Last updated: May 13, 2026

This Privacy Policy explains how BMDRM ("we", "us", "our") collects, uses, shares, and safeguards information when you visit our website, create an account, upload content, or use our secure video hosting and DRM streaming services (collectively, the "Service").

We act as a data controller for the personal data of our account holders and as a data processor for personal data contained in the content uploaded by our customers and viewed by their end users.

1. Information We Collect

Information you provide to us

  • Account data: name, email address, password, organization, billing address, and phone number.
  • Payment data: handled by our PCI-compliant payment processors; we receive only a tokenized reference and last four digits.
  • Support communications: messages, attachments, and metadata when you contact us.

Information collected automatically

  • Usage data: pages viewed, features used, dashboard actions, API calls, referring URLs, and timestamps.
  • Device and connection data: IP address, browser type, operating system, device identifiers, language, and approximate location derived from IP.
  • Player and streaming telemetry: playback events, bitrate, buffering metrics, DRM license requests, and error reports.
  • Cookies and similar technologies: used for authentication, preferences, analytics, and security.

Information from third parties

  • Identity providers (e.g., Google, SSO) when you choose to sign in through them.
  • Payment processors confirming successful transactions.
  • Anti-fraud and abuse-prevention partners.

2. How We Use Information

We use personal data to:

  • provide, operate, and maintain the Service;
  • authenticate users and protect accounts from unauthorized access;
  • process payments, invoices, and tax obligations;
  • deliver and secure video playback through DRM and watermarking;
  • analyze usage to improve performance, reliability, and features;
  • communicate with you about updates, security alerts, and support requests;
  • send marketing communications where permitted (you can opt out at any time);
  • comply with legal obligations and enforce our Terms of Service.

3. Legal Bases (GDPR)

Where the GDPR applies, we rely on the following legal bases: performance of a contract (to deliver the Service), legitimate interests (to secure and improve it), consent (for optional analytics and marketing), and legal obligations (for tax and compliance records).

4. Sharing of Information

We do not sell your personal data. We share data only:

  • with service providers (cloud hosting, CDN, DRM license servers, payment processors, email and analytics platforms) acting under contractual confidentiality and data-processing obligations;
  • with your authorized integrations (e.g., LMS, SSO) when you connect them;
  • in response to lawful requests from public authorities, when required;
  • in connection with a merger, acquisition, or asset sale, with continuity of these privacy commitments;
  • with your consent or at your direction.

5. International Data Transfers

We may transfer and process data in countries other than your own. Where required, we use safeguards such as the European Commission's Standard Contractual Clauses and equivalent mechanisms to protect your data during such transfers.

6. Data Retention

We keep personal data only as long as necessary for the purposes described in this Policy:

  • Account data: while your account is active and for a limited period after closure.
  • Uploaded content: as long as you keep it in the Service or as instructed by you.
  • Billing records: as required by applicable tax and accounting laws.
  • Logs and telemetry: typically up to 12 months unless needed for security investigations.

7. Security

We implement industry-standard administrative, technical, and physical safeguards to protect personal data, including encryption in transit (TLS), encryption at rest, access controls, key management, vulnerability scanning, and continuous monitoring. No system is 100% secure, so we cannot guarantee absolute security.

8. Your Rights

Depending on where you live, you may have rights to:

  • access, correct, or delete your personal data;
  • object to or restrict certain processing;
  • withdraw consent at any time;
  • receive a portable copy of your data;
  • lodge a complaint with your local data-protection authority.

You can exercise these rights from your account settings or by emailing [email protected]. We will respond within the timeframes required by applicable law.

9. Cookies and Tracking

We use strictly necessary cookies to operate the Service, plus optional analytics and preference cookies. You can manage cookies through your browser settings or our in-product cookie controls where available. Disabling certain cookies may limit functionality.

10. Children

The Service is not directed to children under 16. If you believe a child has provided us personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service or by email before they take effect. The "Last updated" date at the top shows when the most recent version was published.

12. Contact Us

For privacy questions, data-subject requests, or to reach our Data Protection Officer, contact:

BMDRM — Privacy Team Email: [email protected]