Privacy Policy

Last updated: January 24, 2025

1. Introduction

OctoSpark ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content creation studio service ("Service").

By using OctoSpark, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, and profile details
  • Payment Information: Billing details and payment method (processed by Stripe)
  • Content Data: Text, images, videos, and other content you create or upload
  • Team Information: Details about team members and organizations you create
  • Communication: Messages you send to our support team

2.2 Information from Social Media Platforms

When you connect social media accounts (currently TikTok, with additional platforms planned), we collect:

  • Account identifiers and profile information
  • OAuth access and refresh tokens for publishing content
  • Analytics data about your social media performance and engagement
  • Content you authorize us to access for scheduling and analysis
  • Publishing permissions and account-specific limitations

2.3 Automatically Collected Information

  • Usage Data: Features used, content created, and interaction patterns
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies and preference cookies
  • Analytics: Performance metrics and error logs

3. How We Use Your Information

We use your information to:

  • Provide and maintain our Service
  • Process your transactions and manage credit-based billing
  • Generate AI content including videos, images, and captions
  • Schedule and publish content to your connected social media accounts
  • Analyze content performance and engagement metrics
  • Process long-running video generation workflows
  • Send service updates and marketing communications (with consent)
  • Improve our AI models and features through anonymized data
  • Provide customer support and technical assistance
  • Comply with legal obligations
  • Detect and prevent fraud or abuse

4. Data Sharing and Disclosure

We may share your information with:

4.1 Service Providers

  • Stripe: Payment processing
  • Supabase: Database and authentication
  • AWS/Google Cloud: Content storage and processing
  • Sentry: Error tracking and monitoring
  • Google Analytics: Usage analytics

4.2 Social Media Platforms

When you connect social accounts, we share only the content and data necessary to publish on your behalf, as authorized by you.

4.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

4.4 Business Transfers

In case of merger, acquisition, or sale, your information may be transferred to the new entity.

5. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Regular security audits and updates
  • Limited access to personal data on a need-to-know basis
  • Secure OAuth implementation for social media connections

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Correction

You can access and update your personal information through your account settings or by contacting us.

6.2 Data Deletion

You can request deletion of your account and associated data. Some information may be retained for legal or legitimate business purposes.

6.3 Data Portability

You can request a copy of your data in a structured, machine-readable format.

6.4 Marketing Communications

You can opt-out of marketing emails through the unsubscribe link or account settings.

6.5 Social Media Permissions

You can revoke access to connected social media accounts at any time through our platform or the respective social media platform's settings.

7. Data Retention

We retain your information for as long as:

  • Your account is active
  • Needed to provide you services
  • Required for legal obligations
  • Necessary for legitimate business purposes

Content data is retained for 90 days after deletion to allow for recovery. After this period, it is permanently deleted.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will promptly delete it.

10. Cookies and Tracking Technologies

We use cookies for:

  • Essential Cookies: Required for Service functionality
  • Analytics Cookies: To understand usage patterns
  • Preference Cookies: To remember your settings

You can control cookies through your browser settings, but disabling them may affect Service functionality.

11. California Privacy Rights (CCPA)

California residents have additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising privacy rights

12. European Privacy Rights (GDPR)

EU residents have additional rights including:

  • Right to access and receive a copy of your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with supervisory authorities

13. AI and Machine Learning

We use AI to generate content and provide recommendations. Your content and usage patterns may be used to improve our AI models, but we ensure:

  • Personal information is anonymized before model training
  • Your private content is never shared with other users
  • You retain ownership of AI-generated content

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

OctoSpark Privacy Team
Email: privacy@octospark.ai
Support: support@octospark.ai

Data Protection Officer:
Email: dpo@octospark.ai

16. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To provide our Service to you
  • Consent: For marketing communications and optional features
  • Legitimate Interests: For improving our Service and preventing fraud
  • Legal Obligations: To comply with applicable laws