Privacy Policy

1. Who We Are

Telova is a creative production management platform designed for video production teams, creative agencies, and media companies. For the purposes of GDPR, Telova acts as the data controller for personal data collected through our platform.

If you have questions about this policy or wish to exercise your rights, contact us at: privacy@telova.io

2. Data We Collect

2.1 Account and Identity Data

• Full name, email address, and password (hashed, never stored in plain text)
• Profile photo if provided
• Job title, department, and role within your workspace
• Billing name and address (processed via our payment provider)

2.2 Project and Production Data

• Project briefs, scripts, shot lists, call sheets, and schedules you create
• Media files, assets, and deliverables uploaded to the platform
• Review comments, annotations, and approval decisions
• Production reports, budgets, and expense records
• Communications and notes within a project workspace

2.3 Usage and Technical Data

• IP address, browser type, operating system, and device identifiers
• Pages visited, features used, and actions taken within the platform
• Login timestamps and session data
• Error logs and diagnostic data used to improve platform stability

2.4 Data Provided by Third Parties

• If you sign in via a third-party identity provider, we receive basic profile information as permitted by that provider
• If a project collaborator adds you to a workspace, we receive your name and email address from them

3. How We Use Your Data

3.1 Providing the Service

We process your data to create and manage your account, operate your workspaces and projects, facilitate collaboration between team members, deliver media files and client approvals, and send transactional notifications such as review requests, approval decisions, and task assignments.

3.2 Billing and Payments

We use your billing data to process subscription payments and enforce plan limits. Payment card data is never stored on our servers — it is handled exclusively by our PCI-DSS-compliant payment provider.

3.3 Platform Security and Integrity

We use technical and usage data to detect fraud, prevent unauthorised access, investigate abuse, and maintain the security and reliability of our systems.

3.4 Platform Improvement

We analyse aggregated, anonymised usage patterns to improve features, fix bugs, and inform product decisions. We do not sell this data or use it for advertising.

3.5 Legal Compliance

We may process your data to comply with applicable law, respond to legal process, enforce our Terms of Service, or protect the rights and safety of Telova, our users, or the public.

4. Legal Basis for Processing

We rely on the following legal bases under GDPR:

• Contract performance — processing necessary to deliver the service you have subscribed to
• Legitimate interests — platform security, fraud prevention, and service improvement, where these do not override your rights
• Legal obligation — where we are required to process data by law
• Consent — for optional features such as marketing communications, which you may withdraw at any time

5. Data Storage and Security

Your data is stored on servers located within the European Union (AWS eu-central-1, Frankfurt). We implement industry-standard security measures including encryption at rest and in transit (TLS 1.2+), access controls, audit logging, and regular security reviews.

Media files and assets are stored in Amazon S3 with server-side encryption. Access to files is controlled by signed URLs with limited expiry. We maintain separate access controls for each workspace to prevent cross-tenant data leakage.

No system can guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.

6. Data Retention

We retain your account data for as long as your account remains active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.

Project data, media files, and archived assets are retained according to the retention policy set by your workspace administrator. When a retention period expires, data is permanently deleted from our systems and from underlying cloud storage.

You may request deletion of your account and associated personal data at any time by contacting privacy@telova.io. Deletion of workspace data requires action by the workspace owner.

7. Sharing Your Data

We do not sell your personal data. We share data only in the following circumstances:

• Within your workspace — workspace members and collaborators see the data they need to perform their role
• Service providers — we use carefully selected sub-processors including AWS (cloud infrastructure), our payment provider, and our email delivery provider, each bound by data processing agreements
• Business transfers — in the event of a merger or acquisition, personal data may be transferred as part of that transaction, with advance notice to users
• Legal requirements — where required by law or valid legal process

A full list of our sub-processors is available on request at privacy@telova.io.

8. International Transfers

Your data is stored and processed within the EU. Where any sub-processor operates outside the EU/EEA, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — before any transfer takes place.

9. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — request deletion of your personal data, subject to legal obligations
• Right to restriction — ask us to limit how we use your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact privacy@telova.io. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

10. Cookies

We use cookies and similar technologies to operate the platform and understand how it is used. For full details on the cookies we set and how to manage them, see our Cookie Policy.

11. Children

Telova is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-platform notice at least 14 days before the changes take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related enquiries, data subject requests, or concerns about how we handle your data:

• Email: privacy@telova.io
• Website: telova.io