Privacy Policy
Last updated: March 2026
Introduction
UGCKit, Inc. ("UGCKit," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you visit or use any UGCKit website, application, API, or related service (collectively, the "Service"). It also describes the rights and choices available to you. If you do not agree with this Policy, please do not access or use the Service.
Scope
This Policy applies to personal information that we process as a "controller" or "business," including information collected: when you visit ugckit.ai or any sub-domain; when you create an account or interact with the Service; when you contact us or otherwise communicate with us. It does not apply to information we handle on behalf of customers as a "processor" or "service provider"—for example, video files you store in your workspace. Those data are governed by our Terms of Service and any applicable data-processing agreement.
Information We Collect
We collect Account Identifiers (Google email address, Google user ID, name) provided by you via Google OAuth sign-in to create and maintain your account. We also collect Authentication Tokens (Google OAuth access & refresh tokens) from Google OAuth for uploading to YouTube and validating sessions. Usage Data (API calls, log files, IP address, device type, browser, locale, time zone) is collected automatically for service performance, troubleshooting, analytics, and security. Content Data (videos, images, audio, text) is uploaded by you to provide core functionality. Communications (support emails, bug reports, feedback) from you help us with customer support and improving the Service. We do not intentionally collect special categories of personal data, precise geolocation, or biometric identifiers.
How We Use Your Information
We use personal information to: 1) Provide the Service – authenticate you via Google, process your content, and upload videos. 2) Operate, maintain, and improve – monitor performance, debug, analyze aggregated usage patterns, develop new features. 3) Communicate with you – transactional notices, customer support, security alerts, and—only if you opt-in—product updates or marketing. 4) Protect and secure – detect fraud, enforce Terms of Service, investigate misuse, and comply with legal obligations. We do not sell or rent your personal information, and we do not use it to profile you for advertising.
Cookies & Similar Technologies
We use Authentication cookies (first-party, essential; expire after 30 days or when you sign out), PostHog analytics (first-party cookie storing a random device ID; used solely for aggregated click analytics within our own infrastructure; IPs are truncated), and other service-related cookies as needed for security and core functionality. You can control cookies in your browser settings, but essential cookies are required for core functionality.
Disclosures to Third Parties
We share personal information only with: Google LLC for OAuth sign-in and YouTube uploads (OAuth scopes restricted to upload; tokens encrypted at rest); TikTok Ltd. / Meta Platforms, Inc. (Instagram) for publishing videos at your request (access limited to publishing endpoints); Service providers (cloud hosting, email delivery, error monitoring) for infrastructure & support (confidentiality agreements; data-processing agreements); and Authorities or legal counsel for legal compliance, enforcing rights, and protecting users (only when required by law). We require all service providers to process personal information only on our instructions and to implement appropriate security measures.
Cross-Border Transfers
UGCKit's servers are in the United States. If you access the Service from another country, your information will be transferred to, stored, and processed in the U.S. and possibly other jurisdictions where we or our subprocessors operate. For EU/UK data, we rely on: Standard Contractual Clauses (SCCs) approved by the European Commission, plus the UK International Data Transfer Addendum; supplementary technical and organizational measures (encryption in transit and at rest, strict access controls).
Data Retention
We retain Account identifiers as long as your account is active and for a limited period thereafter as required for legal, audit, and operational purposes, with scheduled purge or earlier deletion upon verified request, subject to legal holds. Authentication tokens are kept until revoked, expired, or 90 days after last use, with automatic purge. Usage & log data is kept for 12 months, then aggregated/anonymized. Content data (videos and other uploaded assets) remains until you delete the file or close the workspace, with immediate purge from active storage and backups overwritten within 30 days. Support communications are retained for 3 years before secure deletion.
Security Measures
We implement TLS 1.3 encryption in transit; AES-256 encryption at rest; Principle-of-least-privilege access controls; MFA for staff; Continuous vulnerability scanning, annual penetration testing; Segmented production network and firewalls; and an Incident-response program with 72-hour breach notification commitment to affected users and authorities where required.
Your Rights
Depending on where you live, you may have the right to: Access and receive a copy of your personal information; Correct inaccurate or incomplete information; Delete your personal information ("right to be forgotten"); Object to or restrict certain processing; Data portability (receive data in a machine-readable format); Withdraw consent at any time (without affecting previous processing); Lodge a complaint with a supervisory authority. To exercise any right, email [email protected] from the Google account linked to your UGCKit profile. We will verify your identity and respond within 30 days (or 45 days for CCPA/CPRA).
California Privacy Notice (CCPA/CPRA)
UGCKit does not "sell" or "share" personal information as those terms are defined under California law. In the preceding 12 months we collected: identifiers and internet activity. We disclose these categories only for the business purposes described in Section 5. We do not use or disclose "sensitive personal information" except to provide the Service. California residents may designate an authorized agent to make privacy requests by sending written authorization to [email protected].
GDPR Compliance Details
UGCKit, Inc. is the data controller for personal data collected through the Service. You can reach our Data Protection Officer at [email protected]. We rely on the lawful bases indicated in this Policy (contract, legitimate interest, or consent). Where legitimate interest is used, we have balanced our interests against your fundamental rights. UGCKit does not engage in automated decision-making producing legal or similarly significant effects under Article 22 GDPR. We also do not profile users for advertising. Our current sub-processors and their roles are listed at ugckit.ai/subprocessors. For transfers from the EEA/UK to the U.S., we rely on Standard Contractual Clauses together with the UK International Data Transfer Addendum and supplementary technical and organizational measures. You have the right to lodge a complaint with your local supervisory authority or with the Berlin Commissioner for Data Protection and Freedom of Information (our lead authority).
Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If we learn that a child under 13 has provided personal information, we will delete it immediately.
Changes to This Policy
We may update this Policy periodically. If we make material changes, we will notify you by email or in-app message at least 7 days before the new Policy takes effect. The "Last updated" date reflects the latest revision.
Contact
UGCKit Email: [email protected] If you have questions or concerns about privacy at UGCKit, please contact us.