invideo AIangle bottominvideo Studioangle bottomHelpangle bottomCommunityPricing

Cookie Policy

Last updated July 8, 2026

This Cookie Policy explains how Invideo uses cookies, software development kits (“SDKs”), pixel tags, local storage, device fingerprinting and similar technologies (together, “Tracking Technologies”) when you access or use the Services. Capitalised terms used but not defined in this Cookie Policy have the same meanings as in our Terms of Service.

This Cookie Policy supplements our Privacy Policy and should be read alongside it. Where both documents address the same subject and there is any conflict, the Privacy Policy prevails.

Where required by applicable law, we will seek your consent before placing or accessing non-essential Tracking Technologies on your device. You can manage your preferences at any time using the methods described in Section 10 below.

1. Legal Framework

Two frameworks govern our use of Tracking Technologies and we comply with both:

i. The ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC) and equivalent local laws, including the UK Privacy and Electronic Communications Regulations (PECR), govern the placing or accessing of information on your device. We need your consent for non-essential storage, with limited exceptions for strictly necessary cookies.

ii. The GDPR, UK GDPR, India’s Digital Personal Data Protection Act 2023, the California CCPA/CPRA, and other applicable data protection laws govern the use of any personal data we collect through Tracking Technologies. The legal bases for that processing are set out in our Privacy Policy, Section 4.

2. Tracking Technologies

Tracking Technologies are tools that collect or store information about your device and how you interact with our Services. We use several types:

i. Cookies. Small text files placed on your device when you visit a website. They allow the website to recognise your device and remember information about your visit. Cookies set directly by us on our own domains are called first-party cookies. Cookies set by other companies whose content is loaded on our pages, such as analytics or advertising partners, are called third-party cookies. Cookies may be session cookies, which are deleted when you close your browser, or persistent cookies, which remain on your device until they expire or you delete them.

ii. Local storage and session storage. Browser-based mechanisms that perform similar functions to cookies, storing preferences, session data and other identifiers, but hold data within the browser itself rather than as separate files. They are subject to the same consent requirements as cookies under applicable law.

iii. Pixel tags, web beacons and tracking pixels. Small images or pieces of code embedded in web pages or emails. They allow us and our partners to detect when a page has been loaded or an email has been opened, and to associate that activity with other identifiers. We use pixel tags to understand how users interact with our content and to measure the effectiveness of our marketing communications.

iv. Software Development Kits (SDKs). Libraries of code incorporated into our mobile applications. They perform functions equivalent to cookies in a browser context, collecting device identifiers, usage analytics and crash reports. Third-party SDKs operate under their own terms and are subject to the tier-based consent framework described in Section 4.

v. Device fingerprinting. A technique that identifies a device based on combinations of attributes, such as browser version, screen resolution, installed fonts and hardware characteristics, without storing any identifier on the device itself. We use device fingerprinting only for fraud prevention and security purposes, under the strictly-necessary exemption of ePrivacy Directive Article 5(3) and our legitimate interests under GDPR Article 6(1)(f). We do not use device fingerprinting for analytics or advertising.

3. How We Use Tracking Technologies

We use Tracking Technologies for the following purposes:

i. Authentication and session management: to verify your identity when you log in and to keep you signed in as you navigate the Services.

ii. Security: to help detect and prevent fraud, unauthorised access, bots and other malicious activity.

iii. Preferences and functionality: to remember your settings and preferences, such as language, region and display options, so that you do not have to re-enter them on each visit.

iv. Performance and analytics: to understand how users interact with the Services, including which features are used, how often and for how long, so that we can identify issues and improve the user experience.

v. Marketing and advertising: to help us and our advertising partners measure the effectiveness of campaigns, attribute conversions and, where you have given consent, show you relevant advertisements on other platforms.

4. Categories of Tracking Technologies

We categorise Tracking Technologies into three tiers based on their purpose and the consent obligations that apply.

a. Tier 1: Strictly Necessary (always active). These Tracking Technologies are required for the Services to function. They include:

i. Authentication and session management cookies.

ii. Security cookies, including CSRF protection and rate limiting.

iii. Bot management and challenge-clearance cookies set by our edge provider.

iv. Geographic detection cookies used to determine which consent banner to show.

v. Load-balancing and infrastructure cookies.

vi. Server-side event logging.

vii. Cookie-consent record cookies, so we can remember your choices.

Strictly Necessary Tracking Technologies do not require your consent under ePrivacy Directive Article 5(3) because they are essential to provide the Services you have requested. You cannot disable them through our consent banner. If you block them through your browser settings, you may not be able to log in or use core features.

b. Tier 2: Analytics and Performance (consent required in EEA, UK and Switzerland). These Tracking Technologies help us understand how the Services are used so that we can improve them. They include product analytics tools such as RudderStack and Amplitude, client-side event collection, performance monitoring, and customer engagement tools including Braze, which may operate as Tier 2 when used for lifecycle messaging and Tier 3 when used for marketing or advertising communications.

In the European Economic Area, the United Kingdom and Switzerland, Tier 2 Tracking Technologies are inactive by default on our websites and you must opt in via our consent banner before they are activated. In jurisdictions where prior opt-in consent is not legally required, Tier 2 Tracking Technologies may operate subject to applicable law; you may opt out at any time via our consent banner or account settings.

c. Tier 3: Marketing and Advertising (consent required on our websites). These Tracking Technologies allow us and our advertising partners to measure the effectiveness of advertising, attribute conversions and show you relevant advertisements on other platforms. They include:

i. Advertising conversion tracking and remarketing tags, including Google Ads, Meta Ads, TikTok Ads, Twitter/X Ads and Microsoft Advertising (formerly Microsoft Bing Ads).

ii. Advertising pixels, including the Meta Pixel.

iii. Advertising attribution identifiers, including gclid, fbclid, ttclid, msclkid and irclickid.

iv. Mobile advertising identifiers, including the IDFA on iOS and GAID on Android. See Section 7 for how these are managed.

v. Affiliate marketing tools, including Tapfiliate.

On our websites, Tier 3 Tracking Technologies are inactive by default and require your consent before activation in jurisdictions where opt-in consent is required, including the EEA, UK and Switzerland. In jurisdictions where prior opt-in consent is not legally required, Tier 3 Tracking Technologies may operate subject to applicable law; you may opt out via our consent banner or account settings.

d. Sensitive personal information. We do not use Tracking Technologies to infer or process sensitive personal information, including racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, health data, sex life or sexual orientation, for cross-contextual behavioural advertising. Where the Services process biometric data for product features such as Avatars and voice cloning, that processing is separately disclosed in our Privacy Policy, Section 2(c) and governed by our Acceptable Use Policy, Section 8(g).

5. Consent Management

a. Consent banner. When you first visit our websites, we display a consent banner that gives you the option to accept all Tracking Technologies, reject all non-essential Tracking Technologies, or customise your preferences by tier. No non-essential Tracking Technology is activated before you make a selection. We do not use pre-ticked boxes. We will re-prompt you for consent at least every 12 months and whenever you clear your cookies.

b. Regional defaults.

Region Default State How to Change
European Economic Area, United Kingdom and Switzerland Non-essential Tracking Technologies are off by default; you must affirmatively opt in via the consent banner. Consent banner or account settings
California (marketing pages and landing pages) Non-essential Tracking Technologies may be active; you may opt out via the consent banner. Consent banner or account settings
All other regions Non-essential Tracking Technologies may be active subject to applicable local law; you may opt out via the consent banner. Consent banner or account settings

If your jurisdiction provides additional consumer rights, for example a Do Not Sell or Share My Personal Information right under the CCPA/CPRA, you may exercise them via our consent banner, your account settings, or by contacting us at privacy@invideo.io. See our Privacy Policy, Section 15(b) for the California-specific disclosure block.

c. Google Consent Mode v2. Where you have not granted consent for advertising or analytics Tracking Technologies provided by Google, we operate Google Consent Mode v2 in Basic mode. In practice, this means that Google’s advertising and analytics destinations receive consent signals indicating that adUserData and adPersonalization are denied, or events are dropped entirely before reaching Google. Cookieless aggregate measurement signals may still be sent to support reporting and conversion modelling. We do not use Advanced Consent Mode without your explicit consent.

d. Withdrawing consent. You may withdraw or change your consent at any time by accessing the cookie preferences panel in the banner or in your account settings. Withdrawal of consent does not affect the lawfulness of any processing that took place before you withdrew.

6. Mobile Applications

Our mobile applications use a different consent model from our websites. They rely on operating-system controls and product-level Tracking Technology gating rather than an in-app consent banner.

a. iOS - App Tracking Transparency (ATT). Our iOS application uses Apple’s App Tracking Transparency framework. The framework presents a system prompt asking whether you allow us to track your activity across other companies’ apps and websites. If you select Ask App Not to Track, we do not access the Identifier for Advertisers (IDFA) for advertising attribution. You can change this preference at any time in iOS Settings, Privacy and Security, Tracking.

b. Android - Google Advertising ID (GAID). On Android, your operating system provides controls over advertising tracking. You can reset your Google Advertising ID or opt out of personalised advertising at any time via Android Settings, Privacy, Ads. We are working to bring our Android advertising-attribution behaviour into alignment with these settings. For the current status, please contact us at support@invideo.io.

c. Mobile Analytics and Engagement SDKs. Our mobile applications use analytics, attribution and engagement SDKs to deliver core product features including crash reporting, lifecycle messaging and attribution. A current list of the SDKs we use is set out in the inventory in Section 7 below and is also available via our sub-processor list at https://trust.invideo.io/subprocessors.

7. Tracking Technology Inventory

The tables below set out the principal Tracking Technologies we use as at the date of this Cookie Policy. We update this inventory as we add or remove tools; for the most current state, see the consent banner preference centre.

a. First-Party Cookies (set by Invideo).

Cookie / SDK Lifetime Tier Purpose Domain / Platform
cookie_consent 365 days Tier 1 Records your consent banner choice invideo.io
consent_session_id Session Tier 1 Associates your consent record with your account prior to authentication invideo.io
auth_token Persistent Tier 1 Authentication session management invideo.io
feApp Session Tier 1 Frontend version flag invideo.io
query_params Persistent Tier 3 Captures advertising click identifiers for attribution invideo.io (marketing surfaces)

b. Edge-Provider Cookies (set by Cloudflare).

Cookie / SDK Lifetime Tier Purpose Domain / Platform
__cf_geo, __cf_geo_region Session Tier 1 Geographic detection for region-based consent banner gating invideo.io
__cf_bm 30 minutes Tier 1 Bot management invideo.io
cf_clearance 1 year Tier 1 Challenge clearance for security verification invideo.io

c. Third-Party Cookies and SDKs (Web).

Cookie / SDK Lifetime Tier Purpose Domain / Platform
RudderStack Session / Persistent Tier 2 Product analytics; data pipeline Activated after analytics consent
Amplitude Persistent Tier 2 Product analytics Activated after analytics consent
Braze (web) Persistent Tier 2 / Tier 3 Lifecycle messaging Activated after analytics consent
Intercom Persistent Tier 1 Customer support chat Always active (support feature)
Google Tag Manager (GTM-NMPGJS6) Persistent Tier 3 Tag deployment for Google Ads and GA4 Activated after marketing consent
Meta Pixel Persistent Tier 3 Advertising conversion tracking Activated after marketing consent
Tapfiliate Persistent Tier 3 Affiliate attribution Activated after marketing consent
Cloudflare Turnstile Session Tier 1 CAPTCHA / bot challenge on authentication forms invideo.io

d. Mobile SDKs.

Cookie / SDK Lifetime Tier Purpose Domain / Platform
Firebase Core, Crashlytics, Messaging, Remote Config Persistent Tier 1 App bootstrap, crash reporting, push notifications, remote configuration iOS and Android
Firebase Analytics Persistent Tier 2 App-instance ID, screen views, in-app events iOS and Android
Google Sign-In Persistent Tier 1 Google OAuth authentication iOS and Android
Sign in with Apple Persistent Tier 1 Apple Sign-In authentication iOS
RevenueCat Persistent Tier 1 Subscription state management iOS and Android
Braze (mobile) Persistent Tier 3 Lifecycle messaging and push notifications iOS and Android
Branch Persistent Tier 3 Attribution; IDFA-gated by ATT on iOS iOS and Android
Meta (Facebook App Events/ FBSDK) Persistent Tier 3 Advertising events; IDFA-gated by ATT on iOS iOS and Android
RudderStack (Flutter SDK) Persistent Tier 2 Anonymous and user-identified product analytics events iOS and Android
Shorebird Persistent Tier 1 App update mechanism iOS and Android

e. Server-side advertising and analytics destinations. When you give marketing consent on our websites, conversion events and engagement signals may be sent to advertising platforms including Google Ads, Meta Ads, TikTok Ads, Twitter/X Ads and Microsoft Bing Ads, via our server-side data plane. These platforms may act as independent controllers, joint controllers or processors (depending on the relevant integration and applicable law) in relation to the data they receive. See our Privacy Policy, Section 5 for further information.

Material additions to our Tracking Technology stack, such as a new advertising partner with a different processing purpose or a new analytics tool that processes personal data, are reflected in the consent banner preference centre within five business days of going live and in this Cookie Policy at our next scheduled update. Where a new Tracking Technology requires additional consent, we re-prompt for consent rather than carry forward an earlier consent.

8. Browser-Level Privacy Signals

We do not currently respond to Do Not Track (DNT) HTTP headers. The W3C abandoned DNT standardisation in 2019 and the signal has since been deprecated by major browsers. Except where required by applicable law, we do not currently respond to Global Privacy Control (GPC) or similar browser-level privacy signals, but may support such signals in the future. To opt out of cross-contextual behavioural advertising, please use our consent banner, your account settings, or contact us at privacy@invideo.io.

9. Managing Your Preferences

a. Consent banner. You can update your cookie preferences at any time by clicking Cookie Preferences in the footer of our website or accessing the preference centre in your account settings. Changes take effect immediately. Strictly Necessary Tracking Technologies cannot be disabled because they are required for the Services to function.

b. Browser settings. All major browsers allow you to view, manage and delete cookies. Browser-level controls operate independently of our consent banner; for example, blocking third-party cookies in your browser will prevent Tier 3 Tracking Technologies from operating regardless of any consent you have given on our banner. Note that blocking Strictly Necessary cookies may prevent you from logging in or using core features. For guidance on managing cookies in the most common browsers, please see:

i. Google Chrome: https://support.google.com/chrome/answer/95647

ii. Mozilla Firefox: https://support.mozilla.org/kb/cookies-information-websites-store-on-your-computer

iii. Safari (desktop): https://support.apple.com/guide/safari/sfri11471

iv. Microsoft Edge: https://support.microsoft.com/help/17442

v. Opera: https://help.opera.com/en/latest/web-preferences

c. Mobile device settings. On iOS, manage tracking preferences via Settings, Privacy and Security, Tracking. On Android, manage advertising preferences via Settings, Privacy, Ads. Resetting your advertising identifier on either platform removes the link between your device and prior advertising activity.

d. Account-level preferences. Your consent choices are recorded against your Invideo account when you are signed in. Preferences are currently stored on the device where they are set. We are working to extend cross-device application of these preferences. To request a server-side update of your preferences across devices in the meantime, please contact us at support@invideo.io.

e. Opting out of interest-based advertising. You may also opt out of interest-based advertising from participating companies through industry opt-out tools.

10. Children

We do not direct our Tracking Technologies at children. The minimum age thresholds set out in our Privacy Policy, Section 11 apply equally to Tracking Technologies: at least 16 years old in the European Economic Area, the United Kingdom and Switzerland; at least 13 elsewhere. If you believe we have collected personal data from a child through Tracking Technologies, please contact us at safety@invideo.io.

11. Consent Records and Retention

We retain records of your consent choices, including the categories you accepted or declined, the timestamp and the version of this Cookie Policy you accepted, for 12 months from the date of consent, in line with EDPB Guidelines 5/2020 on consent. After 12 months we will re-prompt you for consent. Consent records may be retained for longer periods where required to demonstrate compliance with applicable law, for example in response to a regulator’s request.

12. Changes to This Cookie Policy

We may update this Cookie Policy from time to time, for example to reflect changes in our Tracking Technology inventory or in applicable law.

i. Non-material updates, such as changes to the inventory within an already-consented tier, formatting changes or clarifications, take effect on publication. We will update the Last updated date above.

ii. Material updates, such as the introduction of a new category of Tracking Technology, the addition of an advertising partner with a different processing purpose, or a change to default consent behaviour, require fresh consent before the new Tracking Technology is activated. Where a material change has a substantive impact on your privacy, we will give you at least 30 days advance notice via in-product notification or email before it takes effect.

13. Contact

For questions about this Cookie Policy or to exercise your privacy rights, contact us at privacy@invideo.io. For broader privacy questions or to exercise your data subject rights, see our Privacy Policy, Section 9 (Your Rights and Choices); contact details are in Section 14.

i. Postal address (India): Whitesheep Technology Private Limited, 08A101, WeWork, Raheja Platinum, Off Andheri Kurla Road, Sag Baug, Marol Naka, Mumbai, Mumbai Suburban, Maharashtra – 400059, India.

ii. Postal address (Singapore): Invideo Innovation Pte. Ltd., 3 Church Street #15 - 02 Samsung Hub Singapore 049483

iii. Postal address (United States): Invideo Inc., 4512 Legacy Dr, Plano, TX 75024, USA

Loading...