Privacy Policy — With Media | Video Editing & Content Services
PRIVACY
Legal

Privacy Policy

Effective: 17 May 2026 Updated: 17 May 2026 Entity: WiTH Media, Hyderabad, Telangana, India
Plain-English summaries appear at the top of every section. The legal language follows. If they conflict, the legal language governs.

01About This Policy

This explains what data we collect about you, why, and what we do with it.

This Privacy Policy describes how WiTH Media ("With Media", "we", "us", "our") collects, uses, stores, shares, and protects personal information when you:

  • (a) visit our website at https://withmedia.in or any subdomain (including api.withmedia.in);
  • (b) use our client portal, team portal, admin portal, or related software (the "Portal");
  • (c) engage us for video editing, post-production, content, or related services (the "Services");
  • (d) communicate with us by email, Discord, phone, or any other channel.

This Policy is published in compliance with the Information Technology Act, 2000, the IT (Reasonable Security Practices) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), and supplements our Terms and Conditions.

02Who We Are (Data Fiduciary)

For purposes of the DPDP Act, WiTH Media is the Data Fiduciary in respect of the personal data it processes under this Policy. You are the Data Principal when the data relates to you.

Operator: WiTH Media

Place of Business: Hyderabad, Telangana, India

Privacy Contact: manishkumar@withmedia.in

Grievance Officer: See Section 14 below

03Scope & Definitions

Term Meaning
Personal Data Any data about an individual who is identifiable by or in relation to such data.
Sensitive Personal Data Passwords, financial information (bank account, card details), health information, biometric information, sexual orientation, and any data classified as sensitive under applicable Indian law.
Processing Any operation performed on Personal Data — collection, storage, use, disclosure, transfer, or deletion.
Consent A free, specific, informed, unconditional, and unambiguous indication of your agreement, given by a clear affirmative action, for a specified purpose.
Sub-processor A third-party service provider that processes Personal Data on our behalf.

04What Information We Collect

We collect three buckets: what you give us, what your account does on our system, and what your browser sends automatically.

4.1 Information You Provide

  • Identity: name, email address, phone number, business name, designation, GSTIN (for Indian businesses), business address.
  • Authentication: username and password (passwords are stored hashed using industry-standard one-way algorithms — we cannot see your password).
  • Billing: invoicing address, payment method metadata (we do not store full card or bank account numbers — see Section 8 on Razorpay/Stripe).
  • Content: raw footage, audio, scripts, brand assets, project briefs, references, signed contracts, and any other materials you upload to the Portal.
  • Communications: messages you send in the Portal task chat, via Discord, by email, or on calls.

4.2 Information Generated by Your Use

  • Task records, status histories, time stamps, assignments, and review decisions.
  • Login records, session metadata, IP addresses at login, browser and device information at login.
  • Portal interaction logs (which page you visited, which feature you used, error events).
  • Generated artifacts: invoices, contracts, e-signature audit trails (with IP and timestamp), exported videos.

4.3 Information Collected Automatically

  • Server logs: IP address, user agent string, referrer URL, request paths, response codes, request timestamps.
  • Cookies and similar technologies: session cookies (required for login), preference cookies (theme, sidebar state). See Section 10.
  • Cloudflare-edge data: Cloudflare sits in front of our Portal and processes request metadata for security (DDoS protection, WAF) under its own Privacy Policy.

4.4 Information from Third Parties

When you connect a third-party account (Notion, Google Calendar, Discord), we receive whatever data you authorise — typically your account email, identifier, and the specific scopes you grant. We do not request access beyond what is needed for the integration.

05How We Collect Information

  • (a) Directly from you — when you register, fill a form, sign a contract, upload Raw Materials, or contact us.
  • (b) Automatically — through cookies, server logs, and Cloudflare edge logs as you use the Portal.
  • (c) From third parties you authorise — when you connect an integration (Notion, Google, Discord).
  • (d) From referral sources — if you reach us through a referral link or partner introduction.

06Why We Collect It (Purposes)

To run the Services you signed up for, bill you, send you updates about your work, keep things secure, and improve the product.
  • 6.1 Service delivery — provisioning your account, routing tasks to editors, generating Deliverables, scheduling meetings, processing review requests, delivering finished files via Google Drive.
  • 6.2 Billing and payments — generating invoices, charging recurring fees through Razorpay or Stripe, sending reminders, applying penalty rules.
  • 6.3 Communication — task chat, project updates, support replies, system notifications (delivery alerts, meeting reminders, invoice notices).
  • 6.4 Compliance — issuing GST-compliant invoices, retaining records as required by the Income Tax Act and Companies Act, responding to lawful requests from authorities, maintaining e-signature audit trails.
  • 6.5 Security — preventing unauthorised access, detecting fraud, rate-limiting abusive traffic, investigating incidents, taking encrypted backups.
  • 6.6 Service improvement — analysing aggregated, de-identified usage to fix bugs, improve performance, prioritise features. We do not sell Personal Data to advertisers.
  • 6.7 Marketing (only with consent) — sending newsletters or promotional emails. You can opt out anytime by clicking unsubscribe or emailing manishkumar@withmedia.in.

07Legal Basis for Processing

  • (a) Your consent — given at sign-up and renewed when material changes occur.
  • (b) Performance of the contract — to deliver the Services you have paid for under the Service Agreement.
  • (c) Legitimate uses as defined under Section 7 of the DPDP Act — including security, fraud prevention, compliance with legal obligations, and protecting the rights of the Data Fiduciary.
  • (d) Compliance with law — where processing is required by Indian law, court order, or government direction.

You may withdraw consent at any time (see Section 13). Withdrawal may prevent us from continuing to provide some or all of the Services.

08How We Share Information (Sub-processors)

We use specific, listed third-party services to run our stack. Each sees only what it needs. We don't sell your data.
Sub-processor Purpose Data Shared Region
Razorpay Payment processing for Indian clients Name, email, billing amount, invoice metadata India
Stripe Payment processing for international clients Name, email, billing amount, invoice metadata United States / Ireland
Google LLC (Workspace — Drive, Calendar, Meet, Gmail) File delivery, calendar scheduling, video meetings, transactional email Name, email, calendar events, file links, message content United States
Discord Inc. Internal team comms + optional client notifications Discord ID, message content, channel metadata United States
Anthropic PBC (Claude API) AI brief generation, natural language commands, script analysis Prompt content (may include task names, client briefs); not used for model training per Anthropic's API terms United States
Notion Labs Inc. Optional client task sync Task titles, statuses, dates (only for clients who connect Notion) United States
ClickUp Task source sync Task titles, statuses, assignments United States
Frame.io / Adobe Video review and approval Video file metadata, review comments United States
Loom Inc. Screen-recorded explanations Video metadata, share links United States
Zoom Communications Optional meeting provider Name, email, meeting metadata United States
Cloudflare Inc. DNS, WAF, DDoS protection, tunnel ingress to our NAS Request metadata (IP, user agent, URL) Global edge
OpenAI Whisper transcription (for Wudio tool, where used) Audio files, transcripts United States
Sarvam AI Indian-language speech-to-text (Wudio) Audio files, transcripts India
ElevenLabs Speech-to-text (Wudio, optional) Audio files, transcripts United States
Hyper Backup (Synology) → Backblaze B2 Encrypted backups of the database and file store Encrypted snapshots India primary + off-site backup region

We may add or replace Sub-processors from time to time. Material changes will be notified by updating this Policy and, where required by law, by direct notice.

We do not sell Personal Data. We do not share Personal Data with third parties for their independent advertising or marketing purposes.

Other disclosures. We may disclose Personal Data: (a) to law enforcement or regulators when legally required, with the minimum necessary data; (b) to professional advisors (lawyers, accountants, auditors) under confidentiality; (c) to a successor entity in connection with a merger, acquisition, or reorganisation, on the same terms as this Policy.

09International Data Transfers

Some of our service providers are outside India. We only use providers that meet recognised security standards.

While our primary storage (the NAS-hosted database and file store) is located in India, several Sub-processors listed in Section 8 operate from outside India. When Personal Data is transferred to or accessed from these jurisdictions:

  • (a) we rely on the Sub-processor's contractual data-protection commitments (Standard Contractual Clauses, Data Processing Agreements);
  • (b) we limit the transferred data to what is necessary for the specified purpose;
  • (c) we comply with any restrictions notified by the Central Government under Section 16 of the DPDP Act on cross-border transfers.

If you do not consent to such transfers, do not use the Services.

10Cookies & Tracking

We only use essential cookies for login and preferences. No advertising trackers.
  • Session cookies — required to keep you logged in. Deleted when you log out or your session expires.
  • Preference storage (localStorage) — your sidebar collapse state, theme (light/dark), and last-viewed page. Stored only in your browser. We do not read these from our servers.
  • Cloudflare cookies — security-related cookies set by Cloudflare to identify and block malicious traffic, governed by Cloudflare's own policy.

We do not use advertising cookies, retargeting pixels, Google Analytics, Facebook Pixel, or any third-party tracker that follows you across websites.

You can disable cookies in your browser, but the Portal will not function correctly without session cookies.

11Data Retention

We keep your data only as long as we need it for the Services or for legal compliance.
Data Type Retention Period
Account record (email, name, login history) For the duration of your subscription, plus 3 years after termination
Raw Materials (footage, audio, references) For the duration of your subscription, then up to 90 days after termination, after which permanently deleted
Final Deliverables At least 12 months post-delivery; longer if your Plan or Service Agreement specifies
Invoices, GST records, financial statements 8 years as required by Indian tax law
E-signed contracts and audit trail 8 years from execution (statute of limitations under the Limitation Act, 1963)
Portal task chat messages For the duration of the task plus 2 years after task completion
Server logs (IP, request paths) 90 days in hot storage; aggregated and de-identified beyond that
Backups containing the above Rolling 30-day retention; off-site monthly snapshots retained 12 months

After the applicable period, data is either deleted permanently or anonymised so it can no longer identify you.

12How We Protect Your Data

Encryption, access controls, backups, and proper key management. No system is perfectly secure — but we do the work.
  • 12.1 Encryption in transit. All connections to the Portal and api.withmedia.in are served over HTTPS (TLS 1.2 or above), routed through Cloudflare. Cloudflare Tunnel connects our NAS to the public internet without exposing any open ports.
  • 12.2 Encryption at rest. Sensitive credentials (API keys, OAuth tokens, payment provider IDs) are stored encrypted in the database. Off-site backups are encrypted before they leave our infrastructure.
  • 12.3 Access controls. Role-based access in the Portal means clients can only see their own data, team members can only see assignments and tasks granted to them, and only the admin role sees system-wide data.
  • 12.4 Backups and disaster recovery. Daily encrypted database snapshots; weekly off-site copies; automatic restart on NAS reboot.
  • 12.5 Operational practices. Software is updated regularly. Health checks run daily at 03:00 IST. Activity logs are maintained for all administrative actions.
  • 12.6 Breach notification. If we become aware of a personal data breach materially affecting you, we will notify you and the Data Protection Board of India (where required) without undue delay and in compliance with the DPDP Act and IT Act timelines.
  • 12.7 Limits. No method of transmission or storage is perfectly secure. We use industry-standard practices, but you accept that some residual risk is inherent in any online service.

13Your Rights as a Data Principal

You can ask to see, correct, or delete your data. You can withdraw consent. You can complain.

Under the DPDP Act 2023 and other applicable law, you have the right to:

  • (a) Access — request a summary of the Personal Data we hold about you and the processing activities we undertake.
  • (b) Correction and Erasure — request that we correct inaccurate data or erase data that is no longer necessary for the original purpose, subject to retention obligations in Section 11.
  • (c) Withdrawal of Consent — withdraw any consent you have previously given. This will not affect the lawfulness of processing carried out before withdrawal. Note: withdrawal may prevent us from providing the Services.
  • (d) Grievance Redressal — raise a complaint with our Grievance Officer (Section 14) or, if not resolved, escalate to the Data Protection Board of India.
  • (e) Nominee — nominate another individual to exercise these rights in the event of your death or incapacity.

To exercise any right, write to manishkumar@withmedia.in with the request and reasonable identity verification. We will respond within 30 days of a verified request, or such shorter period as required by law.

14Grievance Officer

Pursuant to Section 8(10) of the DPDP Act 2023, Rule 5(9) of the IT Rules 2011, and the IT Rules 2021:

Grievance Officer: Manish Kumar

Email: manishkumar@withmedia.in

Postal: WiTH Media, Hyderabad, Telangana, India

The Grievance Officer will acknowledge complaints within 24 hours and resolve them within 15 days of receipt, in accordance with applicable law.

15Children's Data

The Services are intended for use by businesses and content creators aged 18 and over. We do not knowingly collect Personal Data from children under 18. If you believe we have inadvertently collected such data, contact manishkumar@withmedia.in and we will promptly delete it.

Where the Services are used to produce content featuring children (e.g., parenting content, family channels), the Client warrants that they have obtained all consents required by law from parents or lawful guardians before submitting that content to us.

16Third-Party Links

The Portal and our communications may contain links to third-party websites. We are not responsible for the content or privacy practices of those sites. Read their privacy policies before sharing data with them.

17Automated Decision-Making

We do not currently use Personal Data for solely automated decision-making that produces legal or similarly significant effects on you. Penalty rules under Section 7 of the Terms are applied with human review and may be waived by the Founder.

AI features (Claude-powered brief generation, Wudio transcription, Script Studio analysis) generate suggestions for human team members to review — they do not autonomously make decisions affecting your contract or account standing.

18Changes to This Policy

We may update this Policy. Big changes get 30 days' notice.

We may revise this Policy from time to time. The latest version will always be at https://withmedia.in/privacy with the Last Updated date.

For material changes (new categories of data collected, new Sub-processors, change in retention periods, change in international transfers), we will give you at least thirty (30) days' notice by email and Portal notification before the change takes effect, where required by law or where we consider it appropriate.

Continued use of the Services after the effective date of revisions constitutes acceptance.

19Contact Us

Privacy Contact: manishkumar@withmedia.in

Grievance Officer: manishkumar@withmedia.in

General Support: support@withmedia.in

Postal Address: WiTH Media, Hyderabad, Telangana, India

Website: https://withmedia.in

We aim to respond to all privacy inquiries within five (5) business days and to formal Data Principal requests within thirty (30) days of verification.