RapidVideoMaker Back to home

RapidVideoMaker Privacy Policy

Last updated: 22 May 2026

1. Data Controller

The RapidVideoMaker website (rapidvideomaker.com) is operated by:
SECBEC
60 rue François Ier, 75008 Paris, France
Contact: Contact form

2. Data Collected and Purposes

Data	Purpose	Legal basis	Retention
IP address	Rate limiting for unregistered visitors	Legitimate interest (abuse prevention)	7 rolling days
Email address	Account creation, activation and password reset emails	Performance of contract	Duration of account + 30 days after deletion
Password (bcrypt hash)	Authentication	Performance of contract	Duration of account
Display name (optional)	Member interface personalisation	Consent (optional field)	Duration of account
Email address, display name (from Google account)	Account creation and sign-in via Google	Consent	Duration of account
Uploaded files (MP4, MP3, images)	Video processing as requested	Performance of service	Automatically deleted 2 hours after processing
API token (SHA-256 hash)	Authentication for member API calls	Performance of contract	Duration of account
Session cookie	Maintaining the user session	Technical necessity (strictly necessary)	End of browser session
"Remember me" cookie (rvm_remember)	Automatic reconnection over 30 days if enabled by the user	Explicit consent (checkbox)	30 days or manual revocation
OAuth tokens (encrypted)	Publishing videos on your connected social accounts	Performance of contract	Duration of connection or until disconnection
Publication history	Displaying your publication history in the member area	Legitimate interest	12 months (rolling)

3bis. Connected Social Accounts

If you connect a third-party social account (YouTube, TikTok, Instagram…), RapidVideoMaker stores the OAuth tokens provided by that service to allow you to publish content on your behalf. These tokens are encrypted in the database and are never shared with third parties. You can revoke this connection at any time from your member area — this deletes the tokens from our database and revokes access with the relevant provider. You may also revoke access directly from the provider's settings (Google Account, TikTok Settings, etc.), in which case RapidVideoMaker will display an error status prompting you to reconnect.

3ter. Social Sign-In (Google)

You may create an account or sign in using your Google account. In this case, RapidVideoMaker receives from Google only your verified email address and your display name. No Google access token is stored — Google is used solely to verify your identity. If an account already exists with the same email address, it is automatically linked. You can delete your account at any time from your member area, which permanently removes all your data from our systems.

3quater. YouTube API Services — Data Protection

When you connect your YouTube account, RapidVideoMaker requests the following Google OAuth 2.0 scopes:

• https://www.googleapis.com/auth/youtube.upload — to upload and publish videos to your YouTube channel on your behalf.
• https://www.googleapis.com/auth/youtube.readonly — to read your YouTube channel information (name, ID, and avatar) when you connect your account.

How we protect your data:

• All data exchanged with Google's servers is encrypted in transit using TLS 1.2 or higher.
• OAuth access tokens and refresh tokens are stored encrypted at rest in our database and are never exposed in logs, URLs, or client-side code.
• We do not store your video content on our servers — videos are transmitted directly to the YouTube API.
• OAuth tokens are never shared with third parties.
• Tokens are deleted when you disconnect your YouTube account or upon account deletion.

You can revoke RapidVideoMaker's access to your YouTube account at any time via Google Account Permissions.

RapidVideoMaker's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. Uploaded Files

Files you upload (videos, audio, images) are processed exclusively to produce the requested output. They are stored temporarily on our servers and automatically deleted 2 hours after processing. They are not shared, analysed, or used for any other purpose.

4. Cookies

This site uses only strictly necessary cookies:

• Session cookie — keeps you logged in during browsing. Expires when the browser is closed. No consent required.
• rvm_remember — automatic reconnection cookie, only if you check "Remember me" when signing in. Valid for 30 days. You can revoke it by signing out.

No advertising cookies, no third-party trackers, no external analytics are used.

5. Fonts

This site uses self-hosted fonts (Bricolage Grotesque, Plus Jakarta Sans, JetBrains Mono). No request is made to Google Fonts or any external CDN during your browsing.

6. Hosting

The site is hosted on a virtual private server (VPS) located in Europe.
Host: Hostinger
Address: 61 Lordou Vironos Street, 6023 Larnaca, Cyprus

7. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR — EU 2016/679), you have the following rights:

• Right of access — obtain a copy of your personal data.
• Right to rectification — correct inaccurate data.
• Right to erasure — request deletion of your account and data.
• Right to data portability — receive your data in a structured format.
• Right to object — object to processing based on legitimate interest.
• Right to restriction — request suspension of a processing activity.

To exercise your rights: Contact form
We commit to responding within 30 days.

8. Contact

For any question regarding this policy: Contact form