashboard.

4.1 Storage. Storage is charged on a pre-paid basis at the rates set out on the VdoCipher pricing page (https://www.vdocipher.com/site/pricing/), or as otherwise agreed for your plan, for the validity period applicable to your plan. Accounted storage includes all files, including the raw file, the processed encrypted files for multiple devices (Android, iOS, Desktop), multiple video qualities, multi-language subtitles and thumbnails.

4.2 Bandwidth. Bandwidth is charged on a pre-paid basis under the purchase plans set out on the VdoCipher pricing page (https://www.vdocipher.com/site/pricing/), or as otherwise agreed for your plan, each with the validity period applicable to that plan. Pricing may change from time to time, and the rates published on the pricing page apply.

4.3 No automatic suspension on bandwidth exhaustion or the credit (storage or bandwidth) validity expires. VdoCipher will not automatically suspend the account on bandwidth exhaustion or validity expiry, subject to the limits in Sections 4.4 and 4.5. VdoCipher will provide at least two (2) email notifications and a reasonable number of days to allow the Subscriber to pay.

4.4 Negative bandwidth allowance. VdoCipher allows the Subscriber account to continue with video playback services even in negative bandwidth. The maximum negative bandwidth allowance is the lower of [i] 30% of last purchased bandwidth by Subscriber or [ii] 100 TB bandwidth. VdoCipher has full rights to stop account login and playback services if the Subscriber exceeds these limits and has not paid. The Subscriber remains liable for any negative bandwidth usage incurred on its account, and for any invoices already generated for such usage, which remain payable in accordance with the applicable payment terms. VdoCipher periodically communicates these obligations through formal email notifications.

4.5 Validity exceeding allowance. VdoCipher allows the Subscriber to keep the account and playback services active for up to 30 days from the applicable credit (bandwidth/storage) validity expiring, unless the bandwidth allowance limit in point 4.4 is already exceeded or Subscriber has stated explicitly to close the account and discontinue using VdoCipher services. The Subscriber remains liable for any usage incurred on its account during this 30 day grace period. VdoCipher periodically communicates these obligations through formal email notifications.

4.6 Payment terms. All plans whether as of listed on pricing page (https://www.vdocipher.com/site/pricing/) and otherwise agreed with Subscriber, are on pre-paid basis. All plans are prepaid, but overage / negative-bandwidth usage ( as per 4.4) and any other invoices are payable within 30 days.

4.7 MSME Act applicability for Indian clients - VdoCipher is registered as a Micro, Small and Medium Enterprise (MSME) under applicable Indian law; in accordance with the MSME Development Act, 2006, any delay in payment beyond forty-five (45) days from the invoice date shall attract applicable interest, statutory penalties and legal action.

4.8 Cancellation, Downgrade and Refunds.

(a) The Subscriber may cancel or downgrade its paid plan at any time. All subscription fees already paid are non-refundable except as expressly provided in 4.8(d).

(b) The Subscriber remains liable for any negative video credit or bandwidth usage incurred on its account, and for any invoices already generated for such usage, which remain payable in accordance with the applicable payment terms. VdoCipher periodically communicates these obligations through formal email notifications.

(c) Service credits. In the event of any service deficiency during an active paid subscription, VdoCipher’s sole remedy except in the limited refund case in 4.8(d), shall be the provision of additional bandwidth or usage credits at sole discretion of VdoCipher.

(d) Refund eligibility. VdoCipher offers a thirty (30) day free trial with 4 videos and 5 GB limit, to enable customers to evaluate the platform to the fullest. Refunds shall be considered only where the Subscriber’s VdoCipher account, or VdoCipher video playback services, remain inaccessible or unavailable for a continuous period of seventy-two (72) hours and such unavailability is solely attributable to VdoCipher. In all other circumstances no refunds shall be issued and no already-generated invoices shall be cancelled or waived.

5. Service Level Agreement

The table below sets out the Service Levels applicable to the Services.

Item	Details
(a) Service Delivery & Availability	The video hosting service is available 24×7, and VdoCipher guarantees 99.94% annual uptime of video playback services. Any device-specific issue, or any Subscriber-specific issue arising from a particular integration, is not counted against the uptime guarantee, as such issues are specific to the Subscriber and not solely attributable to the VdoCipher Services. Any non-playback issue such as unavailability of a dashboard feature, is also not counted towards uptime calculations. VdoCipher maintains automated health-check and restart procedures (including restart of the main server and scalable backup servers for the licensing setup) in case of failure of its main DRM license server. While most failure types are handled through automation, certain new failure types may require manual intervention.
(b) Support Contact	Primary Email: support@vdocipher.com, A ticketing system for support is available inside the Subscriber dashboard.
(c) Issues Process	Step 1 – Issue reported. The Subscriber reports an issue by email or telephone to the Support Contact; severity is determined (see Table of Priorities). Step 2 – Logged and acknowledged. VdoCipher acknowledges receipt and provides an estimate for resolution. Step 3 – Status update. VdoCipher updates the status of the issue. Step 4 – Resolved. VdoCipher resolves and fixes the issue.
(d) Maintenance & Scheduled Downtime	Where the system needs to be unavailable for maintenance, the Subscriber will be informed at least two (2) days in advance of scheduled maintenance and downtime.

6. Acceptable Use and Content Standards

6.1 Usage restrictions.

The Subscriber agrees that it will not, and will not assist or enable others to:

copy, rent, lease, sell, transfer, assign, sublicense, disassemble, reverse engineer, decode, decompile, modify, alter, scrape, or create derivative works of any part of the site, tools or Licensed Services;
use the site, tools or Licensed Services in a manner that impacts the stability of VdoCipher’s servers, the operation or performance of the Services, or the behaviour of other applications using the Services;
identify VdoCipher or display any portion of the site, tools or Licensed Services on any site or service that disparages VdoCipher or its products or services;
use the site, tools or Services in competition with VdoCipher or for competitive analysis;
attempt to interfere with or compromise the system integrity or security of, or decipher any transmissions to or from, the servers running the site or Licensed Services;
transmit viruses, worms or other software agents through the site or Licensed Services;
share passwords or authentication credentials for the site or Services with persons other than the Subscriber’s employees or development partners; or
upload content that infringes the copyright of any third party.

6.2 Prohibited content.

The Subscriber shall not use the Services to upload, host or distribute content that:

violates Indian law or the law of the jurisdiction under which the Subscriber operates;
infringes any third party’s copyright or other rights (including trademark and privacy rights);
contains nudity, pornography or sexually abusive content, exploits minors, or depicts unlawful acts or extreme violence;
contains hateful, defamatory or discriminatory content, or incites hatred against any individual or group; or
depicts animal cruelty or extreme violence towards animals.

6.3 Removal and suspension. If the Subscriber uploads content that is unsuitable or in breach of this Section 6, VdoCipher reserves the right to remove that content. In extreme cases, or for persistent infringing behaviour, VdoCipher may suspend the Subscriber’s account and prohibit further use of the Services. VdoCipher will contact the Subscriber directly and explain any action taken. No failure or delay by VdoCipher in exercising any of its rights under this Agreement will waive any further exercise of that right.

6.4 Procedure for reporting copyright infringement.

VdoCipher does not own the rights to content hosted through it; all content ownership lies with the uploading subscriber. If any person believes that content accessible through the Services infringes a copyright (Section 6.2), they may send a notice of copyright infringement to the Designated Person (Section 6.6) containing: (i) a physical or electronic signature of a person authorised to act on behalf of the copyright owner; (ii) identification of the works or materials allegedly infringed; (iii) identification of the allegedly infringing content, with sufficient detail (including its location) for VdoCipher to find and verify it; (iv) the notifier’s contact information (address, telephone number and, if available, email address); (v) a statement of the notifier’s good-faith belief that the content is not authorised by the copyright owner, its agent or the law; and (vi) a statement, made under penalty of perjury, that the information provided is accurate and that the notifier is authorised to act on behalf of the copyright owner.

Action on a bona fide infringement notice. It is VdoCipher’s policy to: (a) remove or disable access to the infringing content; (b) notify the content provider or user that access has been removed or disabled; and (c) remove infringing content of repeat offenders and terminate such provider’s or user’s access to the Services.

6.5 Procedure for reporting and removing malicious content.

VdoCipher regularly checks for malicious content (Sections 6.2 bullets 1, 3, 4 and 5) and removes it promptly, with notification to the account holder. Any person who believes that content accessible through the Services violates Indian law or the law of their country in the manner described in Section 6.2 may send a notice containing the links to the content and the nature of the violation to the Designated Person. Based on the details received and case-specific discretion, VdoCipher will look to: (a) remove or disable access to the malicious content; (b) notify the content provider or user; and (c) remove the content of repeat offenders and terminate their access to the Services.

6.6 Designated Person.

Siddhant Jain, VdoCipher Media Solutions Pvt. Ltd., Building 145, Sector 44 Road, Sector 44, Gurgaon 122003, India — support@vdocipher.com.

7. Confidential Information

7.1 “Confidential Information” means all information made available by one Party to the other, including without limitation any technical details of any current or proposed products or services, any business plans and any financial information (whether communicated orally, in writing, electronically or by other media, and whether provided directly or by a Party’s advisers), and any such information contained in copies, notes, analyses, reports, compilations, forecasts, studies or other documents prepared or communicated by or between the Parties, except information that: (i) is, or after the Execution Date becomes, part of the public domain other than through a disclosure in breach of this Agreement or any other confidentiality obligation; (ii) is or becomes available to a Party from a third party that did not provide it in breach of, and did not obtain it as a result of a breach of, any statutory or contractual obligation owed to the other Party; or (iii) has been independently obtained or developed by a Party without reference to or use of any Confidential Information and without breach of any law, regulation or intellectual property right.

7.2 “Execution Date” means the date of the Parties’ signature of this Agreement.

7.3 Each Party shall hold all Confidential Information in strictest confidence and use it solely for the purposes of this Agreement, and shall ensure that its Representatives do the same. Confidential Information may be disclosed only to those employees, contractors, advisers and related entities who need to know it for the purposes of this Agreement, who are informed of its confidential nature, and who are bound (by law or by contract on terms at least as restrictive as those in this Agreement) to keep it confidential.

7.4 Notwithstanding the foregoing, Confidential Information may be disclosed where required by law or by order of a competent state, court or administrative authority.

7.5 Except as required by applicable law or stock-market regulation, neither Party shall, without the other Party’s prior written consent, disclose to any person the fact that the Confidential Information exists or has been provided.

7.6 If a Party or its Representatives becomes required by court order, arbitral order or order of a public authority to disclose any Confidential Information, that Party shall, unless legally prohibited, give the other Party prompt written notice so that the other Party may seek a protective order. Absent such an order, the compelled Party may disclose without liability only that portion of the Confidential Information it is legally compelled to disclose, having given (unless prohibited) advance written notice of the information to be disclosed.

7.7 If any disclosure of Confidential Information in breach of this Agreement occurs, the relevant Party shall, promptly on becoming aware, inform the other Party of the existence, nature and extent of the disclosure.

7.8 Upon demand, or upon expiry or termination of this Agreement, each Party shall ensure that its Representatives either return or destroy all tangible Confidential Information and expunge it, to the fullest extent technically possible, from all systems, except to the extent retention is required by mandatory law, regulation or professional rules (in which case the retained Confidential Information remains subject to this Agreement). Each Party shall confirm such return, deletion or destruction in writing without undue delay. This Section 7 survives termination of this Agreement.

8. Privacy and Data Protection

8.1 To use the Services, the Subscriber may send certain anonymous user and video information to VdoCipher for authentication. On sign-up, VdoCipher requests the Subscriber’s name and email address; the email address serves as VdoCipher’s point of contact and the Subscriber’s source of authentication. All personal data of users shall be protected by VdoCipher using commercially reasonable efforts. The processing of any personal data of the Subscriber’s end viewers is further governed by VdoCipher’s Data Processing Agreement, which is available on request and, where executed, forms part of this Agreement.

8.2 No sale or transfer. VdoCipher shall not sell, trade or otherwise transfer to any outside party any information of the Subscriber or the Subscriber’s customers, and shall not divulge such information to any person the Subscriber has not expressly asked VdoCipher to disclose it to.

8.3 Retention and deletion. VdoCipher will retain the Subscriber’s and its users’ personal data only for as long as necessary to deliver the Services and, upon the Subscriber’s request, will delete, remove and destroy all such information (including the Subscriber’s customer data and personal information of any kind) without undue delay and in any event within seven (7) days, except where retention is required by applicable law. This Section 8.3 survives termination of this Agreement.

8.4 Cookies. VdoCipher places cookies (small data files) on the user’s computer or device, as is standard for websites, to collect information about browsing behaviour and to provide a high-quality website experience. By using the VdoCipher website, the user consents to the use of cookies; if the user does not consent, cookies should be disabled in the browser settings.

8.5 Analytics. VdoCipher uses web-analytics tools that provide anonymised, aggregated data about users’ experience of the website (such as time spent, links clicked and content viewed) in order to improve the website and the Services, and gathers anonymised information on how videos are viewed to ensure the platform runs smoothly.

8.6 Electronic communications. VdoCipher requests the Subscriber’s email address so that it can contact the Subscriber about its account. By signing up, the Subscriber consents to receive communications — including notices, agreements, disclosures, service updates and other information — from VdoCipher electronically. The Subscriber may unsubscribe from non-essential communications by emailing support@vdocipher.com.

8.7 Data deletion rights. In compliance with the EU General Data Protection Regulation, VdoCipher will delete all user-identifiable data on request, and extends this facility to users outside the EU as well.

8.8 Security of Subscriber personal data. VdoCipher shall protect the Subscriber's personal data — including the names, email addresses, telephone numbers and billing or postal addresses of the Subscriber and its personnel — using appropriate technical and organisational security measures. If VdoCipher becomes aware of a personal-data breach affecting the Subscriber's personal data, VdoCipher shall notify the Subscriber without undue delay and, where feasible, within seventy-two (72) hours of becoming aware. The notification shall describe, to the extent known, the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address it. VdoCipher shall provide the Subscriber with reasonable assistance in investigating, mitigating and responding to the breach.

8.9 Privacy Policy. VdoCipher's processing of the Subscriber's account and billing personal data, in respect of which VdoCipher acts as a controller in its own right, is further described in VdoCipher's Privacy Policy (Schedule 1 to this Agreement, together with the version published at https://www.vdocipher.com/page/privacy_policy/), which is incorporated into this Agreement by reference. VdoCipher shall process such data only to provide, secure, bill for and support the Services, and for related administrative and legal-compliance purposes.

8.10 Authorised service providers. Notwithstanding Section 8.2, the Subscriber acknowledges that VdoCipher may share the Subscriber's account and billing personal data with vetted third-party service providers strictly to provide, support and bill for the Services — including cloud hosting, customer-support, email-communication, invoicing and payment-processing providers, as identified in VdoCipher's published sub-processor and service-provider list and Privacy Policy. VdoCipher shall ensure that such providers are bound by confidentiality and data-protection obligations consistent with this Agreement and shall remain responsible for their handling of such data, save that payment-gateway providers act as independent controllers of payment data under their own terms. VdoCipher shall not sell or trade the Subscriber's personal data. Where such sharing involves a transfer of the Subscriber's personal data outside its country of origin, VdoCipher shall ensure an appropriate lawful basis and safeguards for that transfer.

8.11 Mutual Representations and Warranties.

Each Party represents and warrants that: (i) it has full power and authority to enter into this Agreement; (ii) it is under no legal, contractual or other disability that would prevent it from performing its obligations, and has not entered and will not enter into any agreement that conflicts with this Agreement; (iii) no litigation, arbitration or administrative proceedings are pending or, to its knowledge, threatened that would call into question the validity or performance of its obligations; and (iv) all authorisations, approvals, consents, licences, exemptions and filings required in connection with this Agreement have been or will be obtained in a timely manner.

8.12 VdoCipher Undertakings.

VdoCipher represents, warrants and undertakes to the Subscriber during the Term that: (i) it has the right, title and/or ownership to license the Licensed Services to the Subscriber; (ii) the Licensed Services do not infringe any third-party intellectual property rights, including copyright, trademark or patent; (iii) it shall not use, exploit, license, share or disclose any of the Subscriber’s materials or intellectual property; (iv) it shall not commit any act that might prejudice or damage the reputation of the Subscriber or the content hosted through the Licensed Services, or interfere with the Subscriber’s exploitation of the Licensed Services; (v) it shall not use, exploit, disclose or share with any third party any information, including personal information, pertaining to the Subscriber or the Subscriber’s customers; (vi) it shall exercise a high degree of care, diligence and expertise in providing the Licensed Services and shall conform to reasonable requirements specified by the Subscriber from time to time; (vii) it does not require, and will never ask for, access to or control of the Subscriber’s website or application, which remain outside the purview of VdoCipher’s Services; (viii) it shall maintain high standards of service and trade ethics and comply with all applicable laws, statutes, rules and regulations relating to the use of the licence and technology; and (ix) it shall handle issues relating to the Licensed Services with the diligence reasonably expected of VdoCipher and consistent with its customer-support practices.

9. Liability and Indemnification

9.1 Mutual indemnity. Each Party shall indemnify and hold the other harmless from and against all claims, liabilities, losses, direct and indirect damages, costs and expenses suffered or incurred arising from that Party’s violation of any term, representation, warranty or obligation under this Agreement. This Section 9 survives termination of this Agreement.

9.2 Subscriber content indemnity. The Subscriber shall indemnify, defend and hold harmless VdoCipher and its directors and employees from and against all third-party actions that: (i) arise from the Subscriber’s content on the VdoCipher platform; (ii) assert a violation by the Subscriber of any term of this Agreement; or (iii) assert that any content hosted by the Subscriber on the platform violates any law or infringes any third-party right, including any intellectual property or privacy right.

9.3 Limitation of liability. Except in respect of (a) breach of confidentiality under Section 7, (b) infringement of a Party's intellectual property rights, (c) the indemnification obligations in Sections 9.1 and 9.2, and (d) any liability that cannot be limited or excluded under applicable law (including liability under applicable data protection law): (i) neither Party shall be liable to the other for any indirect, incidental, special, punitive or consequential damages; and (ii) each Party's total aggregate liability arising out of or relating to this Agreement and the Data Processing Agreement together shall not exceed the total fees paid by the Subscriber to VdoCipher under this Agreement during the six (6) months preceding the event giving rise to the claim. This cap applies as a single, combined limit across this Agreement and the Data Processing Agreement.

10. Term and Termination

10.1 The Subscriber may stop using the Services at any time. VdoCipher shall be entitled to usage-based payment for the Services rendered up to the date of termination, as agreed under Section 4.

10.2 VdoCipher will give at least two (2) months’ notice if it decides to terminate the Services in normal circumstances (Circumstances other than account closure due to negative credits and non payment by Subscriber even after repeated notifications).

10.3 Deletion on termination. The Subscriber may request deletion of its account and all of its videos at any time by emailing support@vdocipher.com, and VdoCipher will delete the account within seven (7) days. On termination, VdoCipher shall delete or return the Subscriber’s data in accordance with Section 8.3 and the Data Processing Agreement.

10.4 On termination, both Parties shall be released from all further obligations under this Agreement, and all respective rights shall revert to each Party (including the licence and intellectual property rights), subject to payment due under Section 4.

10.5 Notwithstanding termination for any reason, the Subscriber shall remain entitled to all rights and remedies available to it under law or equity. Sections that by their nature should survive (including Sections 2.6, 7, 8, 9 and this Section 10) survive termination.

11. Miscellaneous

11.1 Assignment. This Agreement (or any part of it), and any rights or obligations under it, shall not be assigned by the Subscriber to a third party without VdoCipher’s prior written consent.

11.2 Governing law and jurisdiction. This Agreement, and all disputes in connection with it, shall be governed exclusively by the laws of India, and the competent courts of New Delhi, India shall have exclusive jurisdiction over any matter arising under this Agreement.

11.3 Entire agreement. This Agreement (together with its schedules and the Data Processing Agreement) constitutes the entire agreement between the Parties and supersedes any prior undertakings, whether oral or written, relating to its subject matter.

11.4 Amendments. Any modification of this Agreement is valid only if made in writing and signed by both Parties.

11.5 Severability. If any provision of this Agreement is or becomes wholly or partly void, ineffective or unenforceable, the validity of the remaining provisions shall not be affected. Any such provision shall be deemed replaced by a valid and enforceable provision that comes as close as possible to the economic intent of the original, and the same shall apply to any gap in this Agreement.

12. Notices

Schedule 1 — Privacy Policy

This Privacy Policy describes how VdoCipher handles personal data in connection with the Services. It forms part of this Agreement and supplements VdoCipher's published Privacy Policy at https://www.vdocipher.com/page/privacy_policy/.

1. Scope and roles. This Policy covers two categories of personal data: (a) Subscriber account and billing data, in respect of which VdoCipher acts as a controller in its own right; and (b) End Viewer data, processed by VdoCipher solely as a processor on the Subscriber's behalf and governed by the Data Processing Agreement (DPA) between the Parties (described here for transparency only).

2. Personal data we collect. Subscriber account and billing data: the name, email address, telephone number (optional) and billing or postal address of the Subscriber and its authorised personnel, together with usage, invoice and payment records. End Viewer data (as processor): only a limited technical set — the IP address, device and technical details (operating system, browser, device type, player/DRM configuration) and a randomly generated anonymous user ID. VdoCipher does not collect End Viewers' names, email addresses, telephone numbers, postal addresses or payment details through the playback technology.

3. Why we use it, and our legal basis. VdoCipher uses Subscriber account and billing data to create and maintain the account, authenticate logins, deliver and support the Services, issue invoices and process payments, communicate about the account, and comply with legal obligations. The legal bases (where applicable, for example under the GDPR or the DPDP Act) are performance of the Agreement, compliance with legal obligations such as tax invoicing, and VdoCipher's legitimate interests in securing and improving the Services and preventing fraud. End Viewer data is processed only on the Subscriber's documented instructions, for content delivery, access control, security, anti-piracy and anonymised analytics.

4. Cookies and analytics. The VdoCipher website and secure player use cookies and similar technologies that are strictly necessary to authenticate sessions, maintain security and remember preferences, together with anonymised, aggregated web analytics to improve the Services. They are not used to build advertising profiles.

5. Sharing and service providers. VdoCipher does not sell or trade personal data. It shares personal data only with vetted service providers engaged to deliver, support and bill for the Services — including cloud hosting, content delivery, customer support, email communication, invoicing and payment processing — under confidentiality and data-protection obligations. Payment-gateway providers act as independent controllers of payment data under their own terms. VdoCipher may also disclose data where required by law or valid legal process.

6. International transfers. Personal data may be processed in countries other than the Subscriber's own. Where it is transferred from the EEA or UK, VdoCipher relies on appropriate safeguards (such as the EU Standard Contractual Clauses and the UK Addendum); where it relates to Indian data principals, VdoCipher complies with the cross-border rules of the DPDP Act. Further detail is set out in the DPA.

7. Retention. VdoCipher retains personal data only for as long as necessary to provide the Services and meet legal obligations, and deletes or returns it on the Subscriber's request within seven (7) days, except where retention is required by law (including mandatory log-retention periods).

8. Security. VdoCipher applies appropriate technical and organisational measures — including encryption in transit, least-privilege access controls, secure storage, logging and regular security testing, consistent with Annex 2 of the DPA — to protect personal data against loss, misuse and unauthorised access.

9. Your rights. Depending on applicable law (including the GDPR/UK GDPR, India's DPDP Act and applicable U.S. state privacy laws), individuals may have rights to access, correct, delete, restrict or object to the processing of their personal data, to data portability, and to withdraw consent. The Subscriber may exercise its own rights, and forward End Viewer requests, by contacting VdoCipher; for End Viewer data, VdoCipher assists the Subscriber (as controller / Data Fiduciary) in responding.

10. Contact and grievances. Questions, requests or complaints regarding personal data may be directed to VdoCipher at support@vdocipher.com