Privacy Policy
Last updated: May 20, 2026
Vivipod ("we", "our", "us") is an asynchronous discussion platform that enables users to create, share and discuss video content. This policy explains what information we collect, how we use it, and the choices you have. By using Vivipod you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account & User | Username, display name, email addresses, billing or contract details if applicable | Provided by you or your school/district |
| Authentication | Email verification codes, SSO provider identifiers, hashed secrets | Provided by you / SSO provider |
| Google OAuth Profile | Name, primary email, avatar URL (if available), Google account ID (OpenID sub) | Provided by Google during SSO |
| Content | Videos, thumbnails, video metadata (aspect ratio, description etc), Spaces, Topics, Posts, Comments | Created by you or other users |
| Usage & Device | Log files, IP address, browser type, interaction timestamps | Collected automatically |
We collect information from students under the age of digital consent only when their accounts are created and managed by an educator, parent, or legal guardian, in accordance with applicable laws such as COPPA in the United States. Students under 18 may use Vivipod only with permission from a parent/legal guardian or through a school, district, teacher, or other authorized educational institution that has authority to provide consent for the student's use of the Service.
We do not track students' behavior outside Vivipod. We do not monitor students' web browsing, search queries, social media use, or activity in unrelated apps or websites.
2. How We Use Information
- Provide the service - create accounts, store videos ("Assets"), display Spaces/Topics/Posts/Comments.
- Authenticate users - issue and validate email codes or SSO tokens.
- Operate & improve - monitor usage, debug, develop new features.
- Communicate - send notification emails (e.g. comment replies, verification codes).
- Safety & compliance - detect abuse, enforce our Terms, comply with legal requests.
We do not use student personal information for targeted advertising, and we do not sell student personal information.
3. Google User Data (OAuth & SSO)
When you choose Sign in with Google, we comply with the Google API Services User Data Policy.
- Data Accessed - the Google account ID (OpenID Connect
sub), profile name, primary email, and avatar URL (if provided). We do not request access to Google Drive, Calendar, Contacts, Classroom, or any other scopes. - Data Usage - we use those fields solely to create or link your Vivipod account, pre-fill your profile, and keep you signed in. OAuth tokens from Google are kept in memory just long enough to exchange for a Vivipod session and are not stored after the session cookie is issued.
- Data Sharing - Google profile fields are never sold. They are shared only with processors that help us run Vivipod under contracts that prohibit reuse.
- Data Storage & Protection - the Google account ID, name, and email are stored in our database with role-based access. All communication happens over HTTPS, session cookies use secure/SameSite protections where applicable, and secrets stay in environment variables managed via Cloudflare.
- Data Retention & Deletion - Google-derived data lives only while your Vivipod account is active. Once you delete your account or email
support@vivipod.comto request deletion, we remove Google data from production systems within 30 days and from backups within 90 days, then confirm completion.
4. Sharing & Disclosure
We share information only when necessary:
- Public content - Posts, comments, and Spaces marked public are visible to anyone with the URL.
- Service providers - Cloud hosting, video storage, email delivery, authentication, and infrastructure partners that process data on our behalf and under confidentiality, data protection, or equivalent contractual obligations.
- Legal requirements - If required by law, subpoena, or to protect the rights and safety of Vivipod, our users or the public.
- Business transfers - If Vivipod is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. Any successor that receives personal information must protect it with safeguards no less protective than those described in this policy, unless users are notified of a different policy and any choices available under applicable law, contract, or school/district agreement.
We never sell your personal information.
Current service providers that may process personal information include:
| Provider | Purpose |
|---|---|
| Cloudflare | Application hosting, Workers, D1 database, R2 object storage, KV, queues, rate limiting, logging, email routing, and security/infrastructure services. See Cloudflare's Privacy Policy. |
| Resend | Transactional email delivery and delivery status processing. See Resend's Privacy Policy. Vivipod is in the process of removing Resend and consolidating email-related services into Cloudflare where possible. |
| Optional Google sign-in / OAuth authentication |
5. Cookies & Similar Technologies
Vivipod uses cookies and similar browser storage for authentication, session management, security, and preferences.
- Essential cookies and storage keep you signed in, help protect accounts, and remember basic preferences such as theme.
You can control cookies through your browser settings. If you block essential cookies, some parts of Vivipod may not work correctly. Where required by law, we will provide additional notice or consent controls for non-essential cookies.
6. Your Choices & Rights
- Edit or delete content - You can update or remove your Assets, Posts or Comments at any time (subject to moderation queues).
- Delete account - Email
support@vivipod.comfrom your signed-in address (or use any in-product delete controls, when available) to request account deletion. We verify your identity, remove profile data within 30 days, and let you know when it's complete. Public content you created may remain unless you delete it first. - Control notifications - Opt-out links are provided in notification emails.
To exercise any of these rights, please contact us at support@vivipod.com.
7. Data Retention
We retain information for as long as your account is active or as needed to provide the service. Back-ups may persist for up to 90 days. Content deleted by you is queued for removal from our storage and CDN caches.
8. Security
We use administrative, technical, and organizational safeguards designed to protect personal information. These safeguards include HTTPS encryption in transit, encryption at rest through our infrastructure providers, access controls, least-privilege practices, environment-managed secrets, rate limiting for authentication flows, logging/monitoring, and segregated blob storage for uploaded media.
Vivipod's security practices are informed by common industry frameworks and control sets, including the NIST Cybersecurity Framework and CIS Controls. Vivipod has not completed its own SOC 2, SOC 3, FedRAMP, CSA STAR, ISO 27001, or similar independent security certification or third-party security audit at this time. Our infrastructure providers maintain their own security programs and compliance documentation, including Cloudflare compliance resources and Resend's SOC 2 Type II program. Provider assurance reports apply to those providers' systems and do not constitute a Vivipod-specific certification.
Structured application data is stored in Cloudflare D1. Uploaded videos, thumbnails, and related media files are stored in Cloudflare R2. Cloudflare states that D1 and R2 data are encrypted at rest and protected in transit. Transactional email is processed by Resend and/or Cloudflare Email, depending on environment configuration.
No system is 100% secure; please use unique, strong authentication methods.
9. Incident Response & Breach Notification
We maintain an incident response process designed to identify, contain, investigate, remediate, and document security incidents. We will notify affected schools, districts, boards, administrators, users, or legally required contacts of a security or data breach involving personal information as required by applicable law and contractual obligations. For school-managed deployments, breach notification procedures, timing, and notification responsibilities may be further specified in the applicable DPA or service agreement.
10. International Transfers
Vivipod is operated from the United States. If you access the service from outside the U.S., you consent to the transfer and processing of your information in the U.S. and other countries where we or our service providers operate.
11. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will provide notice, such as by email, in-app notice, administrator notice, or another reasonable method, and we will update the "Last updated" date above. Continued use of the Service after the changes become effective constitutes acceptance of the revised Privacy Policy.
12. Contact Us
Questions or concerns? Email us at support@vivipod.com.
Thank you for using Vivipod!