VVDAM
LEGAL · PRIVACY

Privacy Policy.

Effective DateMarch 28, 2026
Last UpdatedApril 23, 2026

VDAM LLC ("VDAM," "we," "us," or "our") operates the VDAM digital asset management platform at vdam.io. This Privacy Policy describes what information we collect, how we use it, and your rights regarding that information.

01Information We Collect

Account Information.

When you create an account, we collect your name, email address, and profile picture via Google Sign-In. We do not collect or store passwords.

Cloud Storage Data (Google Drive & Dropbox).

When you connect a cloud storage provider, we access files and folders you designate for indexing. We collect and store:

  • File metadata — names, MIME types, dimensions, durations, folder paths, and file sizes
  • Thumbnails — resized preview images generated from your files
  • AI-generated metadata — captions, tags, geographic information, and structured metadata produced by AI models
  • Search embeddings — numerical vector representations used for semantic search
  • Face detection data — bounding boxes and face identifiers used for face grouping and search

We access your cloud storage in read-only mode. We do not modify, delete, or write to your Google Drive or Dropbox files.

Usage & Error Data.

We collect anonymized error reports through Sentry, which may include error messages, stack traces, and the page or feature in use at the time of the error. This data does not include your file contents.

Cookies.

We use essential cookies for authentication. You can manage cookies through your browser settings.

02How We Use Your Information

  • Providing the Service — indexing files, generating searchable metadata, enabling search, browsing, and sharing
  • AI Processing — using third-party AI services to generate captions, tags, and embeddings. Your files are sent to these providers for processing only and are not used to train AI models
  • Face Recognition — using a third-party computer vision service to detect and group faces in images
  • Analytics — analyzing aggregated, anonymized usage patterns to improve the Service
  • Communications — sending transactional emails (login links, invitations, share notifications)

We do not sell your data, use your files to train AI models, share data with advertisers, or access files outside folders you explicitly connect.

03Google API Services User Data Policy

VDAM's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google API data to provide and improve the VDAM Service
  • We do not transfer Google API data to third parties except as necessary to provide the Service (AI processing), with your consent, for security purposes, or to comply with applicable law
  • We do not use Google API data for advertising
  • We do not allow humans to read your Google Drive data except with your explicit consent, for security investigations, to comply with law, or when data is aggregated and anonymized for internal operations

04Dropbox Data Usage

Authentication with Dropbox uses secure OAuth tokens — we never see or store your Dropbox password. We access your Dropbox files in read-only mode, do not use your files to train AI models, and do not share or transfer your Dropbox data to unauthorized third parties.

05Third-Party Services

ServicePurposeData Shared
Google Cloud PlatformHosting & storageThumbnails, application data
AI providerCaption & tag generationFile contents (processing only)
Computer vision providerFace detection & groupingImage thumbnails (processing only)
SentryError trackingError reports (no file data)
ResendTransactional emailEmail addresses
Lemon SqueezyPayment processing (Merchant of Record)Name, email, billing address, payment details

06Data Storage & Security

  • Data stored on Google Cloud Platform (US region), encrypted in transit (TLS) and at rest
  • OAuth tokens encrypted with AES-256-GCM before storage
  • Private storage buckets with authenticated access only
  • Magic link tokens hashed (SHA-256) before storage
  • Parameterized database queries to prevent injection

07Data Retention & Deletion

  • Active accounts — data retained while your account is active
  • Disconnected connectors — associated metadata archived, then deleted after 30 days
  • Account deletion — all data (metadata, thumbnails, embeddings, face data, account info) is permanently deleted upon request
  • Expired trials — archived and scheduled for deletion per retention policy

08Your Rights

You may access your data through the VDAM interface, disconnect cloud providers at any time, revoke OAuth access through your Google or Dropbox account, and request account deletion by contacting us.

09Children's Privacy

VDAM is not directed at children under 13. We do not knowingly collect information from children under 13.

10Changes to This Policy

We may update this policy and will notify you of material changes by posting the updated version here and updating the date above.

11Contact Us

VDAM LLC Email: support@vdam.io
Website: vdam.io