EditMash Logo

Privacy Policy

Last updated: January 3, 2026

1. Introduction

EditMash ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multiplayer collaborative video editing platform at editmash.com (the "Service").

By using EditMash, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account using Google Sign-In, we collect:

  • Name: Your display name from your Google account (you can change this)
  • Email address: Used for account identification and communication
  • Profile picture: Your Google profile image (stored on our servers)
  • Account creation date: When you first signed up

2.2 User-Generated Content

When you use EditMash, we store:

  • Media files: Videos, audio, and images you upload during matches
  • Edit history: Your clip placements and modifications on the timeline
  • Rendered videos: Final video outputs from collaborative editing sessions

2.3 Technical Information

For security and service functionality, we collect:

  • IP address: Stored with your session for security purposes
  • User agent: Browser and device information for session management
  • Session tokens: To keep you logged in

2.4 Preferences

We store your customization choices:

  • Highlight color: The color that identifies your clips to other players
  • Tutorial completion status: Whether you've completed the onboarding tutorial

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service
  • Authenticate your identity and maintain your session
  • Display your profile to other players in lobbies and matches
  • Store and serve your uploaded media files
  • Render collaborative video projects
  • Detect and prevent fraud, abuse, and security incidents
  • Communicate with you about the Service (only if necessary)

4. How We Share Your Information

4.1 With Other Users

When you participate in matches, other players can see:

  • Your display name
  • Your profile picture
  • Your highlight color
  • Your clip contributions to the shared timeline

4.2 With Service Providers

We use the following third-party services:

  • Google: For authentication (OAuth 2.0)
  • Backblaze B2: For secure cloud storage of media files and avatars

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request.

5. Cookies and Similar Technologies

We use the following cookies:

  • Session cookie: Keeps you logged in (expires after 7 days of inactivity)

Analytics

We use Plausible Analytics, a privacy-friendly, GDPR-compliant analytics service hosted in the EU. Plausible:

  • Does not use cookies or track personal data
  • Does not collect IP addresses or device identifiers
  • Provides anonymous, aggregate statistics only
  • Is fully GDPR-compliant and hosted on European infrastructure
  • Does not share data with third parties or use it for advertising

We do not use advertising cookies, tracking pixels, or invasive analytics tools like Google Analytics.

6. Data Retention

  • Account data: Retained until you delete your account
  • Match media: Associated with match records; may be deleted when matches are cleaned up
  • Session data: Automatically expires after 7 days of inactivity
  • Rendered videos: Retained for viewing in the results page

7. Your Rights and Choices

7.1 Access and Update

You can access and update your information through your Account page at any time, including:

  • Changing your display name
  • Updating your profile picture
  • Changing your highlight color

7.2 Account Deletion

You can permanently delete your account from your Account page. This is an automatic, self-service process that immediately removes:

  • Your user profile and account data
  • Your sessions and authentication data
  • Your lobby and match participation records
  • Your uploaded avatar images

7.3 Data Portability

You can download all your personal data from your Account page at any time. This is an automatic, self-service process—click "Download" in the "My data" section to receive a complete JSON export of your account information, match history, edit operations, and more.

8. Rights for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data (via your Account page)
  • Right to erasure: Delete your account and data (self-service via Account page)
  • Right to restriction: Request we limit processing of your data
  • Right to data portability: Download your data in JSON format (self-service via Account page)
  • Right to object: Object to processing of your data
  • Right to withdraw consent: Where processing is based on consent

Legal basis for processing: We process your data based on (a) your consent when you sign up, (b) contractual necessity to provide the Service, and (c) legitimate interests in security and fraud prevention.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Rights for California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect and how we use it
  • Right to delete: Request deletion of your personal information (self-service via Account page)
  • Right to opt-out: We do not sell your personal information
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

We do not sell your personal information. We do not share your data with third parties for their marketing purposes.

To exercise your rights, contact us at [email protected].

10. International Data Transfers

Our servers are located in Germany. Your data is primarily stored and processed in Germany in compliance with European data protection standards. We use service providers located in the United States (Backblaze B2 for media storage, Google for authentication). By using the Service, you consent to such transfers. We take appropriate safeguards to protect your data in accordance with applicable laws.

11. Age Requirements

EditMash is not intended for individuals under 16 years of age. We do not knowingly collect personal information from individuals under 16. If we learn we have collected information from someone under 16, we will delete it immediately. If you believe someone under 16 has provided us with personal information, please contact us at [email protected].

Due to the collaborative, user-generated nature of the Service, we cannot control or pre-screen all content uploaded by users. The age requirement helps ensure appropriate use of the platform.

12. Security

We implement reasonable security measures to protect your personal information, including:

  • Secure session management
  • OAuth 2.0 authentication (no passwords stored)
  • Rate limiting to prevent abuse

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at:

Email: [email protected]