Privacy Policy
Last updated: June 17, 2026
Who we are
Vividdit ("Vividdit," "we," "us") is a free tool that lets musicians ("creators") offer download gates: a fan completes an action (follow, like, repost, or email signup) to unlock a creator's file. This policy explains what personal data we handle and how. Questions: vividfeverdreams@gmail.com.
For data that fans provide on a creator's gate, the creator is the controller of that data and Vividdit acts as a processor on their behalf. For creator accounts, Vividdit is the controller.
What we collect
- Creator accounts: email address and authentication data (managed by our auth provider), and your artist profile (name, URL slug, and the SoundCloud/Instagram/Spotify links you add).
- Your API keys (OpenAI/OpenRouter, Resend, Cloudflare R2), which you optionally provide. These are encrypted at rest and never shown back to the browser.
- Fan submissions: an email address (only if the gate asks for one and the fan provides it), the proof screenshots a fan uploads, and an optional proof code.
- Usage events:gate views, unlocks, and downloads, plus basic referral/UTM parameters, used for the creator's analytics.
- Optional ad pixels: if a creator enables Facebook, Google, or TikTok pixels on their gate, those third parties may set cookies and collect data once a visitor accepts the consent notice.
How we use it
To operate the service: authenticate creators, run gates, verify fan proof screenshots with AI, deliver downloads, send creators' fan emails, and provide analytics. We do not sell personal data.
Who we share it with (sub-processors)
We rely on these providers to run the service:
- Vercel — hosting and content delivery.
- Supabase — database, authentication, and file storage.
- OpenAI / OpenRouter— proof screenshots are sent to the AI provider configured by the creator to verify the required action. Governed by that provider's terms.
- Resend— sending creators' fan emails (using the creator's own key when configured).
- Cloudflare R2 — file storage when a creator connects their own bucket.
- Facebook / Google / TikTok — only if a creator enables ad pixels on their gate, and only after visitor consent.
How we protect it
Creator API keys are encrypted at rest using AES-256-GCM, with the encryption secret held only in our server environment. Database access is restricted with row-level security so creators can only reach their own data, and the tables holding secrets are reachable only by trusted server code. All traffic is served over HTTPS. No system is perfectly secure, but we take reasonable measures to protect your information.
How long we keep it
- Proof screenshots are automatically deleted about 30 days after a submission is approved or rejected.
- Fan emailsthat a fan provides to join a creator's list are retained for the creator until the creator removes them or deletes the gate. Emails used only to deliver a one-time download are minimized after they're no longer needed.
- Creator accounts and data are kept until the account is deleted.
Your rights
Depending on where you live (e.g. the EU/UK under GDPR or California under the CCPA/CPRA), you may have the right to access, correct, delete, or export your personal data, and to opt out of certain processing. Fans should contact the creator whose gate they used; creators and anyone else can contact us at vividfeverdreams@gmail.comand we'll respond as required by law.
Children
Vividdit is not directed to children under 13 (or the minimum age in your country), and we don't knowingly collect their data.
Changes
We may update this policy; we'll revise the date above when we do. Material changes will be reflected here.
Contact
Questions or requests: vividfeverdreams@gmail.com.
This page is provided for transparency and is not legal advice. See our Terms of Service.