LEGAL

Privacy Policy

How UGCGen handles your information - written plainly, without the runaround.

Who we are

UGCGen is an AI-powered video ad generator that turns product URLs and scripts into UGC-style short-form video ads. This service is operated by the UGCGen team. If you have any questions about this policy, reach us at [email protected].

What information we collect

Information you give us

When you create an account or use the service, we collect:

  • Email address and password when you register for an account. Passwords are hashed before storage and we never store them in plain text.
  • Product URLs and scripts that you paste or type into the generator. We use this content to generate your ad scripts and videos.
  • Brand kit information - if you configure a brand kit, we store your logo file, brand colors, chosen font, and end-card CTA text.
  • Team and account settings - your team name, member email addresses you invite, and any role assignments.
  • Payment information - we do not store your card details. All payment processing is handled by Stripe, and we only receive confirmation tokens and subscription status from them.

Information collected automatically

When you use UGCGen, we automatically collect certain technical data:

  • Usage logs - we track which actions you take (generating an ad, exporting a video, viewing a project) and record them against your account or a temporary session ID if you are not logged in. This is how we enforce per-tier usage limits and quotas.
  • Session identifiers - anonymous visitors get a session ID so we can apply the three-generations-per-session free limit without requiring an account.
  • Browser and device data - your browser type, operating system, and the IP address your requests come from. We use this for security monitoring and abuse prevention.
  • Referral and UTM parameters - if you arrive via an ad or a link with tracking parameters, we log those to understand how you found us.

Content we process on your behalf

The product URLs you submit are fetched by our servers - we retrieve the product title, description, and images from those URLs in order to generate your ad script and video. We store the scraped metadata (title, description, image URLs) as part of your project record. We do not retain the raw HTML of third-party pages beyond the immediate processing window.

Generated videos and scripts are stored on our servers (hosted on AWS S3) so you can retrieve, re-render, and download them from your dashboard. You control when to delete them.

How we use your information

We use the information we collect to:

  • Provide, operate, and improve the UGCGen service - generating scripts, rendering videos, and managing your project history.
  • Enforce usage limits and subscription tier entitlements.
  • Process your subscription payments via Stripe and send billing-related emails.
  • Send account-related emails - verification codes, password resets, and critical service notifications. We do not send marketing emails unless you explicitly opt in.
  • Monitor for abuse, detect fraud, and maintain the security of the platform.
  • Understand how users interact with the service so we can improve it. We look at aggregate usage patterns, not at individual users' private content.
  • Comply with legal obligations.

Third-party services we use

Running UGCGen requires integrating with a small number of trusted third-party services. Here is who they are and what they do with your data:

  • Stripe - payment processing and subscription management. When you subscribe, your card details go directly to Stripe's servers under their PCI-DSS compliance. We receive only a customer ID, subscription status, and invoice data. Stripe's privacy policy is at stripe.com/privacy.
  • AWS (Amazon Web Services) - we use S3 to store generated videos, brand kit assets, and uploaded files. We use CloudFront to serve those assets. AWS infrastructure is in secure, SOC 2-audited data centers.
  • Email delivery provider - we send transactional emails (verification codes, receipts) via a third-party email delivery service. We share your email address with them only for the purpose of delivering messages to you.
  • AI and video rendering services - generating your ad scripts and videos may involve calls to AI language model APIs and avatar/video rendering providers. The content you submit (product URL, script, selected creator) is passed to these providers to generate output. We do not sell this content to them and they are contractually prohibited from using your input to train their models (where applicable under their terms).

We do not sell your personal data to any third party. We do not share your data with advertisers or data brokers.

Cookies and tracking

We use cookies and similar technologies for the following purposes:

  • Session cookies - to keep you logged in while you use the service. These are essential and cannot be opted out of if you want to use the product.
  • CSRF tokens - a security cookie that prevents cross-site request forgery attacks on form submissions.
  • Analytics - we may use lightweight, privacy-respecting analytics to understand traffic sources and page usage. Where used, this collects no personally identifiable information beyond approximate geographic region and browser type.

We do not use advertising cookies or third-party retargeting pixels on ugcgen.ai at this time.

How long we keep your data

We hold different types of data for different periods:

  • Account data - we keep your account information for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are required to keep it longer for legal or financial compliance reasons (for example, billing records).
  • Generated content - your projects, scripts, and rendered videos are stored until you delete them or until your account is deleted. You can delete individual projects and videos from your dashboard at any time.
  • Usage logs - we retain detailed usage logs for up to 90 days for abuse prevention and quota enforcement, then aggregate them into anonymised statistics.
  • Anonymous session data - session-based usage records (for users who have not created accounts) are purged after 30 days.

Data security

We take the security of your data seriously:

  • All data transmitted between your browser and our servers is encrypted via HTTPS/TLS.
  • Stored files on AWS S3 are kept in private buckets - not publicly accessible except via signed, time-limited URLs.
  • Passwords are hashed using bcrypt with a cost factor appropriate to current hardware.
  • We implement rate limiting on authentication endpoints to slow down brute-force attempts.
  • Access to production infrastructure is limited to team members who need it and is protected by multi-factor authentication.

No system is perfectly secure. If you discover a vulnerability or have a security concern, please contact us at [email protected].

Your rights (GDPR and CCPA)

If you are in the European Economic Area, the UK, or California, you have additional rights over your personal data:

  • Access - you can request a copy of the personal data we hold about you.
  • Correction - if any information we hold is inaccurate, you can ask us to correct it. You can update most profile information directly in your account settings.
  • Deletion - you can ask us to delete your account and the personal data associated with it. We will comply within 30 days, subject to any legal retention obligations.
  • Portability - you can ask us to provide your data in a structured, machine-readable format.
  • Objection / restriction - you can object to or ask us to restrict certain types of processing, in particular direct marketing (we do not currently send marketing emails, but you can opt out at any time if we do).
  • Withdrawal of consent - where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

California residents also have the right to know what personal information we sell or disclose to third parties for business purposes. We do not sell personal information. We disclose data to the service providers listed in the "Third-party services" section above, strictly for operating the service.

To exercise any of these rights, email us at [email protected] with the subject line "Data Request." We will respond within 30 days.

Children

UGCGen is intended for business use by adults. We do not knowingly collect personal information from anyone under 16 years of age. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

International transfers

UGCGen operates globally and your data may be stored or processed in countries outside your own, including the United States where AWS data centers are located. By using the service, you acknowledge this. Where required by law (for example, for EU-to-US transfers), we rely on appropriate legal mechanisms such as Standard Contractual Clauses.

Changes to this policy

We may update this policy from time to time as the service evolves. If we make material changes - changes that affect your rights or how we use your data in a significant way - we will notify you via the email address on your account before the changes take effect. Continued use of the service after that point constitutes acceptance of the updated policy.

Contact us

If you have any questions about this Privacy Policy, how we handle your data, or want to exercise your rights, please reach out:

UGCGen
[email protected]

Z tej samej rodziny narzędzi