export const meta = {
  title: "Privacy Policy",
  description: "Learn how Aspect Ratio, Inc. collects, uses, and protects your personal information.",
  slug: "privacy",
  lastUpdated: "May 7, 2026",
}

Welcome to the Aspect platform, operated by Aspect Ratio, Inc. ("Aspect," "we," "us," or "our"). Aspect provides an all-in-one cloud media platform for enterprise media teams, accessible through our website (aspect.inc, app.aspect.inc), desktop application (Mac and Windows), API, and Premiere Pro panel integration (collectively, the "Platform").

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you interact with our Platform, websites, and services. It applies to our customers ("Customers"), the end users of our Customers' workspaces ("End Users"), and visitors to our websites ("Visitors"). Throughout this Privacy Policy, "personal information" or "personal data" refers to any information that relates to an identified or identifiable individual.

If you are located in the European Economic Area ("EEA") or the United Kingdom ("UK"), this entire Privacy Policy applies to you, and we recommend you read it carefully. If you have questions, comments, or concerns, please contact us at [security@aspect.inc](mailto:security@aspect.inc)

## Who We Are

Aspect Ratio, Inc. is based in New York, NY. You may contact us at [security@aspect.inc](mailto:security@aspect.inc)

We may process your personal data as a **data controller** when we determine the means and purposes of processing, such as when we process the personal data of Visitors, prospective customers, or Customers managing their accounts. We act as a **data processor** when we collect and process personal data on behalf of our Customers who use our Platform to manage their media assets, collaborate with their teams, and leverage AI-powered features. Each Customer is responsible for its own privacy practices with respect to personal data it collects from its End Users and uploads to the Platform.

## Who This Policy Applies To

- **Customers:** Individuals or organizations that register for an Aspect account and subscribe to our services.
- **End Users:** Individuals who access a Customer's workspace on the Platform, including team members and external collaborators invited by a Customer.
- **Visitors:** Individuals who visit our website or interact with our marketing content.

Each Customer is responsible for posting its own privacy policies and ensuring compliance with all applicable laws and regulations regarding the data it processes through the Platform.

## What Information We Collect

The personal information we collect depends on how you interact with our Platform. We collect information in the following ways:

### Information You Provide Directly

**Account Information.** When you register for an Aspect account, we collect your name, email address, and optionally your profile picture, company name, and job title. This information is necessary to create and manage your account.

**Billing Information.** When you subscribe to a paid plan, we use a PCI-compliant third-party payment processor to handle your payment information. Aspect does not store credit card numbers or payment card data. We receive transaction confirmations, invoice records, and subscription status from our payment processor.

**Communications.** When you contact our support team, submit feedback, or otherwise communicate with us, we collect the content of those communications along with associated metadata such as timestamps.

**Workspace Configuration.** Customers configure their workspaces with project structures, permission settings, custom metadata field configurations, and other organizational preferences. We collect and store these configurations to deliver the Platform.

### Information Generated by the Platform

When Customers use our AI-powered features, the Platform generates metadata from uploaded media. Each AI feature can be independently enabled or disabled by workspace administrators. This system-generated data includes:

- **Transcripts** generated from audio and video content, supporting 160+ languages
- **Descriptive tags and labels** automatically generated from media content
- **Object detection results** identifying objects within images and video
- **Facial recognition data:** facial embeddings (mathematical representations derived from faces detected in media) and reference images uploaded by users (see the dedicated Biometric Data section below)
- **Natural language search indexes** derived from media content and metadata
- **Custom metadata** auto-populated via AI based on Customer-configured prompts

**Customer data is never used to train AI or machine learning models operated by Aspect or its service providers.** Our AI service providers process Customer data solely to deliver the requested feature and discard it after processing. No Customer data is retained by these providers.

### Information Collected Automatically

When you access the Platform, we automatically collect certain technical information:

- **Device and browser information:** device type, operating system, browser type and version, screen resolution, and language settings
- **Network information:** IP address and general location derived from IP address
- **Usage data:** session information, feature usage patterns, and interaction data collected via cookieless analytics
- **Server logs:** API access logs, authentication events, and request metadata

We do not capture personally identifiable information in error or crash reports.

### Information From Third Parties

- **Authentication providers:** When Customers use single sign-on (SSO) or directory sync, we receive identity information (such as name, email, and group membership) from the configured identity provider.
- **Payment processor:** We receive transaction status, billing confirmations, and subscription data from our payment processing provider.

### Information We Process on Behalf of Customers

As a data processor, we store and process the following on behalf of our Customers:

- **Media files:** Video, audio, images, documents, and other assets uploaded by Customers and their End Users
- **Collaboration data:** Comments, annotations, timestamps, approval decisions, and version history
- **Audit logs:** Records of user activity within Customer workspaces

Customer-uploaded content remains the property of the Customer. Aspect owns system-generated metadata (such as AI-generated transcripts, tags, and search indexes).

## Biometric Data and Facial Recognition

This section provides specific disclosures regarding our facial recognition feature and the biometric data it processes.

### How Facial Recognition Works

Aspect's facial recognition feature allows Customers to identify and organize media by the individuals who appear in it. The feature generates facial embeddings, mathematical representations of facial geometry, from faces detected in uploaded media. Users can upload reference images to associate names with detected faces.

### Activation and Control

Facial recognition is accessible by default within the Platform but requires **affirmative user action** to activate. No biometric data is generated until a user uploads face samples to the system. Workspace administrators can completely disable facial recognition for their entire workspace at any time, preventing any biometric processing from occurring.

### Consent

Consent for the collection and use of biometric data is obtained at the enterprise contract level. Customers are responsible for ensuring they have obtained any legally required consents from individuals whose biometric data may be processed through the Platform prior to activating the feature.

### Processing and Security

All facial recognition processing is performed **entirely in-house on Aspect infrastructure**. Biometric data is never sent to external AI service providers. Facial embeddings are:

- Encrypted using AES-256 at rest
- Logically isolated per workspace and never shared across Customers
- Accessible only by authorized users within the originating workspace
- Processed by Aspect solely as a data processor acting on Customer instructions, never for Aspect's own purposes

### Retention and Destruction

Biometric data, including facial embeddings and user-uploaded reference images, is retained only for as long as the purpose for collection remains active. Specifically:

- Biometric data is retained while the facial recognition feature is enabled and the Customer's account is active.
- Upon the feature being disabled by a workspace administrator or upon account termination, biometric data is permanently deleted within 60 days.
- In no event will biometric data be retained for longer than 3 years from the individual's last interaction with the Platform, whichever deletion trigger occurs first.
- **Immediate deletion** of biometric data is available upon request by contacting [support@aspect.inc](mailto:support@aspect.inc)
- Residual copies in encrypted backups are permanently removed within 30 days of deletion from production systems.

This retention schedule is publicly available and will remain accessible for as long as Aspect offers facial recognition capabilities.

### Purpose Limitation

Aspect processes biometric data solely for the purpose of providing the facial recognition feature as requested by the Customer. Biometric data is never used for advertising, marketing, or any purpose unrelated to delivering the feature. Aspect does not sell, lease, trade, or otherwise profit from biometric data.

### Legal Classification

Biometric data processed through the facial recognition feature may constitute:

- Biometric identifiers under the Illinois Biometric Information Privacy Act (BIPA)
- Special category data under GDPR Article 9
- Sensitive personal information under the California Consumer Privacy Act (CCPA)

Aspect processes this data with appropriate safeguards and in compliance with applicable biometric data laws.

## How We Use Your Information

We use personal information for the purposes described below. For users in the EEA and UK, we have identified the applicable legal basis under the General Data Protection Regulation (GDPR) for each purpose.

- **Providing the Platform and services:** delivering, maintaining, and improving the Platform, including media storage, streaming, collaboration tools, and workspace management. Legal basis: performance of contract and legitimate interests.
- **Processing payments:** managing subscriptions, processing billing, and sending transaction-related communications. Legal basis: performance of contract and legal obligations.
- **AI-powered features:** providing transcription, automated tagging, natural language search, object detection, and facial recognition as enabled by Customers. Legal basis: performance of contract and legitimate interests; for biometric data, Customer is responsible for obtaining any legally required consents or other valid legal basis.
- **Customer support:** responding to inquiries, troubleshooting issues, and providing technical assistance. Legal basis: performance of contract and legitimate interests.
- **Audit logging:** recording workspace activity for Customer administrators. Legal basis: legitimate interests and legal obligations.
- **Platform security and fraud prevention:** detecting, preventing, and responding to security incidents, fraud, and abuse. Legal basis: legitimate interests and legal obligations.
- **Analytics and service improvement:** analyzing usage patterns to improve Platform performance, reliability, and user experience. Legal basis: legitimate interests.
- **Marketing communications:** sending information about our products, features, and updates, in accordance with your preferences. Legal basis: consent where required and legitimate interests where permitted.
- **Legal compliance:** meeting legal, regulatory, and tax obligations. Legal basis: legal obligations.
- **Error tracking and debugging:** identifying and resolving technical issues in the Platform. Legal basis: legitimate interests.

Where we rely on legitimate interest as a legal basis, we have assessed that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time by contacting [security@aspect.inc](mailto:security@aspect.inc)

## When We Share Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We share personal information only in the following circumstances:

### Service Providers

We engage third-party service providers that process personal information on our behalf to help us operate the Platform. These providers are contractually obligated to protect your information and may only use it for the purposes we specify. Categories of service providers include:

- Cloud infrastructure and hosting providers
- Media storage and content delivery providers
- Backup and disaster recovery providers
- Payment processing providers
- Authentication and identity management providers
- AI and machine learning service providers (for transcription, automated tagging, natural language search, and object detection; facial recognition is processed entirely in-house and is not sent to external providers)
- Error tracking and application monitoring providers
- Product analytics providers
- Customer support platform providers
- Email delivery providers
- Compliance and security monitoring providers
- CRM and sales tools

A current list of our subprocessors is available at [https://trust.aspect.inc](https://trust.aspect.inc)

### Business Transfers

If Aspect is involved in a merger, acquisition, sale of assets, reorganization, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

### Legal Obligations

We may disclose personal information when we have a good-faith belief that disclosure is necessary to:

- Comply with applicable law, regulation, legal process, or government request
- Enforce our terms of service and other agreements
- Protect the rights, property, or safety of Aspect, our Customers, or the public
- Detect, prevent, or address fraud, security issues, or technical problems

### With Consent

We may share your information with third parties when you have given us explicit consent to do so.

### Aggregated and De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for purposes such as analytics, benchmarking, and industry research.

## Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Specific retention periods are as follows:

- **Customer media files:** Retained during the active account period. Deleted within 60 days of account termination. Customers may request earlier deletion by contacting [support@aspect.inc](mailto:support@aspect.inc)
- **Account information:** Retained during the active account period. Retained for up to 7 years after account termination to satisfy legal, tax, and accounting requirements.
- **Billing records:** Retained for 7 years per tax and accounting requirements.
- **AI-generated transcripts and metadata:** Retained during the active account period. Deleted within 60 days of account termination.
- **Facial recognition embeddings and reference images:** Retained while the feature is enabled and the account is active. Deleted within 60 days of the feature being disabled or the account being terminated. Immediate deletion available upon request.
- **Audit logs:** Retained for the duration of the active workspace. Retained for 60 days after workspace deletion.
- **Usage analytics:** Retained in aggregate and anonymized form indefinitely.
- **Customer support records:** Retained for up to 3 years after the last interaction.
- **Marketing consent records:** Retained permanently to honor opt-out preferences.

Residual copies of deleted data may persist in encrypted backups for up to 30 days after deletion from production systems, after which they are permanently removed.

## Data Security

We implement administrative, technical, and organizational measures designed to protect your personal information. These measures include:

- AES-256 encryption at rest for all stored data
- TLS 1.2 or higher for all data in transit; unencrypted protocols are prohibited
- Multi-availability-zone infrastructure deployment for redundancy and resilience
- Role-based access controls enforcing the principle of least privilege
- Multi-factor authentication required for all access to production systems
- Monthly vulnerability scanning of public-facing systems
- Annual independent penetration testing of the production environment
- Incident response procedures with defined severity levels and escalation paths
- Data pseudonymization and anonymization techniques where appropriate
- Employee background checks and security awareness training

Aspect maintains a SOC 2 Type 1 report, which is available to Customers and prospective Customers under a non-disclosure agreement. Please visit [trust.aspect.inc](https://trust.aspect.inc) to request a copy.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

## International Data Transfers

Aspect is based in the United States, and personal information is primarily stored and processed in the United States.

Aspect is self-certified under the **EU-U.S. Data Privacy Framework (DPF)**, the **UK Extension to the EU-U.S. DPF**, and the **Swiss-U.S. DPF** as set forth by the U.S. Department of Commerce. We are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to personal data received or transferred pursuant to these frameworks.

Where the Data Privacy Framework does not apply or additional safeguards are required, we rely on **Standard Contractual Clauses (SCCs)** approved by the European Commission to support transfers of personal data from the EEA, UK, and Switzerland.

Our service providers may process personal data in locations outside the EEA and UK. We ensure that appropriate transfer mechanisms and contractual protections are in place. For details on our subprocessors and their locations, please visit [https://trust.aspect.inc](https://trust.aspect.inc)

## Your Privacy Rights

### All Users

Regardless of your location, you may:

- Request access to the personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of your personal information
- Export your data through the Platform's self-service tools
- Update your communication preferences
- Opt out of marketing communications

### European Economic Area and United Kingdom (GDPR)

If you are located in the EEA or UK, you have the following rights under the GDPR:

- **Right to be informed** about how your personal data is processed (this Privacy Policy fulfills that obligation)
- **Right of access** to request a copy of your personal data
- **Right to rectification** to correct inaccurate or incomplete personal data
- **Right to erasure** to request deletion of your personal data under certain circumstances
- **Right to restrict processing** to request that we limit how we use your personal data
- **Right to data portability** to receive your personal data in a structured, commonly used, machine-readable format
- **Right to object** to processing based on legitimate interests, including direct marketing
- **Rights related to automated decision-making** and profiling
- **Right to withdraw consent** at any time where processing is based on consent
- **Right to lodge a complaint** with your local supervisory authority

When we process End User data on behalf of a Customer as a data processor, we will direct data subject requests to the relevant Customer and cooperate as required to help the Customer fulfill the request.

### California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

- **Right to know** what personal information we collect, use, and disclose
- **Right to delete** your personal information
- **Right to correct** inaccurate personal information
- **Right to opt out** of the sale or sharing of personal information
- **Right to limit use** of sensitive personal information
- **Right to non-discrimination** for exercising your privacy rights

We do not sell or share (as defined by the CCPA) your personal information. Biometric data processed through our facial recognition feature is classified as sensitive personal information under the CCPA.

### Illinois (BIPA)

If you are an Illinois resident, the Illinois Biometric Information Privacy Act provides you with specific rights regarding biometric identifiers and biometric information:

- **Right to informed written consent** before collection of biometric identifiers or biometric information
- **Right to know** the specific purpose and length of term for which biometric data is being collected, stored, and used
- **Publicly available retention schedule:** Biometric data is retained for no longer than 60 days after the purpose for collection has been satisfied (the feature is disabled or the account is terminated), or 3 years from the individual's last interaction with the Platform, whichever occurs first
- **Right to permanent destruction** of biometric data when the initial purpose for collecting the data has been satisfied or within the timeframes set forth above, whichever occurs first

Aspect does not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information. Biometric data is disclosed only as necessary to provide the facial recognition feature and as described in this Privacy Policy.

### Other US State Privacy Laws

We recognize the privacy rights granted to residents of Texas, Colorado, Connecticut, Virginia, Oregon, Montana, and other states with applicable privacy legislation. If you are a resident of any of these states and wish to exercise your rights, please contact us at [security@aspect.inc](mailto:security@aspect.inc)

### How to Exercise Your Rights

To exercise any of your privacy rights, please contact us at **[security@aspect.inc](mailto:security@aspect.inc)** When submitting a request, please provide sufficient information for us to verify your identity and locate your data.

- **Response timeframes:** We will respond within 30 days for GDPR requests and within 45 days for CCPA requests. These timeframes may be extended where permitted by law, and we will notify you if an extension is necessary.
- **Identity verification:** We may need to verify your identity before processing your request. This is a security measure to ensure personal information is not disclosed to unauthorized parties.
- **No fee:** We do not charge a fee to process your request unless the request is manifestly unfounded or excessive.

## Children's Privacy

The Aspect Platform is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without appropriate parental consent, we will take steps to delete that information promptly.

If you believe that a child under 16 has provided personal information to Aspect, please contact us at [security@aspect.inc](mailto:security@aspect.inc)

## Cookies and Tracking Technologies

Aspect uses cookies and similar technologies on our website to provide functionality, understand usage, and support marketing activities. We categorize cookies as follows:

- **Strictly necessary cookies** are required for the website to function and cannot be switched off. They include cookies for authentication, security, and load balancing.
- **Performance cookies** collect aggregated information about how visitors use the website, such as which pages are visited most often and whether errors occur. We use this information to improve website performance and reliability.
- **Functional cookies** enable enhanced features and personalization, such as remembering your preferences and settings.
- **Advertising and remarketing cookies** are used to deliver relevant advertisements and measure campaign effectiveness.

Our core product analytics use cookieless tracking technology and do not rely on cookies to collect usage data within the Platform.

**Do Not Track:** The Platform does not currently respond to Do Not Track (DNT) browser signals, as there is no industry-standard interpretation of DNT signals for online services.

**Cookie Consent:** For visitors in the EEA and UK, we provide a cookie consent mechanism that allows you to manage your preferences for non-essential cookies.

## Third-Party Links and Integrations

The Platform may contain links to third-party websites, services, or integrations that are not operated or controlled by Aspect. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access. Aspect is not responsible for the privacy practices of third-party services.

## Desktop Application and Local Cache

The Aspect desktop application (available for Mac and Windows) creates a local mount via SMBFS that caches media files on your device for use with non-linear editing tools. Customers and End Users are responsible for securing the local cache on their devices, including managing access controls, encryption, and deletion of locally cached files.

## Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email and/or through a prominent notice on the Platform prior to the changes becoming effective.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

## Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

**Email:** [security@aspect.inc](mailto:security@aspect.inc)

For customer support inquiries, you may also reach us at [support@aspect.inc](mailto:support@aspect.inc)