GDPR & data protection

Formal data protection notice for UK users. Explains what we collect, why we process it, and your statutory rights — including the right to complain to the ICO.

This notice explains how Pluged AI processes your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to visitors of pluged.ai and users of the Pluged AI browser editor at app.pluged.ai.

1. Who we are

Pluged AI ("we", "us", "our") operates the Pluged AI marketing website and video editor. For the purposes of UK data protection law, we are the data controller for personal data described in this notice.

Contact: hello@pluged.ai

2. Personal data we collect

Depending on how you use Pluged AI, we may process:

Account & identity (when you sign in)

  • Name, email address, profile photo (via Google sign-in)
  • Firebase user ID and authentication session data
  • Subscription plan status (free, pro, or team)
  • Stripe customer and subscription identifiers (if you subscribe)

Service & usage data

  • AI agent usage metrics (e.g. token counts for quota metering)
  • Feedback you voluntarily submit
  • Share-page metadata if you publish an exported edit
  • Technical logs (IP address, browser type, timestamps, errors)

Payment data

  • Subscription and billing details are processed by Stripe. We do not store full card numbers on our servers.

Website analytics

  • Anonymised or pseudonymised usage data via Google Analytics 4 (page views, device/browser information, approximate location)

Local data on your device

  • Video projects, media files, and editor state are stored primarily in your browser (IndexedDB / local storage). This data normally does not leave your device unless you use a hosted feature (such as cloud transcription) or explicitly export or share content.

We process personal data only where we have a lawful basis:

  • Contract — to provide the editor, manage your account, and fulfil a Pro subscription you purchase.
  • Legitimate interests — to secure our services, prevent abuse, improve reliability, and understand aggregated website usage. We balance these interests against your rights.
  • Consent — where required for non-essential cookies and analytics, or for optional communications. You may withdraw consent at any time.
  • Legal obligation — to keep records required for tax, accounting, or regulatory purposes relating to payments.

4. How we use your data

  • Authenticate you and maintain your account
  • Provide free and paid features, including AI editing tools
  • Process subscriptions and manage billing via Stripe
  • Enforce usage limits on free plans and apply Pro entitlements
  • Respond to support requests and feedback
  • Monitor security, debug issues, and prevent fraud or abuse
  • Measure website traffic and improve pluged.ai
  • Comply with applicable law

We do not sell your personal data. We do not use your video content for advertising profiling.

5. Cookies & similar technologies

We use cookies and browser storage for:

  • Strictly necessary — session authentication (e.g. pluged_session) so you stay signed in across pluged.ai and app.pluged.ai
  • Functional — editor preferences and locally saved projects in your browser
  • Analytics — Google Analytics cookies to understand how the marketing site is used

Non-essential cookies (such as analytics) should only be set after you have been given a clear choice where UK law requires it. You can also block or delete cookies in your browser settings.

6. Third-party processors

We use trusted service providers who process data on our instructions:

  • Google / Firebase — authentication and user profile storage (Firestore)
  • Stripe — payment processing and subscription management
  • Google Analytics — website analytics
  • Vercel (or equivalent hosting provider) — site hosting and content delivery
  • Cloud AI / media providers — only when you invoke hosted features (e.g. transcription, stock media search)

Each processor is bound by contractual terms requiring appropriate security and, where applicable, standard contractual clauses or equivalent safeguards for international transfers.

7. International transfers

Some providers (including Google, Stripe, and Vercel) may process data outside the UK. Where this happens, we rely on adequacy regulations, UK International Data Transfer Agreements, or other approved transfer mechanisms under UK GDPR.

8. How long we keep data

  • Account data — while your account is active, then deleted or anonymised within a reasonable period after you delete your account or request erasure (subject to legal holds).
  • Billing records — retained as required for tax and accounting (typically up to 6 years in the UK).
  • Analytics — according to Google Analytics retention settings (configurable; default periods apply).
  • Local editor data — remains on your device until you clear browser storage.

9. Security

We use administrative, technical, and organisational measures appropriate to the risk, including encrypted connections (HTTPS), access controls, and server-side verification of authentication tokens. No method of transmission or storage is 100% secure; please use a strong Google account and keep your devices protected.

10. Your rights under UK GDPR

If UK GDPR applies to our processing of your personal data, you have the right to:

  • Access — request a copy of personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data in certain circumstances
  • Restriction — ask us to limit processing in certain circumstances
  • Data portability — receive certain data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests, including profiling
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, email hello@pluged.ai. We will respond within one month, as required by law. We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. You do not need to prove financial loss to raise a concern with the ICO about how your data has been handled.

11. Children

Pluged AI is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this notice

We may update this notice from time to time. The "Last updated" date below will change when we do. Material changes will be highlighted on this page. Continued use after an update constitutes acknowledgement of the revised notice where permitted by law.

13. Contact

Questions about this notice or your personal data: hello@pluged.ai

For the full privacy policy, see our Privacy policy.

Last updated: 1 July 2026

Community