Privacy Policy

1. Information We Collect

We collect the following types of information:

• Account Information: Email address, name, and profile picture (via Google OAuth)
• Generated Content: AI-generated images and videos you create using our platform
• Reference Images: Photos you upload to train your AI influencer (may contain biometric data — see Section 5)
• Usage Data: Credit consumption, generation history, and feature usage
• Payment Information: Billing details processed securely through Stripe (we do not store card numbers)

2. How We Use Your Information

• To provide and maintain our AI content generation service
• To process your subscription and payments
• To manage your account and credits
• To communicate service updates and important notices
• To improve our service using anonymized, aggregated usage data — we do not use your uploaded reference images or generated content to train publicly available AI models; your content remains private

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation, we process your personal data on the following legal bases:

• Contract Performance: To provide our service to you and fulfill our contractual obligations
• Legitimate Interest: To improve our service, prevent fraud, and ensure platform security
• Consent: For marketing communications and processing of biometric data (where required)
• Legal Obligation: To comply with applicable tax, financial, and regulatory laws

4. Marketing Communications

We may send you marketing communications only if you opt in during registration or via your account settings. You can opt out at any time by clicking the unsubscribe link in any email or by contacting support@contentpole.com. Opting out of marketing does not affect transactional emails (billing receipts, security alerts, service notices).

5. Biometric Data

Reference images you upload may contain biometric data (facial features). We process this data solely to generate your AI influencer and do not use it for facial recognition or identification purposes. Under GDPR, biometric data is a special category of personal data and is processed with your explicit consent, which you provide when uploading reference images. Under the Illinois Biometric Information Privacy Act (BIPA), we inform you that biometric data is collected, stored only for the duration of your account, and destroyed within 30 days of account deletion.

6. Subprocessors

We use the following subprocessors to deliver our service:

• Supabase Inc. (United States) — Database, authentication, and file storage
• Fal.ai (United States) — AI image and video generation processing
• Google LLC (United States) — OAuth account authentication
• Stripe Inc. (United States) — Payment processing
• Inngest Inc. (United States) — Background job processing

Each subprocessor has its own privacy policy governing the data they process on our behalf. We will notify users at least 30 days before adding new subprocessors.

7. Data Storage & Retention

Your account data is stored in Supabase-managed databases in the United States with encrypted redundancy. Generated content and reference images are stored in Supabase storage buckets in the same region.

Retention Periods:

• Account data: Duration of your account + 30 days after deletion
• Generated content & reference images: Duration of your account + 30 days after deletion
• Payment records: 7 years (tax and legal requirements)
• Backup data: 90 days maximum
• Anonymized analytics: Retained indefinitely

8. International Data Transfers

If you are located outside the United States, your data will be transferred to and processed in the United States. For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data in accordance with GDPR Article 46.

9. Your Rights (GDPR)

If you are in the European Economic Area or United Kingdom, you have the following rights:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data and generated content
• Portability: Receive your data in a machine-readable format
• Restriction: Request restriction of processing in certain circumstances, such as while we verify the accuracy of your data
• Object: Object to processing of your personal data based on legitimate interests

To exercise any of these rights, contact us at privacy@contentpole.com. We will respond within 30 days.

10. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under CCPA/CPRA:

• Right to Know: Request the categories and specific pieces of personal data we have collected
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: We do not sell your personal information to third parties
• Right to Non-Discrimination: We will not penalize you for exercising your privacy rights
• Shine the Light: You may request an annual disclosure of data shared with third parties for marketing purposes

California residents can submit requests via privacy@contentpole.com.

11. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you. While our service uses AI to generate content at your request, this does not constitute automated decision-making as defined under GDPR Article 22.

12. Cookies & Analytics

We use essential cookies to maintain your authentication session. For detailed information about our cookie practices, please see our Cookie Policy.

We may use analytics tools to understand user behavior and improve our service. Any analytics data is collected in anonymized or aggregated form. You can opt out of analytics tracking through your browser settings or by contacting us.

13. Data Security

We implement the following security measures to protect your data:

• TLS encryption for all data in transit
• Encryption at rest for stored data
• Secure authentication via OAuth 2.0
• Role-based access controls on all stored data
• Regular security reviews

While no method of transmission or storage is 100% secure, we take reasonable steps to protect your information.

14. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Notifications will include the nature of the breach, the data affected, and steps we are taking to mitigate the impact.

15. Children's Privacy

Contentpole is strictly for users aged 18 and older. We do not knowingly collect personal information from minors. We prohibit generating content depicting minors in any context. If you believe a minor has created an account, please report it immediately to support@contentpole.com. If we learn that we have collected data from a child, we will delete the account and all associated data promptly.

16. Supervisory Authority

EU and EEA users have the right to lodge a complaint with their local data protection supervisory authority if they believe their data has been processed unlawfully. A list of EU supervisory authorities is available at the European Data Protection Board website.

17. EU Representative

If Contentpole does not maintain an establishment in the EU, we will appoint an EU representative in accordance with GDPR Article 27. Details of any appointed representative will be published on this page.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform at least 30 days before changes take effect. Continued use of the service after changes constitutes acceptance.

19. Contact

For privacy-related inquiries:

• Privacy Email: privacy@contentpole.com
• General Support: support@contentpole.com
• Response Time: Within 30 days of receiving your request