Loading platform
Preparing the clip catalog and your data

Privacy Policy

Privacy Policy of CMEX.AI

Effective Date: June 6, 2026 Last Updated: June 18, 2026

1. About this Policy

1.1. This Privacy Policy (the "Policy") describes what personal data we collect, how we use it, with whom we share it, and what rights you have in relation to your data.

1.2. The CMEX.AI Platform is a software product developed and technically maintained by LLP AIT Factory (Republic of Kazakhstan) under contract with FunnyMoney Media Inc. LLP AIT Factory may act as a Data Processor solely to the extent necessary for the development, technical support, maintenance, and operational integrity of the Platform.

1.3. This Policy applies to all users of the cmex.ai website and related services (the "Platform").

1.4. By using the Platform, you agree to this Policy. If you do not agree with any of its provisions, please do not use the Platform.

2. What Data We Collect

2.1. Data You Provide Directly

When registering an account:

  • email address;
  • username or display name;
  • password (stored in encrypted form, accessible only to you).

When setting up a creator profile (optional):

  • avatar photograph;
  • short description (biography);
  • social media links.

When interacting with support:

  • the content of your messages;
  • any attachments you provide.

When purchasing credits:

  • payment data is processed exclusively by our payment providers (see Section 5). The Company does not store bank card data.

2.2. Biometric Data

The Platform processes photographs of your face uploaded for the face-swap function. This is a special category of personal data that we treat with enhanced protection. See Section 4 for details.

2.3. Data Collected Automatically

When using the Platform, the following data is collected automatically:

  • IP address and approximate geolocation (country, region);
  • device type, operating system, browser type and version;
  • session identifier;
  • data about your activity on the Platform (pages viewed, features used, session duration);
  • technical logs for diagnostics and security.

2.4. Cookies and Similar Technologies

We use cookies and similar technologies. See our Cookies Policy for details.

3. Legal Bases for Processing

In accordance with GDPR and similar applicable laws, we process data on the following legal bases:

  • Performance of a contract — to provide Platform services, register your account, process payments, and perform face-swap functions.
  • Consent — for the processing of biometric data and for sending marketing communications (if you have opted in).
  • Legitimate interest — to ensure Platform security, prevent fraud, improve the service, and analyze usage.
  • Compliance with legal obligations — to fulfill obligations imposed by applicable law and decisions of authorized bodies.

4. Biometric Data — A Dedicated Section

4.1. Facial photographs you upload qualify as biometric data within the meaning of the GDPR and similar laws. We treat them as a highly sensitive category of data.

4.2. Purposes of processing. Biometric data is used exclusively for:

  • performing the face-swap function on video templates you select;
  • storing your "saved faces" in your personal account for repeat use.

4.3. What we do not do with biometric data:

  • we do not use it to identify you outside the Platform;
  • we do not use it to train commercial face-identification models;
  • we do not transfer it to third parties for marketing, advertising, or other purposes unrelated to the service;
  • we do not combine it with public face databases.

4.4. Consent. By uploading a photograph of your face, you provide explicit informed consent to the processing of biometric data for the purposes stated above.

4.5. Retention. Biometric data is retained for the duration of your account's existence. See the "Data Storage" page for retention details.

4.6. Deletion. You may delete individual uploaded images at any time through your account or delete your account in full — when your account is deleted, all biometric data is irreversibly removed within 30 calendar days.

5. With Whom We Share Data

5.1. We do not sell your data to third parties.

5.2. Cloud Infrastructure and Storage. The servers and storage used to operate the Platform (including the processing and storage of biometric data) are located in a data center in France (European Union). Technical access to the data for development, support, and maintenance purposes is carried out by LLP AIT Factory (Republic of Kazakhstan), solely on the Company's instructions and to the extent necessary for the operation of the Platform.:

5.2.1 Technical contractor.

For software development, technical support, maintenance, error correction, security, and operation of the Platform, certain data may be processed by LLP AIT Factory (Republic of Kazakhstan), the developer and technical contractor of the CMEX.AI Platform.

LLP AIT Factory processes data exclusively on behalf of FunnyMoney Media Inc. and is required to comply with confidentiality, data security, and use-limitation requirements established by applicable law and by internal agreements between the parties.

Payment providers. For payment processing we use Stripe, Inc. (USA) and Payoneer, Inc. (USA). Payment data is transmitted to them directly and processed in accordance with their policies:

  • Stripe: https://stripe.com/privacy
  • Payoneer: https://www.payoneer.com/legal/privacy-policy

Cloud infrastructure and storage. The servers and storage used to operate the Platform (including processing and storage of biometric data) are located in infrastructure facilities in Europe. Data does not leave the infrastructure of our trusted contractors.

Technical support, development, and maintenance of the Platform may be performed by employees and contractors of LLP AIT Factory (Kazakhstan) acting on behalf of FunnyMoney Media Inc. and having access to data solely to the extent necessary to perform their duties and in accordance with confidentiality obligations.

Email delivery services. To send notifications and confirmations, we use third-party SMTP services. Only your email address and the content of the notifications are transmitted.

Analytics. We may use anonymized analytics services (for example, to measure site traffic). Biometric data is never transmitted to analytics in any form.

Law enforcement authorities. We may share data in response to a valid official request from law enforcement authorities, in accordance with applicable law.

Legal successors. In the event of a merger, acquisition, or sale of the Company, your data may be transferred to a successor in accordance with applicable law.

6. International Data Transfers

6.1. The Company is registered in the United States. Platform data is stored in a data center located in France (EU). Some of our contractors and data recipients (payment providers, technical contractor) are located in the United States, the Republic of Kazakhstan, and other jurisdictions outside the European Economic Area (EEA).

6.2. When transferring data outside the EEA, including to the technical contractor in the Republic of Kazakhstan, we apply the safeguards required by applicable law, including Standard Contractual Clauses (SCCs) and the contractors' confidentiality and data security obligations.

7. Data Retention Periods

7.1. Account data (email, username, profile) is retained for the entire existence of the account and deleted within 30 days after account deletion.

7.2. Biometric data — see Section 4 and the "Data Storage" page.

7.2bis. Generated videos are retained for 30 calendar days from the date of creation or the date of last view via the short link — whichever is later. Upon expiration of this period without views, the video is automatically deleted along with associated files.

7.3. Payment history and invoices are retained for the periods required by US tax and financial law (generally, no less than 7 years from the date of transaction).

7.4. Technical logs are retained for up to 90 days, then automatically deleted or anonymized.

7.5. Support inquiries are retained for 24 months from the date the inquiry is closed.

7.6. Marketing consents and preferences — until consent is withdrawn.

8. Your Rights

Regardless of your jurisdiction, we provide the following rights (scope may vary depending on applicable law):

Right of access. You may request a copy of the personal data we hold about you.

Right to rectification. If your data is inaccurate, you may correct it through your account or by submitting a support request.

Right to erasure ("right to be forgotten"). You may delete your account in full; all related data, except data we are legally required to retain (payment history, tax documents), is irreversibly deleted within 30 days.

Right to restriction of processing. You may request that we restrict the processing of your data in certain circumstances.

Right to data portability. You may request a copy of your data in a machine-readable format.

Right to object. You may object to the processing of your data based on legitimate interest.

Right to withdraw consent. Any consent you have given (including consent to the processing of biometric data) may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing prior to the withdrawal.

Right to lodge a complaint. You have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction.

How to exercise your rights. Send a request to info@cmex.ai with the subject line "Data Protection Request." We will respond within 30 calendar days.

9. Data Security

9.1. We apply technical and organizational data protection measures:

  • encryption of data in transit (HTTPS/TLS);
  • encryption of sensitive data at rest;
  • staff access control on the principle of least privilege;
  • regular backups;
  • security monitoring and incident response.

9.2. Despite the measures we take, no service can guarantee absolute security. In the event of an incident that threatens your rights and freedoms, we will notify you and the competent authorities within the time frames required by applicable law.

10. Children

10.1. The Platform is intended exclusively for individuals aged 18 years or older. We do not knowingly collect data about persons under 18.

10.2. If you are a parent or legal guardian and discover that your child has registered on the Platform, please contact us at info@cmex.ai. We will immediately delete the account and all associated data.

11. Changes to this Policy

11.1. We may update this Policy as the Platform evolves or as legislation changes. The date of the last update is shown at the top of the document.

11.2. We will notify you of material changes by email or by a prominent notice on the Platform. Continued use of the Platform after the changes take effect constitutes your acceptance of the new version.

12. Contact

12.1. For any questions regarding this Policy and the processing of your data, as well as to exercise your rights:

FunnyMoney Media Inc.
8 The Green, Suite A
Dover, Delaware 19901
United States

Email: info@cmex.ai

12.2. EU Representative. For data subject requests from the European Economic Area, you may contact us at the email address above. Upon appointment of an official EU representative under Article 27 GDPR, their contact details will be published in this Section.