privacy

Privacy Policy

Last updated: February 2026

This Privacy Policy describes how GPViralGenie ("we", "us", "our") collects, uses, and shares information about you when you use our website and services (the "Service").

1. Information We Collect

  • Account info: name, email, hashed password, profile preferences.
  • Billing info: handled by Stripe — we receive only billing status, last-four card digits, and invoice IDs; we never see full card numbers.
  • Connected-account tokens: OAuth tokens for the social platforms you choose to link (via Zernio, Ayrshare, Buffer), stored encrypted at rest.
  • Content you submit: prompts, drafts, uploaded images/audio/video, generated outputs.
  • Usage data: pages viewed, features used, generation history, error logs.
  • Cookies & similar: session cookies for auth; we do not use third-party advertising cookies.

2. How We Use Your Information

  • Operate, secure and improve the Service.
  • Process payments and send billing receipts (Stripe / Resend).
  • Send transactional emails (account, billing, support).
  • Send AI prompts and content to model providers (OpenAI, Google, Anthropic) strictly to deliver the requested generation.
  • Detect and prevent fraud, abuse, and platform-policy violations.
  • Comply with legal obligations.

We do not sell your personal data. We do not use your private content to train our own models.

3. Sharing

We share information only with:

  • Sub-processors providing infrastructure (MongoDB Atlas, hosting), payments (Stripe), email (Resend), AI inference (OpenAI, Google AI / Gemini, Anthropic), publishing (Zernio, Ayrshare, Buffer). Each is contractually required to protect your data.
  • Law enforcement / legal: when compelled by valid legal process or to protect rights, property or safety.
  • Acquirers: in the event of a merger, acquisition or asset sale, your data may transfer subject to this policy.

4. Data Retention

  • Account and content data: retained while your account is active.
  • After deletion: most data is removed within 30 days; backups expire on a 90-day rolling window.
  • Billing records: retained for the period required by Canadian tax / accounting law (typically 7 years).

5. Your Rights

Depending on where you live (Canada PIPEDA, EU/UK GDPR, California CPRA), you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to withdraw consent at any time. Submit a request to support@gpviralgenie.com and we will respond within 30 days.

6. Security

We use industry-standard safeguards (TLS in transit, encryption at rest for sensitive fields, scoped access controls, audit logging). No system is perfectly secure; you use the Service at your own risk.

7. International Transfers

We are based in Canada and may process data in Canada, the United States, and the EU through our sub-processors. Where required, transfers are governed by Standard Contractual Clauses or equivalent safeguards.

8. Children

The Service is not directed to children under 18 and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

9. Third-Party Platforms

When you connect a third-party account (Instagram, Facebook, TikTok, YouTube, X, LinkedIn, etc.) you also authorise data flow per that platform's own terms. We only access scopes you grant, and only for the actions you initiate inside our Service.

10. Changes

We may update this policy. Material changes will be notified via email or in-app banner.

11. Contact

Privacy questions? Reach us at support@gpviralgenie.com.