LogoBack to Home

Privacy Policy

This policy details our unwavering commitment to protecting your personal data and privacy when you use the Veyo platform. Your trust is paramount to us.

Last Updated: January 4, 2026

INTRODUCTION: This Privacy Policy explains how Cibeeo Inc. SRL ("Company," "we," "us," or "our") collects, uses, processes, shares, and protects information in relation to our services, including the Veyo AI platform, website, and applications (collectively, the "Service"). As a company based in Romania, we operate under the General Data Protection Regulation (GDPR), and this policy is designed to uphold its principles. For the purposes of GDPR, we are the "Data Controller" for the Personal Data described herein.

1. The Information We Collect and How We Collect It

We collect Personal Data to provide and improve our Service. The types of data we collect depend on how you interact with us.

1.1. Data You Provide Directly to Us

  • Account and Profile Data: When you register, we collect your name, email address, password, and account type. Creators may additionally provide a profile picture, portfolio links, social media handles, and professional biography. Brands may provide company name, website, and industry.
  • Financial and Payment Data: To facilitate payments and payouts on the platform, we collect certain financial information.
    • For Creators: To send you your earnings, we collect your bank account details, specifically your IBAN (International Bank Account Number). This information is stored securely and used exclusively for the purpose of processing payouts.
    • For Brands: We do **not** collect or store your credit card details on our servers. All payments you make are processed directly through our secure third-party payment processor, Stripe. When you enter your payment information, it is sent directly to Stripe, and we receive a secure token to confirm the payment, not your sensitive card data.
  • Identity Verification Data: To comply with financial regulations and for security purposes, we may require Creators to provide a government-issued ID, which is used solely for identity and age verification by a trusted third-party service.
  • Content, Prompts, and AI Persona Data: We collect and process the text prompts, images, videos, brand assets, and other files you input into our AI tools ("User Input"). For the AI Persona feature, this includes images or videos of your likeness, which may be considered **Biometric Data** under certain regulations.
  • TAR (The Artist Room) Data: When using our Music Video Generator tool (TAR), we collect and process audio voice files, song lyrics, and related musical content you provide. By submitting this content, you acknowledge and approve that the Company will process, store, and use this data to generate music video outputs.
  • Voice Act & TalkDirect AI Data: Our Voice Act and TalkDirect AI systems process text, images, and audio to generate avatar lip-sync realism videos. This may include facial imagery and voice data which constitutes **Biometric Data**. By using these features with your own likeness, you explicitly consent to the Company processing, storing, and reviewing this data for service delivery and security purposes. The Company reserves the right to review such content at any time for security and compliance reasons.
  • VeyoTV Streaming Data: When you publish or view content on VeyoTV (veyolabs.com/tv), we collect viewing analytics, engagement metrics (views, likes, comments), publication metadata, and streaming quality preferences. This data is used to deliver the streaming service and prepare for future freemium advertising monetization features currently in development.
  • Communications Data: We collect data from your communications with us (e.g., support tickets) and any communications exchanged between users on the platform (e.g., campaign messages between Brands and Creators).

1.2. Data We Collect Automatically

  • Usage and Analytics Data: We automatically collect information about your interactions with the Service, such as the features you use, content generated, credits consumed, time spent, and other actions taken. This helps us understand user behavior and improve the platform.
  • Technical and Log Data: We collect technical information from your device, including IP address, browser type and version, operating system, device identifiers, and log files generated during your sessions.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to operate and personalize the Service. For detailed information, please see Article 6: "Cookies and Tracking Technologies" below.
2. How and Why We Use Your Information (Purposes and Legal Basis)

Our use of your Personal Data is always justified by a "legal basis" under GDPR. Here is how we use your data and the legal grounds we rely on:

To Perform Our Contract With You (Art. 6(1)(b) GDPR):

We process your data to: create and manage your account; provide the core AI generation and marketplace functionalities; facilitate and enforce agreements between Brands and Creators; and process payments, subscriptions, and payouts.

For Our Legitimate Interests (Art. 6(1)(f) GDPR):

We process data to: monitor, maintain, and improve the Service; develop new features; ensure platform security and prevent fraud; and (where permissible) to communicate with you about service updates or features. You have the right to object to this processing.

To Improve Our Services (Legitimate Interest):

We may use your Inputs and Outputs to improve and develop our Services, including for AI model training. This helps us make the platform better for everyone. As described in our Terms of Service, you have the right to opt-out of this specific use at any time via your Account settings.

To Comply With Legal Obligations (Art. 6(1)(c) GDPR):

We process data as required by law, such as for tax accounting, financial reporting, and to respond to lawful requests from authorities.

With Your Explicit Consent (Art. 6(1)(a) & Art. 9(2)(a) GDPR):

We will ask for your explicit consent to send you non-essential marketing communications or to use your content in our own promotional materials. Most importantly, we rely on your consent to process sensitive data categories. For the AI Persona feature, which may involve **Biometric Data** (such as facial geometry), **your clear, affirmative action of uploading this content and clicking to generate the persona constitutes your explicit consent** for us to process it for the sole purpose of providing that feature. You have the right to withdraw this consent at any time by deleting the content from our Service.

3. Our Policy on AI Model Training

Transparency in our AI practices is a core commitment. This section outlines how we handle your data in relation to improving our AI models.

3.1. Use of Data for Service Delivery: Your User Input and Co-Created Content are necessarily processed by our AI models to provide you with the Service. This processing is fundamental to our contract with you (Legal Basis: Art. 6(1)(b) GDPR).

3.2. Use of Data for Service Improvement (AI Training): To improve the accuracy, safety, and capabilities of our AI models, we may use a portion of User Input and Co-Created Content for training and development. We conduct this processing based on our legitimate interest to enhance our Service (Legal Basis: Art. 6(1)(f) GDPR).

3.3. Your Right to Opt-Out: We believe in user control. **You have the right to object to this use of your data at any time.** You can easily **opt-out** of having your content used for model training in your Account settings. We will always honor your choice. Data from designated Enterprise accounts is never used for model training.

4. How We Share and Disclose Your Information

We do not sell your Personal Data. We may share your information with the following categories of third parties ("Data Processors") only for legitimate and specified purposes:

  • Community Visibility: By registering as a Creator, you acknowledge and consent that your public profile information will be displayed in the VeyoLabs Creators Community directory. By registering as a Brand or Company, you acknowledge and consent that your company profile will be displayed in the VeyoLabs Brands directory. This visibility is essential to the marketplace functionality of our Service and enables connections between Creators and Brands.
  • Between Brands and Creators: A Creator's public profile is visible to Brands to facilitate connections. When a Creator applies to a campaign, their full profile may be shared with that specific Brand. Brand profiles and campaign details are visible to Creators.
  • Service Providers and Vendors: We engage trusted third parties to perform services on our behalf, such as payment processing (e.g., Stripe), identity verification, cloud infrastructure and hosting, and customer support tools. These processors are contractually bound to protect your data and may only use it as instructed by us.
  • Cloud Infrastructure and Storage Providers: Your data, including media files and metadata, is stored and processed using the following third-party cloud service providers, all of which maintain industry-standard compliance certifications:
    • • Amazon Web Services (AWS) - Primary cloud infrastructure and S3 storage (EU-North-1 region)
    • • Neon PostgreSQL - Database services for application data
    • • Google Cloud Platform - AI processing and Vertex AI services
    • • BytePlus - Video processing and enhancement computing (temporary processing only)
    By using our Service, you acknowledge that your data will be processed by these third-party providers in accordance with their respective privacy policies and compliance standards.
  • BytePlus Data Handling: Data processed through BytePlus is used exclusively for video processing enhancements and is temporary in nature. Upon your request, any data stored with BytePlus for processing purposes will be deleted within fifteen (15) calendar days. To request deletion, contact our Data Protection Officer at the email provided in Section 11.
  • Legal and Safety Reasons: We may disclose information if we have a good-faith belief that it's necessary to comply with a law, regulation, or legal process; to protect the safety of any person; to address fraud or security issues; or to protect our rights or property.
  • Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you and provide you with choices before your Personal Data becomes subject to a different privacy policy.
  • Third-Party AI Model Providers: To provide certain functionalities, our Service may integrate with or utilize AI models from third-party providers. In such cases, your User Input is sent to these providers for processing. These providers are contractually bound to specific privacy and security obligations. However, their processing of your data is also subject to their own terms and privacy policies, which we do not control.
5. Your Data Protection Rights under GDPR

As we operate under GDPR, you are afforded a comprehensive set of rights regarding your Personal Data:

  • The Right to Access: You can request copies of your Personal Data.
  • The Right to Rectification: You can request that we correct any inaccurate information or complete any incomplete information.
  • The Right to Erasure ("Right to be Forgotten"): You can request that we delete your Personal Data, under certain conditions.
  • The Right to Restrict Processing: You can request that we restrict the processing of your data, under certain conditions.
  • The Right to Object to Processing: You have the right to object to our processing of your Personal Data when it is based on our legitimate interests.
  • The Right to Data Portability: You can request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.
  • The Right to Withdraw Consent: Where we rely on your consent to process data, you have the right to withdraw that consent at any time.
  • The Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (supervisory authority) if you believe our processing of your data infringes on your rights.

To exercise any of these rights, please contact our Data Protection Officer at the email provided in Section 11.

6. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies. A "cookie" is a small text file that is stored on your device when you visit a website.

  • Essential Cookies: These are necessary for the Service to function and cannot be switched off. They are usually set in response to actions made by you, such as logging in or filling in forms.
  • Performance and Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site.
  • Functional Cookies: These enable the website to provide enhanced functionality and personalization.

You can manage your cookie preferences through the consent banner provided on our website and through your browser settings.

7. Data Security and Retention

Security Measures: We implement robust technical and organizational security measures—including encryption, access controls, and regular security audits—to protect your Personal Data. However, no electronic storage or transmission method is 100% secure.

Retention Policy: We retain your Personal Data for as long as your account is active or as necessary to provide the Service. Afterwards, we may retain data for a period necessary to comply with our legal obligations (e.g., 7-10 years for financial records), resolve disputes, and enforce our agreements. Data that is no longer needed for any of these purposes is securely deleted or anonymized.

8. International Data Transfers

As a global service, your information may be transferred to and processed in countries other than your own, such as the United States, where some of our third-party service providers (e.g., Amazon Web Services for data hosting) are located. When we transfer your Personal Data from the European Economic Area (EEA) to countries outside the EEA, we ensure a similar degree of protection is afforded to it by relying on appropriate legal safeguards, primarily the European Commission's Standard Contractual Clauses (SCCs).

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children under 18. If we become aware that we have collected Personal Data from a child under 18, we will take steps to delete such information from our files as soon as possible.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

11. Contact Us / Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or your Personal Data, please do not hesitate to contact our appointed Data Protection Officer (DPO):

Email: privacy@cibeeo.com

Mailing Address:
Cibeeo Inc. SRL
Attn: Data Protection Officer
Prahova, Romania