Privacy Policy

1. Introduction

SizeMarker ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our video annotation software and services ("Services").

Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this policy. This policy applies to all users of our Services, regardless of location.

We do not collect or process any sensitive personal data (also known as "special category data" under GDPR), including data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.

2. Data Controller

For the purposes of data protection laws, the data controller responsible for your personal information is:

As the data controller, we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Privacy Policy.

EU/UK Representative

If you are located in the European Economic Area or United Kingdom and have questions about our data practices, you may contact us at support@sizemarker.com.

3. Information We Collect

3.1 Personal Information

We may collect personal information that you voluntarily provide, including:

• Name and email address
• Account credentials (username, hashed password)
• Payment information (processed securely by third-party providers; we do not store full credit card numbers)
• Contact information when you reach out to support
• Communication preferences

3.2 Usage Data

We automatically collect certain information when you use our Services:

• Device information (operating system, browser type, device model)
• IP address and general geographic location (country/city level)
• Usage patterns and feature interactions
• Error logs and performance data
• Session information (login times, pages visited)
• Referral source (how you found our Services)

3.3 Video Content

When you use SizeMarker, you may upload videos for annotation. We process this content solely to provide our Services. Videos are temporarily processed on our servers and are automatically deleted after processing is complete. We do not use your videos for any other purpose, including training AI models.

4. How We Use Your Information

We use the collected information for the following purposes:

• Provide, maintain, and improve our Services
• Process transactions and send related information
• Send administrative messages, updates, and service notifications
• Respond to customer service requests and support inquiries
• Monitor and analyze usage trends to improve user experience
• Detect and prevent fraud, abuse, or security threats
• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and protect our rights
• Send marketing communications (only with your consent, where required)

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom (under UK GDPR), and Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide our Services to you, including account management, video annotation features, and subscription management
• Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests, such as improving our Services, fraud prevention, security, and analytics, where these interests are not overridden by your rights. You have the right to object to processing based on legitimate interests
• Consent (Article 6(1)(a)): Where you have given explicit consent for specific processing activities, such as marketing communications or optional analytics cookies
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws and regulations, such as tax and accounting requirements

You may withdraw your consent at any time where we rely on consent as the legal basis for processing. To withdraw consent, contact us at support@sizemarker.com or use the unsubscribe link in marketing emails. Withdrawal will not affect the lawfulness of processing before withdrawal.

6. Information Sharing

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

• Service Providers: Third-party vendors who assist in operating our Services under strict data processing agreements. These include:
  • Payment processors (Stripe) for transaction processing
  • Cloud hosting providers for data storage and processing
  • Analytics providers (Google Analytics with IP anonymization enabled)
  • Customer support tools
• Legal Requirements: When required by law, court order, or governmental authority, or to protect our legal rights, safety, or property
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets. You will be notified of any such transfer and any choices you may have
• With Your Consent: When you explicitly authorize sharing for a specific purpose

All third-party service providers are contractually obligated to protect your data and may only use it for the specific purposes we have authorized.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Regular security assessments and vulnerability testing
• Role-based access controls and multi-factor authentication for administrative access
• Secure data centers with physical security measures
• Regular security training for employees with data access
• Incident response and disaster recovery procedures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify Authorities: Report the breach to the relevant data protection supervisory authority within 72 hours of becoming aware of it, as required by GDPR Article 33
• Notify Affected Users: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay via email or prominent notice on our website
• Document the Breach: Maintain records of all data breaches, including facts, effects, and remedial actions taken

The notification will include:

• Nature of the breach and categories of data affected
• Likely consequences of the breach
• Measures taken or proposed to address the breach
• Contact information for further inquiries

9. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specifically:

• Account data: Retained while your account is active and for 30 days after account deletion to allow for recovery
• Uploaded videos: Processed temporarily during annotation and automatically deleted within 24 hours after processing is complete
• Usage logs: Retained for up to 12 months for analytics and service improvement
• Payment records: Retained for 7 years as required by tax and accounting laws
• Support communications: Retained for 3 years after resolution for quality and training purposes
• Marketing preferences: Retained until you withdraw consent or delete your account

After the retention period expires, we will securely delete or anonymize your personal information. In some cases, we may retain anonymized data for statistical purposes indefinitely.

10. Your Rights

Depending on your location, you have the following rights regarding your personal data:

• Right of Access (GDPR Art. 15): Request a copy of your personal data and information about how we process it
• Right to Rectification (GDPR Art. 16): Request correction of inaccurate or incomplete data
• Right to Erasure (GDPR Art. 17): Request deletion of your data ("right to be forgotten") under certain circumstances
• Right to Data Portability (GDPR Art. 20): Receive your data in a structured, machine-readable format (JSON or CSV)
• Right to Restriction (GDPR Art. 18): Request limitation of processing in certain circumstances
• Right to Object (GDPR Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Opt-out: Unsubscribe from marketing communications at any time

How to Exercise Your Rights

To exercise any of these rights, please contact us at support@sizemarker.com. We will:

• Verify your identity before processing your request
• Respond within 30 days (or one month under GDPR)
• Extend the response period by up to two additional months for complex requests, with notification
• Provide our response free of charge, unless requests are manifestly unfounded or excessive

For EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your privacy rights. Key supervisory authorities include:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• Ireland: Data Protection Commission - dataprotection.ie
• EU: Contact your local data protection authority

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. Our use of cookies is governed by applicable laws including the EU ePrivacy Directive.

Types of Cookies We Use

• Essential Cookies: Required for the website to function properly (authentication, security, load balancing). These cannot be disabled.
• Functional Cookies: Remember your preferences and settings (language, theme).
• Analytics Cookies: Help us understand how visitors use our website (Google Analytics with IP anonymization).
• Marketing Cookies: Used to deliver relevant advertisements (only with your consent).

Cookie Consent

When you first visit our website, we will ask for your consent to use non-essential cookies through our cookie banner. You can:

• Accept all cookies
• Reject non-essential cookies
• Customize your cookie preferences

You can change your cookie preferences at any time through our cookie settings or by clearing your browser cookies. Note that disabling certain cookies may affect some features of our Services.

Do Not Track

Some browsers include a "Do Not Track" (DNT) feature. We currently do not respond to DNT signals, but we honor cookie consent preferences set through our cookie banner.

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you as defined under GDPR Article 22.

While we may use automated systems for:

• Fraud detection and prevention
• Account security monitoring
• Usage analytics and service improvement

These processes do not make decisions that have legal or similarly significant effects on you without human review. If we implement any automated decision-making in the future that would affect your rights, we will notify you and provide information about the logic involved and the significance of such processing.

13. Third-Party Services

Our Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Third-party services we use include:

• Google Analytics: Usage analytics with IP anonymization enabled. Google Privacy Policy
• Stripe: Payment processing. We do not store your full credit card information. Stripe Privacy Policy
• Cloud Hosting: Amazon Web Services (AWS) or similar providers for data storage and processing
• Email Services: For transactional and marketing communications

Each third-party service provider has entered into data processing agreements with us and is required to protect your data in accordance with applicable laws.

14. Children's Privacy

Our Services are not intended for children under 13 years of age (or 16 years in the EEA where required by local law). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided personal information to us without your consent, please contact us immediately at support@sizemarker.com. We will take steps to delete such information from our systems within a reasonable timeframe.

If we learn that we have collected personal information from a child without verification of parental consent, we will delete that information as quickly as possible.

15. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including Hong Kong, the United States, and other jurisdictions where our service providers operate.

EEA, UK, and Swiss Users

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries not deemed to have adequate data protection by the European Commission or UK authorities, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs): The European Commission-approved SCCs (Module 1, 2, 3, or 4 as applicable) and UK International Data Transfer Addendum
• Data Processing Agreements: Binding agreements with all service providers that process personal data
• Supplementary Measures: Technical measures such as encryption, pseudonymization, and access controls
• Transfer Impact Assessments: We assess the laws and practices of destination countries to ensure adequate protection

Hong Kong

As our company is based in Hong Kong, data may be stored and processed there. Hong Kong's Personal Data (Privacy) Ordinance provides protections for personal data.

You may request a copy of the safeguards we use by contacting us at support@sizemarker.com.

16. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (Cal. Civ. Code § 1798.140(v)(1)(A)): Name, email address, IP address, account credentials
• Commercial Information (Cal. Civ. Code § 1798.140(v)(1)(D)): Purchase history, subscription details, transaction records
• Internet or Network Activity (Cal. Civ. Code § 1798.140(v)(1)(F)): Browsing history, search history, interactions with our Services
• Geolocation Data (Cal. Civ. Code § 1798.140(v)(1)(G)): General location based on IP address (country/city level only)
• Inferences (Cal. Civ. Code § 1798.140(v)(1)(K)): Preferences derived from usage patterns

Your California Rights

• Right to Know (§ 1798.100): Request disclosure of personal information collected, sources, purposes, and third parties with whom we share it
• Right to Delete (§ 1798.105): Request deletion of your personal information, subject to certain exceptions
• Right to Correct (§ 1798.106): Request correction of inaccurate personal information
• Right to Opt-Out (§ 1798.120): Opt out of the sale or sharing of personal information
• Right to Limit (§ 1798.121): Limit use of sensitive personal information
• Right to Non-Discrimination (§ 1798.125): Not be discriminated against for exercising your privacy rights

Do Not Sell or Share My Personal Information

We do not sell your personal information as defined by CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising purposes. We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written permission from you and verify their identity.

How to Exercise Your Rights

To exercise your California privacy rights, contact us at support@sizemarker.com. We will verify your identity by matching information you provide with information in our records. We will respond to verifiable requests within 45 days.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes that affect your rights, we will notify registered users via email at least 30 days before the changes take effect
• We may also post a prominent notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the updated policy, you should stop using the Services.

18. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. For data subject access requests under GDPR, we will respond within one month as required by law.