California Privacy Notice (CCPA/CPRA)
Effective date: December 8, 2025
This California Privacy Notice supplements the Privacy Policy of Reactivid and applies solely to California residents in their capacity as consumers, in accordance with the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”). Reactivid is operated by Ellwood Bristol (“Ellwood Bristol”, “we”, “us”, “our”), based in Ontario, Canada.
Except as otherwise noted, the statements in this Notice describe our current practices for the preceding twelve (12) months and going forward. Capitalized terms not defined here have the meanings given in our Privacy Policy.
1) Scope & Exclusions
This Notice covers personal information of California residents collected by Ellwood Bristol (in connection with Reactivid) as a “business” under CCPA/CPRA, or as a “service provider” where applicable. It does not apply to:
- Publicly available information as defined by CCPA/CPRA.
- De-identified or aggregated information that cannot reasonably be linked to you or your household.
- Information exempt from CCPA/CPRA (for example, certain medical, credit, or employment records regulated by other laws).
2) Categories of Personal Information We Collect
The table below identifies the CCPA/CPRA categories of personal information we may collect in connection with Reactivid, typical sources, business purposes, whether we disclose for a business purpose, and whether we “sell” or “share” (for cross-context behavioral advertising) such information.
| CCPA Category | Examples | Sources | Business Purposes | Disclosed for Business Purpose | Sold or Shared* |
|---|---|---|---|---|---|
| (A) Identifiers | Name, email, account ID, IP address | You; your organization; automatic collection | Account creation, authentication, support, security, service delivery | Yes (hosting, security, support) | No |
| (B) Customer records | Billing contact details, organization info | You; your organization | Billing, account administration, support | Yes (billing/payment processors) | No |
| (C) Protected classification characteristics | Not collected by default | N/A | N/A | No | No |
| (D) Commercial information | Subscription tier, purchase history, feature usage in account context | You; automatic (receipts, logs) | Provide Services, analytics, support | Yes (billing/analytics) | No |
| (E) Biometric information | Not collected for identification or verification purposes (Reactivid may process audio/video assets, but not as biometric identifiers) | N/A | N/A | No | No |
| (F) Internet / network activity | Usage logs, device/browser data, interactions with scripting, voiceover, storyboard, and export features | Automatic | Security, diagnostics, improve Services | Yes (hosting/analytics) | No |
| (G) Geolocation data | Approximate location from IP; general region or time zone for diagnostics | Automatic | Security; regional settings; abuse prevention | Yes (hosting/security) | No |
| (H) Sensory data | Audio, video, or other media you upload or generate via Reactivid (for example, voiceover renders, preview clips) | You; your collaborators; your use of the product | Provide core Services (AI voiceover, video asset generation), troubleshooting at your request | Yes (storage/processing providers) | No |
| (I) Professional / employment | Role, team, or organization details if provided (for example, “editor”, “producer”) | You; your organization | Access control, collaboration, account context | Yes (hosting/support) | No |
| (J) Education information | Not collected unless you provide it in account context | You | Account context (if provided) | Possible (hosting only) | No |
| (K) Inferences | Aggregated usage trends (for example, which workflows are most used) and high-level product metrics | Analytics / telemetry | Improve Services and user experience | Yes (analytics in aggregate) | No |
| Sensitive PI (CPRA) | We do not seek to collect Sensitive PI (e.g., precise geolocation, government IDs) in connection with Reactivid | N/A | N/A | No | No |
3) Business & Commercial Purposes
We collect, use, and disclose personal information for the following business and commercial purposes:
- Provide, maintain, and improve the Services, including the Reactivid pipeline from scripting through voiceover, storyboard, and export.
- Secure the Services, prevent fraud or abuse, detect and debug incidents, and protect the integrity of content and infrastructure.
- Handle account administration, billing, and customer support (including troubleshooting issues you report).
- Analyze Service performance and usage patterns to design, test, and roll out new features.
- Comply with applicable law, enforce our terms, and protect the rights, property, and safety of users and the public.
4) Sources of Personal Information
- Directly from you (for example, account registration, project details, scripts, assets you upload, and support requests).
- Automatically (for example, device/browser data, usage logs, telemetry generated from your use of Reactivid).
- Your organization or collaborators if you are an authorized user on a team or shared account.
- Service providers or integrations you or your organization connect (for example, storage, identity, or workflow tools), consistent with your configuration.
5) Disclosures of Personal Information
We disclose personal information to service providers for business purposes under written contracts that require them to use the information only to perform services for us and to protect it. Typical categories of recipients include:
- Cloud hosting and storage providers;
- Analytics and telemetry providers;
- Customer support and ticketing tools;
- Payment processors and billing platforms;
- Security, logging, and monitoring providers;
- Professional advisors (e.g., legal, accounting) as needed.
We may also disclose personal information when required by law or legal process, when necessary to protect our rights, users, or the public, and in connection with corporate transactions (for example, a merger or acquisition), subject to appropriate safeguards.
7) Sensitive Personal Information (SPI)
We do not seek to collect Sensitive Personal Information (SPI) as defined by CPRA (for example, government IDs, precise geolocation, financial account credentials) in connection with Reactivid. If SPI is ever processed for limited, permissible purposes (for example, security or fraud prevention), we restrict its use and do not use it to infer characteristics about you.
California residents have the right to limit certain uses/disclosures of SPI. If we materially process SPI beyond permitted purposes, we will provide a self-service control to exercise this right.
8) Retention
We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, to meet legal and regulatory obligations, resolve disputes, and enforce agreements. Retention periods may vary by data type (for example, account vs. billing vs. telemetry vs. media assets).
When information is no longer needed for these purposes, we delete or de-identify it consistent with our internal policies and applicable law.
9) Your California Privacy Rights
Subject to certain exceptions, California residents have the right to:
- Know / Access: Request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, business/commercial purposes, and categories of recipients.
- Delete: Request deletion of personal information we collected from you, subject to lawful exceptions (for example, where retention is necessary to complete a transaction, detect security incidents, or comply with law).
- Correct: Request correction of inaccurate personal information that we maintain about you.
- Opt-Out of Sale/Share: If we sell or share personal information in the future, opt out of such sale or sharing.
- Limit Use of SPI: Where applicable, limit certain uses/disclosures of Sensitive Personal Information.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights (for example, by denying Services or charging different prices), except where a difference is reasonably related to the value provided by the data or permitted by law.
We will respond within the timeframes required by law. If we deny your request (for example, due to an applicable exception), we will explain the reason, subject to legal limitations. You may submit up to two “Right to Know” requests in a 12-month period.
10) How to Exercise Your Rights
You can submit requests by:
- Email: craig@ellwoodbristol.com
- In-product: any privacy or account settings we make available.
Verification: We must verify your identity (and authority, if acting as an authorized agent) before fulfilling certain requests. Verification steps may include matching account details, email verification, or other reasonably necessary steps based on the sensitivity of the information and the type of request.
Authorized agents: Authorized agents may submit requests on your behalf if they provide proof of authorization (for example, a signed permission) and, where required, we are able to verify your identity directly.
Opt-out of sale/share: As of the effective date, we do not sell or share personal information. If this changes, we will provide an online opt-out mechanism and honor GPC signals as an opt-out, where legally required.
11) Minors Under 16
We do not knowingly sell or share personal information of consumers under 16 years of age. If we become aware that such activity has occurred, we will cease and take appropriate steps consistent with applicable law. If you believe we have collected personal information from a minor in a way that is inconsistent with this Notice, please contact us.
12) Notice at Collection
At or before the point of collection, we inform you of the categories of personal information to be collected, the purposes for which it will be used, whether it is sold or shared, and the retention period or criteria. This Notice and our Privacy Policy together serve as our “notice at collection” for California residents.
13) Metrics & Recordkeeping
If we are required to publish metrics regarding CCPA/CPRA requests (for example, number received, complied with, denied, and median response times), we will make such metrics available in an appropriate form, which may include publication on this page or upon request.
14) Do Not Track & Global Privacy Control
If we engage in activities that qualify as “sale” or “sharing” of personal information, we will treat a valid Global Privacy Control (GPC) signal as an opt-out request for the browser that sends it, consistent with CPRA requirements. We will also configure applicable categories (for example, advertising) to respect such signals where legally required.
Traditional “Do Not Track” (DNT) signals are not yet consistently interpreted by industry. Where applicable law requires us to honor such signals, we will do so; otherwise, please use our in-product controls or your browser settings.
15) Contact Us
- craig@ellwoodbristol.com
- Mailing Address
-
Ellwood Bristol (Reactivid)
153 Bristol Place
Sault Ste. Marie, Ontario
Canada
16) Changes to This Notice
We may modify this California Privacy Notice from time to time to reflect changes in our practices, Services, or legal requirements. If changes are material, we will provide appropriate notice (for example, via in-product messaging or email where appropriate) and update the effective date at the top of this page.