UGC SUITE
PrivacyTermsCookiesGuidelines

Privacy Policy

Effective date: 2026-06-22.

UGC Suite (“UGC Suite,” “we,” “us,” or “our”) provides software for user-generated content creators to manage briefs, scripts, shoots, media, clients, and revenue. This Privacy Policy explains what information we collect when you use our website and application, how we use it, and the rights you have over it.

1. Information we collect

We collect the following categories of personal information:

  • Account information. Name, email address, password hash, profile photo, phone number, social handles, and other details you provide when signing up or completing onboarding.
  • Content you create. Briefs, scripts, notes, uploaded media, client and deal records, invoices, calendar events, and any other data you store in the application.
  • Billing information. Subscription tier, billing status, and Stripe customer identifiers. Card numbers are handled directly by Stripe. We do not see or store full payment card details.
  • Usage information. Pages visited, features used, device and browser type, IP address, approximate location derived from IP, and crash or error reports. Product analytics are consent-gated: they are off by default and we capture nothing — anywhere, including the public landing page — until you accept in our cookie banner. You can withdraw consent at any time in Cookie settings.
  • Support correspondence. Emails, in-app feedback submissions, and screenshots you send us.

2. How we use information

  • To provide, maintain, and improve the service.
  • To authenticate you and secure your account.
  • To process payments and manage subscriptions.
  • To generate AI-assisted content (scripts, summaries, brief organization) at your request.
  • To send transactional email about your account, billing, security, and product updates you have opted into.
  • To diagnose bugs, monitor performance, and prevent abuse.
  • To comply with legal obligations.

AI training. We do not use your account content to train foundation AI models. Prompts and outputs are sent to AI sub-processors (listed below) only to fulfill your request. Pending counsel verification, this commitment may be expanded in a future revision of this policy.

3. Sub-processors

We share information with the following service providers:

  • Supabase: Database, authentication, storage
  • Stripe: Payment processing and subscription billing
  • PostHog: Product analytics (consent-gated, opt-in)
  • Sentry: Error and crash reporting
  • Resend: Transactional email delivery
  • OpenRouter: AI model routing for content generation
  • Anthropic: AI model provider for content generation
  • Google: OAuth sign-in, transactional email infrastructure
  • Vercel: Application hosting and edge runtime

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

4. Data retention

We retain your account data for as long as your account is active. When you delete your account, we delete or de-identify associated personal information within a reasonable period, except where we are required to retain it for legal, tax, audit, or fraud-prevention purposes. Specific retention windows are pending counsel review.

5. Contract Summary Tool: additional disclosures

The AI Contract Summary tool accepts contract text that you upload or paste. Because that content can contain pay rates, exclusivity terms, and other deal-sensitive details, we describe its handling separately here.

  • Where the text is sent. When you run a summary or ask the chatbot a question, the contract text is transmitted to our AI sub-processors (OpenRouter, which routes the request, and Anthropic, which provides the underlying Claude model) so the model can produce the summary. We do not send the text to any other third party for that operation.
  • Where the text is stored.The contract text and the AI’s analysis are stored in our Supabase Postgres database (encrypted at rest, under row-level security tied to your account). We retain that record until you delete it from the “Saved” tab in the Contract Summary tool or until you delete your account, at which point it is removed under Section 4.
  • Sensitive personal information (CCPA / CPRA). Contract financials and similar deal terms may qualify as sensitive personal information under California Civil Code §1798.140(ae). We process this information only to operate the tool and respond to your account’s requests. We do not sell it, do not share it for cross-context behavioral advertising, and do not use it to train foundation AI models.
  • NDA and third-party rights. You are responsible for ensuring you have the right to upload each contract, including that no confidentiality obligation prohibits sharing it with our sub-processors. See Section 5 of the Terms of Service.

6. Your rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, gives you the following rights with respect to your personal information:

  • Right to know. Request the categories and specific pieces of personal information we have collected about you.
  • Right to delete. Request deletion of personal information we have collected, subject to exceptions.
  • Right to correct. Request correction of inaccurate personal information.
  • Right to portability. Receive a copy of your personal information in a portable, readily usable format.
  • Right to non-discrimination. Exercise these rights without receiving discriminatory treatment.

7. How to exercise your rights

To exercise any of the rights above, email privacy@ugcsuite.app with the subject line [Privacy Request] {Type} (e.g., [Privacy Request] Delete). We will verify the request using the email address on file for your account, and we will respond within 45 days as required by CCPA §1798.130(a)(2). If we need additional time, we will notify you in writing during that window.

You may also designate an authorized agent to make a request on your behalf. We will require written authorization signed by you and may ask the agent to verify their identity directly with us.

8. Security

We use industry-standard safeguards including TLS in transit, encryption at rest, hashed passwords, row-level security in our database, and least-privilege access controls. No system is perfectly secure; if we become aware of a breach affecting your information, we will notify you in accordance with applicable law.

9. Children

UGC Suite is not directed to children under 16 and we do not knowingly collect information from them. If you believe we have inadvertently collected information from a child, contact us at the address below and we will delete it.

10. Changes to this policy

We will post any changes to this policy on this page and update the “Effective date” above. Material changes will be communicated by email or in-app notice.

11. Contact

Questions or requests: privacy@ugcsuite.app.

← Back to home