Privacy Policy — Contendeo

01.Who we are

Contendeo.app ("Contendeo", "we", "us") is an AI video comprehension service delivered as a remote MCP (Model Context Protocol) connector for Claude. The service is operated by Kartikya Dhiman as a sole proprietor based in India. You can reach us at official@contendeo.app.

This policy describes what personal data we collect when you use Contendeo, how we use it, and what rights you have over it.

02.What we collect

We keep data collection to the minimum needed to operate the service.

Email address — captured when you sign in with Google OAuth (handled through Supabase Auth). We do not store your Google password and never see it.
Video URLs you submit for processing, along with the tool used and timestamp of the request.
Usage and credit history — a ledger of credits granted, consumed, refunded, and purchased. This is retained for billing disputes and fraud prevention.
Payment metadata — Razorpay order IDs, payment IDs, and invoice references. We never see or store your full card number, UPI PIN, or bank credentials — those stay with Razorpay.

03.What we don't collect

Passwords. Authentication is OAuth-only via Google. We have no password database.
Video content. Videos are downloaded to an ephemeral working directory, processed, and deleted immediately after analysis completes (or fails). The raw video file never persists beyond a single request.
Analytics / tracking cookies. We don't run Google Analytics, Facebook Pixel, or any third-party tracker on this site.
Your Claude conversations. Contendeo only sees the specific tool-call payloads Claude sends us (the video URL and parameters you asked it to process). We cannot see the rest of your Claude conversation.

04.Third-party services we use

Processing a video involves sending certain data to the following processors. Each one is covered by its own privacy policy — we only share what's necessary for the function listed.

Supabase

Authentication (Google OAuth) and PostgreSQL database hosting user accounts, credits, and job history.

Groq

Audio transcription via the Whisper large-v3 API. Receives the extracted audio track of a video during processing.

Anthropic

Visual analysis via the Claude Sonnet Vision API. Receives individual keyframes extracted from the video.

Razorpay

Payment processing for subscriptions and PAYG credit purchases. Handles card, UPI, and net-banking details directly — we never see them.

Apify

Instagram video fetching via the instagram-reel-scraper actor. Receives only the Instagram URL you submit.

Webshare

Proxy infrastructure used by the video downloader to reach certain platforms. Receives proxied HTTP requests to the source video host.

Redis

In-memory cache for analysis results, keyed by a hash of the normalized URL. Self-hosted alongside the server.

Hostinger

VPS infrastructure in Europe hosting the MCP server, Redis cache, and processing workers.

We do not sell, rent, or share your personal data with advertisers, data brokers, or any third party outside the processors listed above.

05.Data retention

Analysis results are cached for 7 days, keyed by a SHA-256 hash of the normalized video URL. Repeat requests for the same URL within that window are served from cache — this is how we keep cache hits free for users.
Video files and keyframes live in a temporary working directory only for the duration of a single request. They are deleted as soon as processing finishes, whether it succeeds or fails.
Account data (email, credit balance, plan) is retained until you request deletion.
Credit transaction history (the ledger of grants, usage, and refunds) is retained for the duration of your account and for a reasonable period after deletion to resolve billing disputes and satisfy tax / accounting obligations.
Job history (which video URLs you submitted, which tool, outcome) is retained alongside the credit ledger so you can audit what you were charged for.

06.Cookies

Contendeo uses only the cookies strictly necessary to operate the service:

OAuth session tokens issued by Supabase Auth during the sign-in flow.
CSRF / state tokens during the OAuth authorization code exchange.

No advertising cookies. No analytics cookies. No cross-site tracking. We do not share cookie data with third parties.

07.Data location

Application servers and cache: VPS hosted in Europe (Hostinger).
Database: Supabase (AWS-backed). The region is selected at project creation and listed in your Supabase dashboard.
Third-party processors (Groq, Anthropic, Razorpay, Apify, Webshare) operate their own global infrastructure — see each provider's privacy policy for specifics.
Video processing happens in memory and on the ephemeral filesystem of the application server; nothing about the video content persists after the request completes.

08.Your rights

Regardless of where you are located, you can:

Access — email us and we'll send you a copy of the account data we hold about you.
Delete — email official@contendeo.app from the address associated with your account to have your account, email, credit balance, and job history deleted. Credit transaction ledger entries may be retained in anonymized form where required for tax or accounting purposes.
Correct — if something in your account data is wrong, email us to fix it.
Disconnect — you can disconnect the Contendeo connector at any time from Claude's connector settings. That stops any further data flow but does not itself delete your Contendeo account — email us if you want the account removed too.
Withdraw consent — for any processing based on consent, you can withdraw it at any time by contacting us or deleting your account.

Quickest way to delete everything: email official@contendeo.app from your account email with the subject line "Delete my account" — we'll action it within 30 days and confirm when done.

09.GDPR and international users

For users in the European Economic Area, the United Kingdom, or other jurisdictions with similar data-protection regimes:

We process the minimum personal data required to operate the service.
Our legal bases for processing are contract (delivering the service you signed up for), legitimate interest (fraud prevention, securing the service), and consent (where applicable).
We do not sell personal data or share it with advertisers.
You have the rights listed in the previous section, including the right to lodge a complaint with your local data-protection authority.
Data transfers to processors outside your region are covered by the processor's own compliance framework (Standard Contractual Clauses where applicable).

10.Security

We use TLS for all data in transit. Database access is restricted to the application server via Supabase's managed auth and row-level security. Payment processing is delegated to Razorpay, which is PCI-DSS compliant. No system is perfectly secure, but we take reasonable steps to protect account data and will notify affected users promptly in the event of a breach involving personal data.

11.Children

Contendeo is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a minor has created an account, contact us and we will delete it.

12.Changes to this policy

We may update this policy from time to time. When we do, we'll change the effective date at the top of this page. For material changes that affect how we handle personal data, we'll make a reasonable effort to surface the change in-product. For minor clarifications or edits, we don't send email notifications — check the effective date if you want to know when the current version took effect.

13.Contact

Questions, requests, or complaints about this policy or how we handle your data:

Email: official@contendeo.app
Operator: Kartikya Dhiman (sole proprietor)
Jurisdiction: Republic of India