OSOctoSpark

Privacy Policy

Last updated: May 6, 2026

1. Introduction

OctoSpark(“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use OctoSpark, our multi-agent campaign and content platform (the “Service”).

By using OctoSpark, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, password, and profile details
  • Payment information: billing details and payment method (processed by Stripe — we do not store card numbers)
  • Content data: text, images, videos, and other content you create or upload
  • Team and organization information: details about team members and organizations you create
  • Communication: messages you send to our support team

2.2 Information from Social Media Platforms

When you connect social media accounts (X, LinkedIn, Instagram, TikTok, YouTube, Facebook, Threads), we collect:

  • Account identifiers and profile information
  • OAuth access and refresh tokens for publishing content
  • Analytics data about your social media performance and engagement
  • Content you authorize us to access for scheduling and analysis
  • Publishing permissions and account-specific limitations
  • Creator information including nickname and posting restrictions

2.3 TikTok Integration and Data Handling

When you connect your TikTok account, we handle your data with the following safeguards:

  • User control: you maintain full control over all content posted to TikTok. Every post requires your explicit approval before publishing.
  • OAuth security:we use TikTok's secure OAuth 2.0 protocol for authentication. Your TikTok password is never shared with or stored by OctoSpark.
  • Limited access: we only request the minimum permissions necessary to provide our Service.
  • Revocable access: you can revoke OctoSpark's access to your TikTok account at any time through TikTok's app settings or our platform.
  • No unauthorized posting: we will never post content to your TikTok account without your explicit consent for each individual post.
  • Compliance:we comply with TikTok's Developer Guidelines, API usage policies, and data handling requirements.

2.4 Automatically Collected Information

  • Usage data: features used, content created, and interaction patterns
  • Device information: browser type, operating system, IP address
  • Cookies: session cookies and preference cookies
  • Analytics: performance metrics and error logs

3. How We Use Your Information

We use your information to:

  • Provide and maintain our Service
  • Process your transactions and manage credit-based billing
  • Generate AI-assisted content including videos, images, captions, and copy
  • Help you schedule and publish content to your connected social media accounts with your explicit approval
  • Analyze content performance and engagement metrics
  • Process video generation workflows
  • Send service updates and marketing communications (with consent)
  • Improve our AI models and features through anonymized data
  • Provide customer support and technical assistance
  • Comply with legal obligations and platform policies
  • Detect and prevent fraud or abuse

Important: for content posted to third-party platforms, we only publish content after you have explicitly reviewed and approved it. You maintain full control over what content is published to your accounts.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

4.1 Service Providers

  • Stripe: payment processing
  • Database and authentication providers: for storing your account and content data
  • Cloud infrastructure (AWS / Google Cloud / Cloudflare): content storage and processing
  • Sentry: error tracking and monitoring
  • Analytics providers: usage analytics
  • OpenRouter and underlying model providers: for AI inference (text, image, and video generation)

4.2 Social Media Platforms

When you connect social accounts, we share only the content and data necessary to publish on your behalf, as authorized by you.

4.3 Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and safety.

4.4 Business Transfers

In case of merger, acquisition, or sale, your information may be transferred to the new entity.

5. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Regular security audits and updates
  • Limited access to personal data on a need-to-know basis
  • Secure OAuth implementation for social media connections

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Correction

You can access and update your personal information through your account settings or by contacting us.

6.2 Data Deletion

You can request deletion of your account and associated data. Some information may be retained for legal or legitimate business purposes.

6.3 Data Portability

You can request a copy of your data in a structured, machine-readable format.

6.4 Marketing Communications

You can opt-out of marketing emails through the unsubscribe link or account settings.

6.5 Social Media Permissions

You can revoke access to connected social media accounts at any time through our platform or the respective social media platform's settings.

7. Data Retention

We retain your information for as long as:

  • Your account is active
  • Needed to provide you the Service
  • Required for legal obligations
  • Necessary for legitimate business purposes

Content data is retained for 90 days after deletion to allow for recovery. After this period, it is permanently deleted. Financial audit trails (usage records and credit ledger entries) are retained indefinitely as required for accurate billing history.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will promptly delete it.

10. Cookies and Tracking Technologies

We use cookies for:

  • Essential cookies: required for Service functionality
  • Analytics cookies: to understand usage patterns (only with your consent where required by law)
  • Preference cookies: to remember your settings

We do not use third-party advertising cookies. You can control cookies through your browser settings, but disabling them may affect Service functionality.

11. California Privacy Rights (CCPA)

California residents have additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell personal data)
  • Right to non-discrimination for exercising privacy rights

12. European Privacy Rights (GDPR)

EU and UK residents have additional rights including:

  • Right to access and receive a copy of your data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with supervisory authorities

13. AI and Machine Learning

We use AI to generate content and provide recommendations. Your content and usage patterns may be used to improve our AI orchestration, but we ensure:

  • Personal information is anonymized before any model training
  • Your private content is never shared with other users
  • You retain ownership of AI-generated content

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

OctoSpark Privacy Team
Privacy: privacy@octospark.ai
Support: support@octospark.ai

Data Protection Officer:
dpo@octospark.ai

16. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: to provide our Service to you
  • Consent: for marketing communications and optional features
  • Legitimate interests: for improving our Service and preventing fraud
  • Legal obligations: to comply with applicable laws
Back to home