// LEGAL

Privacy Policy

This policy explains what data we collect, how we use it, and the choices you have. This is a placeholder draft — final policy will be reviewed by legal counsel before general availability.

Last updated: 2026-04-16

What we collect

  • Account data: email, hashed password, workspace name, billing details.
  • Source content: RSS feeds, social posts, transcripts, uploaded media — whatever you configure as an input.
  • Generated content: the text, images, and video scripts the AI produces on your behalf.
  • Usage telemetry: which features you touch, how many posts you generate, error logs, latency metrics.
  • Platform tokens: OAuth tokens for the social platforms you connect (stored encrypted).

How we use it

  • To operate the Service: transform source content into output, publish to connected platforms, track credits.
  • To improve the product: aggregate usage patterns, identify bugs, prioritize features.
  • To communicate: service updates, security alerts, billing notifications. Marketing emails are opt-in.
  • To bill you: process payments through our payment processor.

What we don't do

  • We do not sell your personal data.
  • We do not use your workspace content to train third-party AI models unless you explicitly opt in.
  • We do not share your data with advertisers.

Third-party processors

We rely on third-party services to deliver the Service. Each handles a specific slice of your data under a data-processing agreement:

  • Supabase — authentication, database, file storage.
  • Anthropic & OpenAI — text and image generation (source content is sent to these providers per request).
  • Google Gemini — supplementary text / multimodal generation where configured.
  • HeyGen — AI avatar video generation for persona-led video output.
  • ElevenLabs — voice synthesis and voice cloning for persona audio.
  • Apify — managed scrapers for TikTok, Instagram, and other ingestion sources.
  • Blotato / platform APIs — publishing to social networks.
  • Stripe — payment processing.
  • Mailchimp — newsletter delivery (only when you configure it).

Your rights

You can access, export, or delete your data at any time from Settings. If you are in the EU, UK, or California, you have additional rights under GDPR and CCPA — contact privacy@kontentengine.exampleto exercise them.

Data retention

Account and workspace data is retained while your account is active. After account deletion, we retain data for 30 days to allow export, then permanently delete within 90 days. Anonymized aggregate usage statistics may be retained longer.

Security

All data in transit is encrypted via TLS. OAuth tokens and API keys are encrypted at rest. We employ standard security practices including least-privilege access controls, logged admin actions, and periodic security review.

Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.

Contact

Questions? Email privacy@kontentengine.example.