Last updated: February 9, 2026
high5 ventures GmbH ("we", "us", "our") operates FilmFlow Pro. This privacy policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).
The data controller responsible for processing your personal data is high5 ventures GmbH, Speicherstr. 1, 60327 Frankfurt, Germany. You can reach us at contact@filmflow.pro.
When you create an account, we collect your email address, name, and a hashed version of your password. We also store your preferred language and theme settings.
Data you create within your projects, including scripts, storyboard images, shot coverage, schedules, budgets, locations, comments, and team memberships.
We log security-relevant events such as login attempts, password changes, and email verifications, including IP addresses and timestamps. These audit logs help us detect unauthorized access.
Certain interface preferences (e.g., playback speed, overlay toggles, sidebar state) are stored in your browser's localStorage. This data never leaves your device and is not personal data.
Processing your account data and project content is necessary to provide the FilmFlow Pro service you signed up for.
We process security and audit data to protect our service, prevent fraud, and ensure system integrity.
Optional AI-powered features (such as automatic scene title generation via Google Gemini) are only activated at your explicit request. You can use FilmFlow Pro without these features.
Cloud database and image storage (storyboard frames). Servers located in the EU.
AI scene analysis (scene title generation). Script text is sent to the Google Gemini API only when you explicitly trigger this feature.
Application hosting and edge network. Requests may be processed at the nearest edge location.
Transactional emails (verification, password reset, call sheet delivery, team invitations).
We use a single essential session cookie (NextAuth, HTTP-only, secure) to keep you logged in. We do not use tracking cookies, advertising cookies, or analytics. Browser localStorage is used only for non-personal UI preferences.
Account data is retained as long as your account is active. Audit and security logs are retained for 90 days. If you delete your account, all personal data is purged within 30 days. Project data shared with team members may be retained in the project context until the project owner deletes it.
Under the GDPR, you have the following rights regarding your personal data:
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence or our registered office (Hessen, Germany).
We protect your data with encryption in transit (HTTPS/TLS), bcrypt password hashing, short-lived JWT authentication tokens, rate limiting on sensitive endpoints, and security headers (CSP, X-Frame-Options, Referrer-Policy). We regularly review and update our security measures.
Our primary infrastructure is hosted in the EU. Some processors (Vercel, Google) may process data outside the EU. These transfers are covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
FilmFlow Pro is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
We may update this privacy policy from time to time. Material changes will be communicated via email or an in-app notification. The "last updated" date at the top reflects the most recent revision.
If you have questions about this privacy policy or wish to exercise your rights, please contact us at: