Privacy Policy

Last updated: May 21, 2026

UGCVideoApp ("we", "us") is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and the choices you have.

1. Data we collect

• Account data: email address, hashed password, IP address at sign-up.
• Workspace data: workspace name, slug, Stripe customer id (linkage only — payment details are processed by Stripe).
• Content data: video briefs you submit, the generated scripts + transcripts, rendered MP4 outputs.
• Usage data: aggregated funnel events (signup, video creation, render outcomes) sent to our analytics provider for product improvement.

2. How we use your data

• To provide the Service: generate videos, deliver downloads, charge for usage.
• To prevent abuse: rate-limit signups, content-moderate briefs, detect malicious activity.
• To improve the product: aggregated analytics + error tracking.
• To meet legal obligations: tax records, audit trails, court-ordered disclosure.

3. Legal basis (GDPR)

We process your data under:

• Contract (Art. 6(1)(b)) — providing the Service you signed up for.
• Legitimate interests (Art. 6(1)(f)) — preventing abuse, improving the Service.
• Legal obligation (Art. 6(1)(c)) — financial records, lawful disclosure.

4. Who we share data with

See our complete sub-processor list. We do not sell your data + we do not share it for third-party advertising.

5. International transfers

Your data may be processed in the United States. Transfers from the EEA / UK / Switzerland are governed by Standard Contractual Clauses (2021/914/EU) or the EU-US Data Privacy Framework where applicable.

6. Your rights

• Access + portability: request a copy of your data via support.
• Deletion (Right to be Forgotten, Art. 17): use /account/delete in your settings. We start a 30-day grace window (you can cancel) + then cascade-delete your account, videos, and S3 data. We retain certain billing records for up to 7 years for tax-law compliance.
• Rectification: edit your account data in settings.
• Objection / restriction: deactivate your account via settings.
• Complaint: file with your local Data Protection Authority if you believe we have mishandled your data.

7. Retention

• Account + content: until you delete the account (or 7 years for billing records).
• Logs + analytics: 1 year aggregated, no PII.
• Backups: 30 days rolling.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest. We use short-lived signed cookies for video downloads, multi-factor authentication on admin access, and run continuous vulnerability scanning. Full security posture documented internally + audited as part of our SOC 2 readiness.

9. Children

UGCVideoApp is not intended for users under 16. We don't knowingly collect data from children. If you believe we have, contact us at privacy@example.com.

10. Changes

Material changes will be notified via email + posted here at least 30 days before taking effect.

11. Contact

Questions about your data: privacy@example.com.

NOTE: This template is provided for engineering reference; have an attorney adapt before public launch.