Privacy Policy

1. The Short Version

We collect the minimum amount of data needed to run AIShortGen. We do not sell it, we do not rent it, and we do not hand it to advertisers who want to follow you around the internet until you buy a mattress. Your info stays with us.

This page explains exactly what we collect, why we need it, and who else touches it along the way. No tricks, no 47-page law school review, just straight talk.

2. What We Collect

Your account info: Email and password when you sign up. Passwords are hashed through Supabase Auth — we literally could not read yours if we tried.

The stuff you create: Topics and scripts you type in to make videos. We store these so you can see your history and so the service works properly.

API keys (Pro users): If you plug in your own OpenAI key, we encrypt it and use it only to run requests on your behalf. Nobody else sees it.

Payment details: We do not store your card number. Period. Payments go through Creem.io, our payment processor. All we get back is a customer ID and whether your subscription is active.

Usage data: How many videos you have made, what plan you are on, and general patterns that help us keep things running smoothly. Nothing creepy.

3. What We Do With It

• Create and manage your account (obviously)
• Process your video requests when you click Generate
• Handle your subscription and billing through our payment processor
• Keep track of usage so free-plan limits and Pro perks work correctly
• Send you transactional emails — account confirmations, receipts, that sort of thing
• Reply when you email us with a question or a bug report
• Make the product better over time based on how people actually use it

What we do not do: sell your data to anyone. Ever. For any reason. That is a hill we will happily die on.

4. Social Media Connections

You can connect YouTube, Instagram, and TikTok to publish videos straight from AIShortGen. When you connect an account, we store:

• OAuth tokens — encrypted and used only to post on your behalf. We do not browse your profile or read your DMs.
• Channel or account identifiers — your channel name or username, so we can show you which account is connected in Settings.

We do not look at your followers, your messages, your analytics, or anything else that is none of our business. Disconnect any account from Settings anytime — we delete all tokens for that account immediately and permanently.

Google / YouTube

We use the YouTube Data API v3 to upload your reels. We request two scopes:

• youtube.upload — to upload videos to your channel
• youtube.readonly — to grab your channel name and ID

Google API Limited Use Disclosure: AIShortGen's use and transfer of info from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google data for ads, we do not share it with third parties, and no human reads it unless required by law.

Instagram

We use the Instagram Content Publishing API to post Reels. We store your access token and user ID. We do not touch your DMs, followers, or feed. Your account, your content, your business.

TikTok

AIShortGen integrates with TikTok using two official TikTok for Developers products: Login Kit and the Content Posting API.

Login Kit — what we receive: When you choose to connect your TikTok account, TikTok may share the following basic profile information with us:

• open_id — a unique, app-scoped identifier (not your TikTok username)
• display_name — the name shown on your TikTok profile
• avatar_url — your profile picture URL
• username — your TikTok handle

We use this information solely to identify which TikTok account is connected and display it in your Settings page. We do not use it for advertising, analytics, or profiling.

Content Posting API — what we do: We request the following scopes:

• user.info.basic — to read your display name and avatar (included with Login Kit)
• video.publish — to post videos directly to your TikTok profile on your behalf
• video.upload — to upload video files to TikTok for posting

We only post content that you explicitly create within AIShortGen and choose to publish. We never post without your action.

What we store: Your TikTok OAuth access token, open ID, and username. Tokens are encrypted at rest and used exclusively to authenticate API requests on your behalf.

What we do NOT do with your TikTok data:

• We do not access your TikTok inbox, messages, followers, following list, or analytics
• We do not sell, rent, or share your TikTok data with any third party
• We do not use your TikTok data for advertising or tracking purposes
• We do not retain your TikTok data after you disconnect your account

Revoking access: You can disconnect TikTok at any time from your AIShortGen Settings page. When you disconnect, we immediately and permanently delete your TikTok access token, open ID, and username from our database. You can also revoke access directly from your TikTok app under Settings → Security → Manage app permissions.

TikTok API Compliance: AIShortGen's use of TikTok data complies with the TikTok for Developers Terms of Service and TikTok Privacy Policy. We only request permissions that are necessary for the features we provide. No TikTok user data is used for purposes unrelated to the AIShortGen service.

5. Third-Party Services (The Other Cooks in the Kitchen)

We rely on a handful of trusted services to keep everything running:

• Supabase — our database, auth, and file storage. Their privacy policy
• OpenAI — generates scripts and voiceovers. Their privacy policy
• Pexels — provides royalty-free stock footage. Their privacy policy
• Creem.io — handles payments. Your card info lives with them, not us. Creem.io
• Google / YouTube — video publishing. Google privacy policy
• Meta / Instagram — video publishing. Instagram privacy policy
• TikTok — video publishing. TikTok privacy policy

6. How Long We Keep Stuff

Your account data and reel records stick around as long as your account is active. Generated video files live in Supabase Storage and may be cleaned up after 90 days to manage storage. If you want everything gone, email us and we will delete your account and all associated data.

7. Cookies

We use one login session cookie from Supabase Auth. That is it. No tracking pixels, no retargeting cookies, no mystery JavaScript watching your every click. Just the one cookie so we know you are logged in.

8. Your Rights

Depending on where you live, you probably have the right to:

• See what personal data we have on you
• Ask us to fix anything that is wrong
• Ask us to delete everything
• Get a copy of your data in a portable format

Just email [email protected] and we will take care of it. We actually read those emails, by the way.

9. Security

We use HTTPS everywhere, encrypt sensitive data at rest, and limit access to production databases. Is anything on the internet 100% bulletproof? Honestly, no. But we take it seriously and follow industry best practices to keep your data as safe as we can.

10. Kids

AIShortGen is not built for anyone under 13. We do not knowingly collect data from children. If you think a minor somehow signed up, please let us know and we will remove their data right away.

11. Changes to This Policy

If we make meaningful changes to this policy, we will let you know through email or an in-app heads-up. If we just fix a typo, we will probably just fix the typo. Either way, continued use of the service after a change means you accept the update.

12. Questions?

Privacy stuff can be confusing. If something on this page does not make sense, just ask: [email protected]

We promise a real human will read your email and reply within one business day.