PandaVision LogoPANDAVISION

// PRIVACY

Privacy Policy

Effective Date: December 1, 2025

Version: 1.1

1. Introduction

PandaVision is a product and service operated by Casa Lunera ("we," "us," or "our"), headquartered in Victoria, Australia.

We are committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and process your data when using PandaVision and PandaVision Studio.

Our practices comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), and align with international standards including GDPR and ISO/IEC 27001.

2. Information We Collect

We follow strict data minimization principles.

2.1 Personal Identification Information (PII)

  • Identity Data: Full name, display name
  • Contact Data: Email address
  • Authentication Data: Encrypted passwords or OAuth tokens

2.2 Technical & Usage Data

  • IP address, browser type, device info
  • Usage logs such as clicks, navigation, session length
  • Anonymized telemetry for performance & capacity

2.3 User-Generated Content

We process:

  • Input Data: Prompts, uploaded images/audio/video
  • Output Data: Generated content

3. Purpose and Legal Basis for Processing

  • Performance of Contract: Deliver PandaVision Studio features
  • Legitimate Interests: Improve tools, security, fraud prevention
  • Consent: Optional analytics, marketing, cookies

4. AI Processing and Model Training

4.1 Inference Only

Your data is used strictly to generate your requested content.

4.2 No Model Training

We do NOT train AI models on your data.

4.3 Third-Party AI Providers

We use trusted AI partners such as Google Gemini, Veo, Wan, Topaz Labs, ElevenLabs, and Stable Audio. Data sent to them is:

  • Used only for inference
  • Covered by enterprise DPAs prohibiting model training

5. Data Security (ISO 27001 Alignment)

  • TLS 1.2+ and AES-256 encryption
  • RBAC and MFA for internal access
  • Hosted on ISO 27001 & SOC 2 certified GCP infrastructure
  • Formal incident response procedure in compliance with Australian NDB laws

6. Data Retention

  • Account data retained while active
  • User-generated content retained until deleted
  • Full purge within 30 days of account deletion

7. Third-Party Service Providers

We share minimal data with trusted vendors:

CategoryPurposeExamples
Cloud InfrastructureHosting, storage, computeGoogle Cloud Platform, Firebase
AI InferenceContent generationGoogle Gemini/Veo, ElevenLabs
AnalyticsService improvementGoogle Analytics (anonymized)

We do not sell or rent your personal data.

8. International Data Transfers

Our services may process data outside Australia (primarily the U.S.). We ensure compliance with the Australian Privacy Principles and international laws for all cross-border data handling.

9. Your Rights

  • Access and correct your personal data
  • Request deletion ("Right to be Forgotten")
  • Request data export
  • Withdraw consent at any time

10. Children’s Privacy

We do not knowingly collect data from children under 13. If such data is discovered, we promptly delete it.

11. Complaints

If you believe we mishandled your data, contact us directly. If unresolved, you may escalate to the Office of the Australian Information Commissioner (OAIC).

12. Contact Us

For questions or concerns, contact:

Casa Lunera (PandaVision)

Location: Victoria, Australia

Email: operations@casalunera.com