Cookie Policy
Effective Date: February 6, 2026 Last Updated: February 6, 2026
This document is a draft prepared for review by a qualified attorney. It is not legal advice and must be reviewed by a licensed lawyer in each applicable jurisdiction (EU, US, Russia) before publication.
1. Introduction
This Cookie Policy explains how VideoContentEditor ("VCE", "we", "us", "our"), a web-based video editing service available at vcecloud.com, uses cookies and similar technologies.
VCE is designed with a privacy-first approach. We minimize the use of cookies and client-side storage to only what is technically necessary for the Service to function. We do not use cookies for advertising, behavioral tracking, or analytics.
This policy should be read together with our Privacy Policy and Terms of Service.
Data Controller: Konstantin White Email: privacy@vcecloud.com
2. What Are Cookies and Similar Technologies
2.1 Cookies
Cookies are small text files placed on your device by websites through your browser. They can be classified by origin (first-party vs. third-party) and by duration (session cookies, deleted when you close your browser, vs. persistent cookies that remain for a set period).
2.2 Local Storage and Session Storage
Browsers also provide client-side storage mechanisms:
- localStorage -- data persists until explicitly deleted. Accessible only to the domain that stored it.
- sessionStorage -- data is cleared when the browser tab is closed. Scoped to a single tab.
Key difference from cookies: Unlike cookies, localStorage and sessionStorage data is never automatically sent to the server with HTTP requests. It cannot be used for server-side tracking and remains entirely on your device unless the application explicitly reads and transmits it.
2.3 Web Beacons and Tracking Pixels
VCE does not use web beacons, tracking pixels, or clear GIFs.
3. Cookies We Use
As of the effective date of this policy, VCE does not set any cookies through application code. Our backend API is stateless and uses token-based authentication via HTTP headers, not cookies.
3.1 Infrastructure Cookies
| Name | Provider | Purpose | Type | Duration | Category |
|---|---|---|---|---|---|
| None identified | -- | -- | -- | -- | -- |
Our reverse proxy does not set cookies in its current configuration. Our cloud storage backend is accessed via a server-side API, not through a CDN proxy, and does not set cookies.
Note: If we enable CDN proxy features in the future, our CDN provider may set functional cookies. We will update this policy before enabling such features.
3.2 Frontend Framework
Our frontend framework does not set any cookies in its current configuration. We do not use framework features that require cookies (such as internationalization or preview mode).
4. Client-Side Storage We Use
While we do not use cookies, we use browser storage APIs for essential functionality.
4.1 Session Storage (Cleared When Tab Closes)
| Key | Purpose | Data Stored | Category |
|---|---|---|---|
vce_auth_token | Authentication session | JWT access token, basic user profile, authentication state | Strictly Necessary |
The authentication token is stored in sessionStorage as a security measure: your session is scoped to a single tab, the token is cleared when the tab closes, and it is never sent to the server automatically -- it is attached to API requests explicitly via the Authorization HTTP header.
4.2 Local Storage (Persists Until Cleared)
| Key | Purpose | Data Stored | Category |
|---|---|---|---|
preview-volume | Video playback volume preference | A single number (0 to 1) | Functional |
timeline-storage | Editing session state | Timeline layout, track configuration, project settings | Functional |
We do not store passwords, email addresses, personal identifiers, uploaded media files, tracking identifiers, or advertising data in localStorage. The timeline store explicitly excludes sensitive project data from persistence.
5. Categories of Cookies and Storage
5.1 Strictly Necessary
Essential for the Service to function. The vce_auth_token in sessionStorage falls into this category. Without it, you cannot maintain a logged-in session.
Legal basis: Strictly necessary storage does not require consent under the ePrivacy Directive (Directive 2002/58/EC, Article 5(3)) and GDPR Recital 32.
5.2 Functional
Preferences that improve your experience without tracking activity across websites. The preview-volume and timeline-storage keys in localStorage fall into this category. These values never leave your device and contain no personal identifiers.
Legal basis: Under ePrivacy Directive Article 5(3), storage "strictly necessary" for a service requested by the user is exempt from consent requirements.
5.3 Analytics
Not currently used. We do not use Google Analytics, Hotjar, Mixpanel, Amplitude, or any similar service. If introduced, we will update this policy and implement a consent mechanism first.
5.4 Marketing and Advertising
Not used. We do not display advertisements and do not use Facebook Pixel, Google Ads, or any advertising technology.
6. Third-Party Cookies
VCE does not use any third-party cookies. No third-party services set cookies through our website. No advertising networks, social media platforms, or third-party analytics services can track you through our Service.
If we integrate third-party services requiring cookies in the future, we will:
- Update this policy before deployment.
- Implement a cookie consent banner with granular, per-category control.
- Obtain consent through opt-in (not pre-checked boxes) before setting non-essential cookies.
- Provide the ability to withdraw consent at any time.
- List all third-party cookies in Section 3 with name, provider, purpose, type, duration, and category.
7. How to Manage Cookies and Storage
7.1 Browser Cookie Settings
You can control cookies through your browser settings:
- Chrome: Settings > Privacy and security > Cookies and other site data -- support.google.com/chrome/answer/95647
- Firefox: Settings > Privacy & Security > Cookies and Site Data -- support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Safari: Preferences > Privacy > Manage Website Data -- support.apple.com/guide/safari/manage-cookies-sfri11471
- Edge: Settings > Cookies and site permissions -- support.microsoft.com/en-us/microsoft-edge/manage-cookies-in-microsoft-edge
7.2 Managing Local Storage and Session Storage
To clear VCE storage data: open Developer Tools (F12), navigate to Application > Storage, select the vcecloud.com entry under Local Storage or Session Storage, and clear the data. Alternatively, clear your browser's site data for vcecloud.com.
7.3 Consequences of Clearing Storage
- Session Storage: You will be logged out and need to log in again.
- Local Storage (preview-volume): Volume resets to default.
- Local Storage (timeline-storage): Unsaved editing session state is lost. Saved projects on the server are not affected.
Since VCE does not use cookies for essential functionality, blocking cookies in your browser will not prevent you from using the Service.
8. Cookie Consent
8.1 Current State
VCE uses only strictly necessary client-side storage. We do not display a cookie consent banner. This is consistent with:
- EU: ePrivacy Directive Article 5(3) exempts storage "strictly necessary" for a service explicitly requested by the user. GDPR Recital 32 confirms consent is not required. EDPB Guidelines 2/2023 further clarify this exemption.
- US (California): CCPA/CPRA does not require consent for essential service cookies. Since we do not sell personal information or use cross-context behavioral advertising, no opt-out is required (Cal. Civ. Code Section 1798.120).
- Russia: 152-FZ requires consent for personal data processing, but technical storage for a requested service falls within the contractual basis (Article 6, Part 1, Clause 5).
8.2 Future Consent Mechanism
If we introduce non-essential cookies, we will implement consent that:
- Displays a banner before activating non-essential cookies or tracking.
- Provides granular per-category controls (analytics, functional, marketing).
- Uses opt-in consent, per GDPR Article 7 and CJEU Case C-673/17 (Planet49).
- Allows withdrawal of consent as easily as it was given (GDPR Article 7(3)).
- Logs consent with timestamps.
- Respects Global Privacy Control (GPC) signals (CPRA, Cal. Civ. Code Section 1798.135(e)).
- Does not use "cookie walls."
9. Do Not Track and Global Privacy Control
- Do Not Track (DNT): Since we do not track users, DNT does not change our behavior.
- Global Privacy Control (GPC): We honor GPC signals. Since we do not sell personal information or engage in cross-context behavioral advertising, GPC does not alter our current behavior. We will respect it if practices change, as required by CPRA (Cal. Civ. Code Section 1798.135(e)).
10. Changes to This Policy
We may update this Cookie Policy to reflect changes in technology, law, or our Service. When we make changes:
- We will update the "Last Updated" date at the top of this page.
- For material changes, we will provide prominent notice at least 14 days before the changes take effect.
- If new cookies require consent, we will obtain it before deployment.
Previous versions will be archived and available upon request at privacy@vcecloud.com.
11. Contact Us
If you have questions about this Cookie Policy, contact us at privacy@vcecloud.com.
For broader privacy questions, see our Privacy Policy.
EU users may lodge a complaint with their local supervisory authority: edpb.europa.eu/about-edpb/about-edpb/members_en.
This Cookie Policy was drafted based on a technical audit of the VCE application conducted on February 6, 2026. The audit confirmed: no cookies set by application code, authentication tokens stored in browser session storage (not cookies), no third-party analytics or tracking scripts. This policy must be reviewed by a licensed attorney before publication.