For the purposes of the GDPR we act as a data controller; for the DPDP Act we act as a Data Fiduciary. Contact: support.minzio@gmail.com.

V2M is a 100% client-side video transcoder. All decoding, encoding, and file output happens locally inside your browser using WebAssembly (FFmpeg.wasm). Your source files, intermediate frames, and converted outputs are never uploadedto our servers, our hosting provider, or any third party. We have no technical means to access them.

We collect only the minimum data needed to operate and improve the Service:

• Log data: IP address, browser type and version, operating system, referring URL, pages viewed, and timestamps. Retained for up to 30 days for security, abuse prevention, and debugging.
• Analytics: if analytics is enabled, aggregated, pseudonymised usage statistics (page views, country, device class) are collected via privacy-respecting analytics. We only enable analytics when you consent where required by law.
• Advertising data: if ads are served (e.g. Google AdSense), cookies and identifiers may be set by the ad network — see the Cookie Policy. We only load advertising scripts when you consent where required by law.
• Local preferences: your last-used conversion settings stored in your browser's localStorage under the key v2m_settings. This data stays on your device.
• Cookie consent: your consent choices for analytics and advertising are stored in localStorage under the key v2m_cookie_consent so we can honour them on future visits.
• Voluntary communications: if you email us, we keep your message and address to respond.

We do not collect names, phone numbers, government IDs, financial information, biometric data, health data, or other "sensitive personal data" as defined under the DPDP Act or the IT Rules, 2011.

We process the limited data above for the following purposes and legal bases:

• Operating the Service — legitimate interests / performance of contract / legitimate use under §7 DPDP Act.
• Security and fraud prevention — legitimate interests / legal obligation.
• Analytics and product improvement — legitimate interests / consent where required.
• Advertising — consent (where required by GDPR, ePrivacy, or applicable law).
• Compliance with law — legal obligation.

We rely on the following processors / sub-processors:

• Vercel Inc. — hosting and CDN (United States, with EU edge locations).
• Google LLC — analytics and advertising (AdSense, Google Analytics) where enabled.

Google AdSense disclosure: Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this and other websites. Google's use of advertising cookies enables it and its partners to serve ads to our users based on their visits to our site and/or other sites on the Internet. Users may opt out of personalized advertising by visiting Google Ads Settings. You may also opt out of a third-party vendor's use of cookies for personalized advertising by visiting www.aboutads.info.

For users in the EEA, UK, and Switzerland, we (and Google) rely on consent collected via a Google-certified Consent Management Platform where personalized advertising or non-essential cookies are used.

Your data may be processed in countries outside your own, including the United States. Where required, we rely on Standard Contractual Clauses (GDPR Art. 46) and equivalent safeguards permitted under §16 of the DPDP Act.

Server logs: up to 30 days. Aggregated analytics: up to 26 months. Email correspondence: up to 24 months after the matter is resolved. We delete or anonymise data when it is no longer required for the purposes above.

We implement reasonable security practices and procedures consistent with IS/ISO/IEC 27001 principles as contemplated by Rule 8 of the IT Rules, 2011, including HTTPS in transit, hardened cloud infrastructure, least-privilege access, and regular updates. No system is 100% secure; you use the Service at your own risk.

Depending on your jurisdiction you have the right to:

• Access the personal data we hold about you.
• Request correction, completion, or erasure of your data.
• Withdraw consent at any time (where processing is based on consent).
• Object to or restrict certain processing, including direct marketing.
• Data portability (GDPR Art. 20).
• Nominate another individual to exercise your rights in case of death or incapacity (§14 DPDP Act).
• Lodge a complaint with a supervisory authority — in India, the Data Protection Board; in the EU, your national DPA.
• Opt out of "sale" or "sharing" of personal information (CCPA/CPRA). We do not sell personal information.

Send requests to support.minzio@gmail.com. We respond within 30 days. We may need to verify your identity before acting.

The Service is not directed to children under 13 (or under 18 in India per §9 DPDP Act, which requires verifiable parental consent for processing children's data). We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us and we will delete it.

In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and §10 of the DPDP Act, 2023, complaints may be addressed to our Grievance Officer:

• Name: Grievance Officer, V2M
• Email: support.minzio@gmail.com
• Response time: acknowledged within 24 hours and resolved within 15 days.

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a new "Last updated" date. Continued use after changes constitutes acceptance.

Privacy questions, data-subject requests, or DPDP grievances: support.minzio@gmail.com.