Privacy & Data Protection Policy

Last updated: April 11, 2026

1. Data Controller

The data controller responsible for your personal data is:

• Company: LEGIER FILMS SL
• CIF: B75613331
• Address: Calle Miño, 68 — 28670 Villaviciosa de Odón, Madrid, Spain
• Email: privacy@legierfilms.es
• Website: thefilmvfx.com

LEGIER FILMS SL operates the brand "The Film VFX" ("we", "our", "us"), including the website thefilmvfx.com and related visual effects plugins for Adobe After Effects, DaVinci Resolve Studio, and Avid Media Composer.

2. Applicable Legislation

This policy complies with:

• Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)
• Ley Orgánica 3/2018 — Spanish Data Protection and Digital Rights Act (LOPDGDD)
• Ley 34/2002 — Spanish Information Society Services Act (LSSI-CE)
• Directive 2002/58/EC — ePrivacy Directive

3. Personal Data We Collect

We collect the following categories of personal data:

• Identity Data: Full name and email address provided during account registration.
• Authentication Data: Hashed password (never stored in plaintext).
• Financial Data: Payment details processed exclusively by Stripe Inc. We never store credit/debit card numbers on our servers.
• Usage Data: Effect types used, credit consumption, timestamps, and processing metadata.
• Technical Data: IP address, browser type, operating system, device identifiers, and plugin version.
• Media Data: Video frames submitted for AI processing. These are processed in real-time and deleted immediately after processing (see Section 8).

4. Legal Basis for Processing

We process your personal data under the following legal bases (Art. 6 GDPR):

• Performance of a contract (Art. 6.1.b): Processing necessary to provide the service, manage your account, and process credit purchases.
• Legitimate interest (Art. 6.1.f): Fraud prevention, service security, usage analytics for service improvement, and technical support.
• Legal obligation (Art. 6.1.c): Compliance with tax, accounting, and regulatory requirements under Spanish and EU law.
• Consent (Art. 6.1.a): Where required, such as for marketing communications. You may withdraw consent at any time.

5. How We Use Your Data

• Provide, operate, and maintain the service and plugins
• Process credit purchases and manage your balance
• Send transactional communications (account confirmation, payment receipts, service alerts)
• Respond to support and technical enquiries
• Detect, prevent, and address fraud, abuse, or security threats
• Comply with legal and regulatory obligations
• Improve and optimise our AI models and service quality (using anonymised, aggregated data only)

6. AI Processing of Media Data

When you use our AI visual effects tools:

• Individual video frames are transmitted over encrypted connections (TLS 1.2+) to our processing servers
• Frames are processed by AI models and the result is returned to your plugin
• Original submitted frames are deleted from our servers immediately after processing
• Result images are available for download for a maximum of 24 hours, then permanently and automatically deleted
• We do not use your submitted media to train AI models without your explicit consent

7. International Data Transfers

Your data may be transferred to processors located outside the European Economic Area (EEA). Where this occurs, we ensure adequate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU-U.S. Data Privacy Framework certifications where applicable
• Adequacy decisions by the European Commission

8. Data Retention

• Account data: Retained while your account is active and for 3 years after deletion (legal compliance).
• Transaction records: Retained for 5 years as required by Spanish tax legislation (Ley General Tributaria).
• Processed media: Automatically and permanently deleted within 24 hours of processing.
• Technical logs: Retained for a maximum of 12 months.

9. Third-Party Processors

We share data with the following categories of processors, all bound by Data Processing Agreements (DPAs):

• Stripe Inc.: Payment processing — Stripe Privacy Policy
• Cloud AI Providers: Visual effects processing (frames only, no identity data)
• Hosting Providers: Server infrastructure within the EU
• Email Service Provider: Transactional email delivery

We do not sell, rent, or share your personal data with third parties for marketing purposes.

10. Your Rights (GDPR Arts. 15–22)

Under the GDPR and LOPDGDD, you have the following rights:

• Right of access (Art. 15): Obtain confirmation of whether your data is being processed and access a copy.
• Right to rectification (Art. 16): Correct inaccurate or incomplete personal data.
• Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to restriction (Art. 18): Request restriction of processing in certain circumstances.
• Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent (Art. 7.3): Withdraw consent at any time without affecting prior processing.
• Right not to be subject to automated decisions (Art. 22): Not be subject to decisions based solely on automated processing that significantly affect you.

To exercise any of these rights, contact us at privacy@legierfilms.es. We will respond within 30 days as required by law.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

11. Cookies

We use the following types of cookies:

• Strictly necessary cookies: Authentication tokens and session identifiers required for the service to function. These do not require consent under Art. 22.2 LSSI-CE.
• Functional cookies: Remember user preferences (language, plugin settings).

We do not use advertising, tracking, or third-party analytics cookies. Because we only use strictly necessary and functional cookies, no cookie consent banner is required under current LSSI-CE guidance.

12. Security Measures

We implement technical and organisational measures appropriate to the risk, including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for data at rest
• Bcrypt password hashing
• Role-based access controls
• Regular security audits and vulnerability assessments
• Incident response procedures in compliance with Art. 33 GDPR (72-hour breach notification)

13. Minors

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us immediately at privacy@legierfilms.es and we will promptly delete it.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any material changes will be notified via email or a prominent notice on our website. Continued use of the service after the effective date constitutes acceptance of the updated policy.

15. Contact

For any privacy-related enquiries:

• Privacy email: privacy@legierfilms.es
• General support: support@thefilmvfx.com
• Postal address: LEGIER FILMS SL — Calle Miño, 68, 28670 Villaviciosa de Odón, Madrid, Spain