Privacy Policy

Last updated: November, 2025

This Privacy Policy describes how Calliope Labs (“we”, “us”, “our”) collects, uses, discloses, and protects information about you when you access or use our website, applications, services, and related tools (collectively, the “Services”).

This document is provided for informational purposes only and does not constitute legal advice. We strongly recommend obtaining advice from qualified counsel to ensure compliance with the laws applicable to your business and location.

Controller

The data controller for the Services is Calliope Labs. If you have questions or requests about this Policy or our processing of your personal data, contact us at [calliope.contentautomation@gmail.com] or via Contact Us.

Scope

This Policy applies to information we process when you use our Services, including our SaaS platform for automated content creation and related dashboards, APIs, and worker infrastructure.

Information We Collect

  • Account Data: name, email, authentication identifiers, and account settings.
  • Usage & Log Data: device and browser characteristics, IP address, timestamps, pages viewed, referring/exit pages, and interaction data.
  • Project & Content Data: project names, prompts, scripts, configurations, generated assets, and related metadata you upload or create.
  • Payment & Billing Data: handled by our payment processor (e.g., Stripe). We receive limited billing metadata (status, amounts, and references) but do not store full payment card numbers.
  • Cookies & Similar Technologies: cookies, local storage, and similar tools to keep you signed in, remember preferences, and analyze performance.
  • OAuth Credentials: refresh tokens and access tokens required to upload content to your YouTube or TikTok channel on your behalf. These tokens are stored securely in our server-side database (Supabase) and are never exposed to client-side code. We retain these tokens until you revoke access or we remove them following our retention policy (see “Retention” below).
  • Third-Party AI/Vendor Data: when you choose to use connected AI providers or media services, queries, prompts, or media may be transmitted to those vendors for processing per your request.

How We Use Information

  • Provide, operate, maintain, and improve the Services.
  • Process your requests (e.g., run jobs, generate content, store outputs).
  • Facilitate payments, subscriptions, credit balances, and invoices.
  • Communicate with you about updates, security, and support.
  • Monitor usage, prevent fraud/abuse, and ensure platform integrity.
  • Comply with legal obligations and enforce our Terms.

Legal Bases (GDPR)

  • Contract: to provide the Services you request.
  • Legitimate Interests: to secure, improve, and market our Services.
  • Consent: for optional features (e.g., certain cookies/analytics).
  • Legal Obligation: to keep records required by law.

Sharing & Disclosures

We may share information with trusted service providers that support the Services, subject to appropriate contractual safeguards:

  • Cloud hosting, storage, and database (e.g., Vercel, Supabase, Google Cloud).
  • Payment processing (e.g., Stripe).
  • AI/ML and media vendors you opt to use (e.g., Google, OpenAI, third-party model providers).
  • Analytics, error monitoring, and logging tools.
  • Professional advisors and legal counsel.
  • Authorities when required by law or to protect rights and safety.

International Transfers

Where personal data is transferred outside your jurisdiction, we implement appropriate safeguards (such as Standard Contractual Clauses) where required by law.

Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention times may vary depending on the category of data and legal/regulatory requirements. We retain OAuth refresh tokens until you revoke access. To request the deletion of personal data from our databases (e.g., OAuth tokens), please contact us.

Security

We employ administrative, technical, and physical safeguards designed to protect personal data. However, no method of transmission or storage is 100% secure; we cannot guarantee absolute security.

Children

The Services are not intended for individuals under the age of 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from such individuals.

Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability. You may also have the right to lodge a complaint with your local supervisory authority (e.g., AEPD in Spain).

To exercise your rights, contact us at [support@calliope-labs.example]. We may ask for verification of your identity before fulfilling your request.

Cookies

We use necessary cookies to deliver core functionality. With your consent, we may use analytics cookies to understand usage and improve the Services. You can manage cookie preferences in your browser or device settings.

Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects. AI features are used to generate content at your request and under your control.

Changes to this Policy

We may update this Policy from time to time. The “Last updated” date will reflect the latest changes. Material changes will be communicated through the Services or by email when appropriate.

Contact

Questions? Reach us at via Contact Us.