Skip to content
GRAVITYOSAGENT
Menu
Back to home

LEGAL

Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy explains how we collect, use, and protect your information when you use GRAVITYOS AGENT. Written in plain language, no legal jargon without explanation.

By creating an account or using the service, you agree to the data practices described in this policy. If you do not agree, please do not use GRAVITYOS AGENT.

2. Information We Collect

We collect the following categories of information to operate and improve the service:

CategoryExamples
Account dataName, email address, password hash, profile avatar
Business dataBrand information, content pillars, competitors, business goals, products, website URL, content style preferences
Content dataScripts, raw footage (video and audio files), edited assets, published posts, captions, thumbnails, carousel visuals
Social media credentialsOAuth tokens for connected social platforms (encrypted at rest with AES-256)
Advertising account credentialsOAuth tokens for connected ad platforms (encrypted at rest with AES-256)
Usage dataResource consumption (posts published, video renders, AI generations), feature usage, login activity, session metadata
Billing dataSubscription tier, billing history. Payment card details are processed by a PCI-DSS compliant payment processor and never stored on our servers.
AI interaction dataPrompts sent to AI services, generated outputs (scripts, strategies, recommendations, SEO articles, diagnostic tools, outreach sequences)
Team member dataEmail address, assigned role (owner, admin, editor, viewer), access permissions, invitation status
Diagnostic visitor dataAnswers submitted by visitors taking public diagnostic tools, optional email address if the visitor opts in for results
Performance and analytics dataContent engagement metrics, ad campaign performance, SEO rankings, organic traffic, conversion data

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: Provide, operate, and maintain the platform, including content generation, video processing, scheduling, publishing, and analytics
  • AI content generation: Generate scripts, strategies, SEO articles, diagnostic tools, outreach sequences, and recommendations tailored to your business
  • Billing and account management: Process subscription payments, enforce plan limits, and manage tier upgrades and downgrades
  • Communications: Send transactional notifications, filming prompts, approval requests, weekly performance reports, and onboarding emails
  • Performance optimization: Analyze content and advertising performance to improve recommendations, detect winning patterns, and optimize strategies
  • Demand capture: Deliver diagnostic tools to your visitors, generate SEO content, manage outreach sequences, and track organic lead sources
  • Usage enforcement: Track resource consumption per billing period to enforce plan limits and prevent abuse
  • Platform improvement: Aggregate anonymized patterns across accounts to improve recommendations for all users (see Section 11)
  • Security: Detect, prevent, and respond to fraud, unauthorized access, and other malicious activity

We do not use your data for any purpose other than those listed above. We do not sell your personal information to third parties.

4. AI-Generated Content

We use third-party AI services to generate content including scripts, captions, social media posts, SEO articles, diagnostic tools, outreach messages, and strategy recommendations. All AI-generated content requires your review and approval before publishing. Nothing is published automatically without your explicit consent.

Your business data (brand information, content pillars, ICP profiles) is sent to AI providers solely to generate personalized outputs. All AI service providers operate under data processing agreements that prohibit them from using your data to train their models. Your inputs and outputs are not retained by AI providers beyond the duration needed to process each request.

You are responsible for reviewing the accuracy and appropriateness of all AI-generated content before approving it for publication.

5. Voice Synthesis

If you use faceless content mode, your text content is processed by a third-party voice synthesis service to generate AI voiceover audio. No personal voice recordings are created or stored. The synthesized audio is used solely for your content production.

6. Video Processing and Footage Storage

Raw footage you upload is stored in our secure cloud storage, organized by your business account. Footage is accessible only to your account and authorized team members via row-level security policies.

Video files are sent to a third-party video rendering service for editing, formatting, and multi-platform output. The rendering service processes your footage on their infrastructure and does not retain your files after processing is complete.

For faceless content, AI-generated visuals and voiceover audio are assembled into final video assets using the same rendering service. No personal voice recordings are used in this process.

7. Social Media Account Access

We connect to your social media accounts via authorized OAuth integrations. The specific permissions we request include:

  • Publishing: Permission to create and schedule posts on your behalf
  • Analytics: Permission to retrieve engagement metrics, follower data, and content performance
  • Comment management: Permission to read and respond to comments on your posts (when enabled)

We do not access your direct messages or private conversations. We do not follow, unfollow, like, or interact with other accounts on your behalf unless you explicitly configure and approve such actions. All OAuth tokens are encrypted with AES-256 before storage and are decrypted only at the moment of API calls.

You can disconnect any social account at any time from your Settings page, which immediately revokes our access.

8. Advertising Platform Access

If you connect advertising accounts (for paid campaign management), we access your ad accounts via authorized OAuth integrations. We use this access to create, manage, and optimize advertising campaigns on your behalf, and to retrieve performance data. All ad account tokens are encrypted with AES-256 before storage.

No campaigns are launched without your explicit approval. You can disconnect ad accounts at any time from your Settings page.

9. Usage Tracking

We track resource usage (posts published, video renders, AI generations, team seats, connected brands) per billing period to enforce plan limits and calculate billing. This data is used for service delivery and billing only. Usage data is not shared with third parties.

10. Cold Outreach and Email

If you use outreach features (available on GRAVITY OS tiers), we send emails and messages on your behalf through a third-party outreach delivery service. You are responsible for ensuring your outreach complies with applicable anti-spam laws (CAN-SPAM, CASL, GDPR). We provide compliance tools but do not guarantee compliance on your behalf.

Outreach recipient data (email addresses, reply status) is stored in your account and is not shared across accounts.

11. Cross-Client Intelligence

For users on higher-tier plans, anonymized performance patterns (e.g., “contrarian hooks average 3.2% engagement in service businesses”) may be aggregated across accounts to improve recommendations for all users.

Aggregated data never includes business names, specific content text, customer data, financial figures, or any information that could identify your business. Patterns are statistical summaries only (e.g., engagement rates by content type, hook performance by industry vertical).

You may opt out of cross-client intelligence aggregation by contacting privacy@gravityosagent.com. Opting out does not affect your access to features.

12. Team Member Data

If you invite team members, we collect and store their email address, assigned role (owner, admin, editor, or viewer), and access permissions. Team members access business data according to their role permissions. Removing a team member immediately revokes their access to all associated business data.

Team members may request deletion of their personal data by contacting privacy@gravityosagent.com.

13. Third-Party Data Sharing

We share your data only with the following categories of service providers, and only to the extent necessary to deliver the service:

  • AI content generation providers: Business context and prompts are sent to generate content. Providers do not retain or train on your data.
  • Video rendering service: Footage and assets are sent for processing. Files are not retained after rendering.
  • Voice synthesis service: Text is sent for voiceover generation. No personal voice data is stored.
  • Image generation service: Prompts are sent for thumbnail and visual generation.
  • Transcription service: Audio from uploaded footage is sent for speech-to-text conversion.
  • Social media platforms: Content is published to platforms you have connected and authorized.
  • Advertising platforms: Campaign data and creatives are sent to ad platforms you have connected.
  • Payment processor: Billing information is processed by a PCI-DSS Level 1 compliant payment processor. We never store your payment card details.
  • Email delivery service: Your email address is used to send transactional notifications, reports, and filming prompts.
  • Outreach delivery service: Outreach messages and recipient lists are sent for email delivery (GRAVITY OS tiers only).
  • Cloud infrastructure: All data is hosted on SOC 2 Type II certified cloud infrastructure.

We do not sell, rent, or trade your personal information to third parties. We do not share your data with any parties other than those listed above.

14. Data Security

We protect your data with industry-standard measures:

  • All data encrypted in transit (TLS 1.2+) and at rest
  • OAuth tokens encrypted with AES-256 before storage
  • SOC 2 Type II certified cloud infrastructure
  • Regular security audits and vulnerability testing
  • Row-level security on all database tables
  • Multi-layer bot protection on account creation (honeypot, timing checks, rate limiting)
  • Parameterized queries to prevent SQL injection attacks
  • Security headers enforced on all requests (HSTS, CSP, X-Frame-Options, X-Content-Type-Options)

In the unlikely event of a data breach that affects your personal information, we will notify affected users by email within 72 hours of discovery, as required by applicable law. We will also notify relevant regulatory authorities where required.

15. Data Retention

  • Active accounts: Data retained while your subscription is active.
  • Cancelled accounts: Data retained for 30 days in case of resubscription, then permanently deleted including all content, footage, analytics, and business data.
  • Diagnostic visitor submissions: Retained for as long as the associated business account is active.
  • Activity logs: Retained for 12 months for security and audit purposes, then automatically purged.
  • You may request earlier deletion of your data at any time by contacting privacy@gravityosagent.com. We will process deletion requests within 30 days.

16. Data Portability

You can export all your data (content, scripts, analytics, business profiles, performance data, and team information) as JSON or CSV at any time from your Settings page. No waiting period, no fees, no restrictions on how often you export.

17. Cookies and Tracking Technologies

We use cookies and similar technologies as follows:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
  • Functional cookies: Used to remember your preferences (theme, layout settings).
  • Analytics cookies: Used to understand how the platform is used and identify areas for improvement. Analytics data is aggregated and does not identify individual users.

We do not use advertising or third-party tracking cookies. We do not participate in cross-site tracking or behavioral advertising networks.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the service.

18. Your Rights

Depending on your location, you have specific rights regarding your personal data:

GDPR (European Union / United Kingdom)

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint with your local supervisory authority

Our legal basis for processing your data under GDPR includes: performance of a contract (service delivery), legitimate interests (service improvement, security), and consent (where applicable, such as marketing communications).

CCPA / CPRA (California, USA)

  • Right to know what personal information is collected
  • Right to request deletion of personal information
  • Right to opt out of the sale of personal information
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your rights

We do not sell or share your personal information for cross-context behavioral advertising purposes.

PIPEDA (Canada)

  • Right to access your personal information
  • Right to challenge accuracy and request correction
  • Right to withdraw consent (subject to legal or contractual restrictions)
  • Right to file a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, contact privacy@gravityosagent.com. We will respond to all data rights requests within 30 days.

19. Children's Privacy

GRAVITYOS AGENT is a business tool designed for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact privacy@gravityosagent.com.

20. International Data Transfers

Your data may be processed in countries other than your country of residence, including Canada and the United States, where our infrastructure providers operate. When data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements with all service providers.

21. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email at least 14 days before the changes take effect. Non-material changes (such as formatting or clarifications) may be made without notice.

We encourage you to review this policy periodically. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

22. Contact

For privacy inquiries, data rights requests, or questions about this policy:

  • Email: privacy@gravityosagent.com
  • Response time: We aim to respond to all privacy inquiries within 5 business days. Data rights requests are processed within 30 days as required by applicable law.
Terms of ServiceFAQ