Effective date: 2026-05-16
Last updated: 2026-06-22
This Privacy Policy describes how UGC Cast(“we”, “our”, “the Service”) collects, uses, stores, and shares information when you use our platform hosted at https://ugccast.tech.
By using the Service you agree to the practices described below. If you do not agree, please do not use the Service.
1. Who we are
- Service name: UGC Cast (AI Bloggers automation platform)
- Operator: HD Digital LLP (Товарищество с ограниченной ответственностью «HD Digital»), a company registered in the Republic of Kazakhstan, BIN 230740039374
- Registered address: 050013, Almaty, Bostandyk district, Pereulok Shumny 2, Republic of Kazakhstan
- Contact email: deniskinmiami@gmail.com
2. What information we collect
2.1 Account data
- Email address (required to create an account)
- Hashed password (we never store plaintext passwords; Argon2 algorithm)
- Account role (admin / editor)
2.2 Content data
- AI-blogger profiles you create (name, appearance description, voice settings)
- Content plans and scenarios you generate
- Scripts, images, and videos produced by our AI pipeline
- Topics, captions, and metadata you provide
2.3 Third-party platform tokens (TikTok / Instagram / YouTube)
When you connect your social account via OAuth, we receive and store:
- Access token (encrypted at rest in our database)
- Refresh token (encrypted at rest)
- Token expiry timestamps
- Account identifier (TikTok open_id, Instagram business account id, YouTube channel id)
- Public profile info (display name, avatar URL) — used to show “you are connected as X” in our UI
We do NOT collect:
- Your platform password
- Followers / friends list
- Private messages
- Any data outside the scopes you explicitly granted
2.4 Usage / technical data
- Server logs (IP, request path, response code, timestamp) — kept up to 30 days for security and debugging
- Errors / exceptions (via Sentry) — anonymized stack traces
2.5 Billing data
- Usage records (LLM calls, image generations, video generations, costs in USD)
- We do NOT store payment card data.
3. How we use the information
We use the information only to provide and improve the Service:
- Authentication and access control — email, hashed password, JWT tokens
- Generating content — your topic input, blogger profile, plan parameters
- Publishing to social platforms on your behalf — encrypted OAuth tokens, target platform IDs
- Refreshing expired tokens automatically — refresh tokens, platform refresh API
- Showing connection status in your dashboard — public profile info
- Cost tracking and usage limits — token usage records
- Debugging and security — server logs, anonymized errors
We do NOT use your data to train AI models or for advertising.
4. Third-party services we use
| Service | Purpose | Data shared |
|---|---|---|
| Google Vertex AI (Gemini) | Script and image generation | Your topic and blogger description |
| fal.ai (Seedance) | Video generation | Generated image + motion prompt + voice text |
| TikTok Content Posting API | Publishing on your behalf | Your access token, video URL, caption |
| Meta Graph API (Instagram) | Publishing on your behalf | Your access token, video URL, caption |
| YouTube Data API v3 | Publishing on your behalf | Your access token, video file, caption |
| MinIO storage | Storing generated media | Generated images / videos |
| Sentry | Error tracking | Anonymized stack traces |
Each third party processes data under its own terms — we encourage you to review their privacy policies.
4.1 Google API Services & YouTube — Limited Use
This application uses YouTube API Services. By using the YouTube features you agree to the YouTube Terms of Service. Google's handling of data is described in the Google Privacy Policy.
UGC Cast's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We access your YouTube account solely to upload the videos you explicitly choose to publish; we do not use this data for advertising or to train AI models, and we do not transfer it to third parties except as required to provide the publishing feature you request.
You can revoke this application's access to your Google / YouTube data at any time at myaccount.google.com/permissions.
4.2 TikTok — data use & compliance
This application uses TikTok API Services (Login Kit and the Content Posting API). By connecting your TikTok account you agree to the TikTok Terms of Service and acknowledge the TikTok Privacy Policy.
When you authorize TikTok, we request only the scopes user.info.basic (your public profile — display name and avatar, shown so you can confirm which account is connected) and video.upload / video.publish (to post the videos you explicitly choose). Our access to, use of, and transfer of information received from TikTok APIs adheres to the TikTok Developer Guidelines and the TikTok Developer Terms of Service.
We access your TikTok account solely to publish the videos you initiate. We do not use TikTok data for advertising, do not use it to train AI models, and do not sell or transfer it to any third party except as strictly necessary to provide the publishing feature you request. TikTok access and refresh tokens are encrypted at rest and are deleted immediately when you disconnect TikTok or delete the associated blogger.
You can revoke this application's access to your TikTok account at any time at tiktok.com/settings/connected_apps.
5. How we store and protect your data
- Database: PostgreSQL, hosted on our infrastructure
- OAuth tokens: encrypted at rest; decryption only happens in-memory when needed
- Passwords: never stored plaintext; Argon2 password hashing
- Transport: all API traffic over HTTPS / TLS
- Access: only authorized service processes can read encrypted token blobs
- Backups: standard DB backups retained for 30 days, then deleted
We make reasonable efforts to protect your data but no system is 100% secure.
6. Data retention
- Account profile — until you delete your account
- Generated content — until you delete the item or your account
- OAuth tokens — until you disconnect the platform or delete the blogger
- Server logs — 30 days
- Error traces — 90 days
- Billing / usage records — up to 3 years
When you disconnect a platform in our UI, we delete the encrypted tokens immediately from the database.
7. Your rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccuracies in your account data
- Delete your account and all associated data
- Export your data on request
- Disconnect any linked social platform at any time via the UI
- Withdraw consent — disconnect the platform and / or delete the account
To exercise any right, contact us at deniskinmiami@gmail.com. We respond within 30 days.
You can also revoke OAuth access directly from the platform:
- TikTok: tiktok.com/settings/connected_apps
- Instagram / Facebook: facebook.com/settings
- YouTube / Google: myaccount.google.com/permissions
8. Children
The Service is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us and we will remove it.
9. Changes to this policy
We may update this Privacy Policy. Material changes will be communicated via email or a notice in the Service. Continued use after the change constitutes acceptance.
10. Contact
For questions about this Privacy Policy or your data: deniskinmiami@gmail.com