← Back to ugcgo.ai

Privacy Policy

Last updated: April 6, 2026

What We Collect

When you create an account on ugcgo.ai, we collect:

• Account info — email address, name, role (brand or creator), and profile details you choose to provide
• Content — portfolio uploads, campaign briefs, messages, and AI-generated assets
• Usage data — pages visited, features used, and interaction patterns (via PostHog analytics)
• Payment info — processed securely by Stripe; we never store card numbers

How We Use Your Data

• Operating the marketplace — matching brands with creators, displaying profiles, facilitating collaboration
• AI content generation — processing your prompts through our AI providers to generate images, videos, and scripts
• Payments — processing transactions, managing escrow, and payouts via Stripe Connect
• Improving the platform — analytics to understand usage patterns and improve features
• Communications — account notifications, campaign updates, and platform announcements

Third-Party Services

We use the following services to operate ugcgo.ai:

• Supabase — authentication, database, and file storage (EU/US infrastructure)
• Stripe — payment processing and creator payouts
• fal.ai — AI video generation
• OpenRouter — AI image and script generation (routes to Google Gemini models)
• ScrapeCreators — public Instagram/TikTok profile data for linked creator accounts
• Apify — fallback provider for public social data when primary is unavailable
• PostHog — product analytics (privacy-focused, no third-party cookie sharing)
• Vercel — hosting and serverless functions

Each provider processes data according to their own privacy policies. We do not sell your data to any third party.

Social Media Data

If you choose to link your Instagram or TikTok account as a creator, ugcgo.ai collects and stores only public data associated with that handle:

• Your public username, display name, bio, profile picture, and follower count
• Public post engagement metrics (views, likes, comments) for campaign deliverables you submit
• Derived engagement rate and a custom quality score (transparent to you in your dashboard)
• Self-disclosed audience demographics you voluntarily enter in onboarding (age range, gender split, top countries)

Legal basis (GDPR Art. 6(1)(a)): your explicit consent, given per-platform, when you click "Connect Social Account".

Verification method: we verify you own the linked handle via an ephemeral bio-code you add to your profile for a few minutes. We do not continuously scrape your account — refreshes are either manual (rate-limited to 1/hour) or triggered by campaign activity.

Retention: snapshots are retained for up to 24 months to support growth charts, dispute resolution, and compliance. You can disconnect and delete all stored social data from your dashboard at any time.

Audience demographics are never inferred without consent. MVP tier demographics are self-disclosed by you. Inferred demographics (via ML partnerships) will only be used with explicit opt-in and will be clearly labeled in the UI.

Creator-paste deliverables: when you submit a live post URL for a campaign, we capture a snapshot of the post's public metadata, engagement numbers, and media for compliance and dispute defense. This artifact is retained for 24 months and shared with the brand for review.

ugcgo.ai is not affiliated with Meta, TikTok, or YouTube. We use publicly accessible data under US Meta v. Bright Data (2024) precedent and platform Terms of Service as applicable.

Cookies

We use minimal cookies:

• Authentication — Supabase session tokens to keep you logged in
• Preferences — theme selection stored in localStorage
• Analytics — PostHog uses a first-party cookie for anonymous usage analytics

We do not use advertising cookies or share data with ad networks.

Your Rights

You can:

• Access your data — view and download your profile, content, and transaction history from your dashboard
• Update your info — edit your profile at any time
• Delete your account — contact us to permanently remove your account and associated data
• Export your data — request a full export of your data by contacting us

Data Security

We protect your data with HTTPS encryption, row-level security policies in our database, JWT-based authentication, and secure API proxies that keep third-party keys server-side only.

Contact

Questions about your privacy? Reach us at privacy@ugcgo.ai