Privacy Policy

My UGC Studio ("we", "our", or "us") is operated by YAS S.p.z.o.o. This policy explains how we collect, use, store, and protect data when you use our application and connected social publishing features.

We collect and process the following categories of data:

• Account Information: Name, email, account identifiers, authentication records (via Clerk).
• Billing Information: Subscription and transaction metadata (processed via Stripe/RevenueCat; we do not store full card numbers).
• User Content: Uploaded product images, generated images/videos, prompts, and project metadata.
• Connected Platform Credentials: OAuth access/refresh tokens and related account IDs for platforms you explicitly connect (for example YouTube, TikTok, LinkedIn, Telegram).
• Operational Logs: Request logs, job status, publishing status, error logs, and security/audit events.
• Device and Technical Data: IP address, user agent, and diagnostics needed for reliability and abuse prevention.

We do not sell personal data. We do not run third-party ad tracking inside the core application workflow.

We process data only for legitimate business and product operations, including:

• Providing AI generation and media workflow features you request.
• Authenticating users, securing accounts, and preventing abuse/fraud.
• Executing social posting actions you explicitly trigger.
• Operating billing/subscription and customer support workflows.
• Maintaining service performance, monitoring failures, and improving product quality.
• Meeting legal, accounting, tax, and compliance obligations.

• Encryption in transit: HTTPS/TLS is enforced for application and API traffic.
• Encryption at rest: Production databases and object storage use provider-level encryption controls.
• Access control: Role-based access and least-privilege principles are applied for operational access.
• Secrets handling: API keys/tokens are stored in protected server environment configuration.
• Monitoring and auditability: Security and operational logs are retained for incident investigation.
• Backups: Regular backups are maintained for continuity and disaster recovery.

We keep data only as long as needed for the purposes above:

• Account profile and billing records: retained while account is active and as required by law.
• User media and generated assets: retained while account is active, unless you delete them earlier.
• OAuth tokens: retained until disconnection, revocation, or account deletion; replaced/rotated as needed.
• Operational and security logs: retained for a limited period necessary for security and reliability operations.
• Account deletion requests: primary user data is removed from active systems within up to 30 days, except where legal retention is required.

We use trusted service providers strictly to deliver core functionality, including:

• Authentication: Clerk
• Payments: Stripe, RevenueCat
• AI processing: Google Gemini and other configured model providers
• Publishing platforms: APIs you connect (for example TikTok, YouTube, LinkedIn, Telegram)
• Cloud infrastructure and storage: hosting, database, and object storage providers used by My UGC Studio

These providers process data under their own contractual and security frameworks and only for required service operations.

You may request to:

• Access your account data and exported media.
• Correct inaccurate profile information.
• Delete specific content or your entire account.
• Disconnect/revoke connected social integrations.
• Object to or restrict certain processing where applicable by law.

To exercise rights, contact us at [email protected]. We verify requests before execution to protect account security.

If you connect TikTok or TikTok Shop features, My UGC Studio accesses only the data needed to perform user-requested publishing operations and integration management.

• We access and store only required OAuth credentials and minimal account identifiers necessary for posting actions.
• We do not sell, rent, or broker TikTok user data.
• We do not use TikTok data for unrelated advertising profiling.
• We process TikTok data only for explicit user-authorized actions and compliance/security operations.
• Users can disconnect TikTok integrations; corresponding tokens are revoked/removed according to our retention policy.

My UGC Studio's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use Google user data (for example youtube.upload scope) only to provide and improve requested app features. We do not sell this data and do not use it for unrelated ad targeting.

Depending on your location and selected integrations, data may be processed in multiple jurisdictions where our infrastructure and subprocessors operate. We apply appropriate safeguards for cross-border transfers as required by applicable law.

Our services are not directed to children under the age required by applicable law. We do not knowingly collect personal data from children in violation of legal requirements.

We may update this policy to reflect legal, security, or product changes. Material updates will be announced in-product or by email where required.