Privacy Policy

Last updated: January 2025

This Privacy Policy explains how UGCLab ("we", "us", or "our") collects, uses, shares, and protects your personal information when you use our website and services at ugclab.app. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

UGCLab is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you can contact us at:

2. Data We Collect

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Password (stored in hashed form, never in plain text)
  • Profile information you choose to provide

Payment Information

When you subscribe to our services, payment information is collected and processed by our payment provider, Stripe. We do not store your full credit card details on our servers. We may receive and store:

  • Last four digits of your card
  • Card type and expiration date
  • Billing address
  • Transaction history

Usage Data

We automatically collect information about how you use our services:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and features used
  • Time and date of visits
  • Referring website
  • Content you create and interactions with our platform

Content Data

When you use our AI content generation features, we process:

  • Text prompts and scripts you provide
  • Images and media you upload
  • Generated videos and content
  • Project settings and preferences

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI content creation services
  • Account Management: To create and manage your account, process subscriptions, and handle billing
  • Communication: To send you service updates, security alerts, and support messages
  • Analytics: To understand how our services are used and improve user experience
  • Marketing: To send promotional communications (with your consent) and measure advertising effectiveness
  • Security: To detect, prevent, and address fraud, abuse, and security issues
  • Legal Compliance: To comply with legal obligations and respond to lawful requests

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services to you (account data, payment processing, content generation)
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services, security, and fraud prevention
  • Consent: Processing based on your explicit consent, such as marketing communications and optional cookies
  • Legal Obligation: Processing required to comply with applicable laws and regulations

5. Data Sharing

We share your data with the following categories of third parties:

Service Providers

  • Stripe — Payment processing
  • AI Service Providers — To process your content generation requests
  • Cloud Infrastructure — Data hosting and storage (EU-based servers)

Analytics Providers

  • Google Analytics — Website traffic analysis
  • PostHog — Product analytics and user behavior

Advertising Partners

  • Meta (Facebook/Instagram) — Advertising and conversion tracking
  • Google Ads — Advertising and remarketing
  • TikTok — Advertising and conversion tracking

We may also share your data when required by law, to protect our rights, or in connection with a business transfer (merger, acquisition, or sale of assets).

6. International Data Transfers

Your data is primarily stored and processed within the European Union. When data is transferred outside the EU (for example, to third-party service providers), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection standards
  • Binding Corporate Rules where applicable

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active and deleted immediately upon account closure or deletion request
  • Content Data: Deleted when you delete the content or close your account
  • Payment Records: Retained for 7 years as required by tax and accounting regulations
  • Usage Logs: Retained for up to 2 years for analytics purposes
  • Marketing Data: Retained until you withdraw consent

When you request account deletion, we will immediately delete or anonymize your personal data, except where retention is required by law.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request limitation of processing in certain circumstances
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with a supervisory authority (in France: CNIL)

To exercise any of these rights, please contact us at privacy@ugclab.app. We will respond to your request within 30 days.

9. Cookies and Tracking

We use cookies and similar tracking technologies to collect usage data and improve our services. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete that information immediately.

11. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication
  • Employee training on data protection

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or through our platform for significant changes
  • Obtain your consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For data protection matters in France, you may also contact the CNIL (Commission Nationale de l'Informatique et des Libertés) at www.cnil.fr.