ugcs.farmBETA

Privacy Policy

What ugcs.farm collects, how we use it, who we share it with, and how to delete it.

Effective May 2, 2026. If we update these terms materially, we’ll bump this date and notify account holders by email before the change takes effect.

1. Who we are

This Privacy Policy describes how the operator of ugcs.farm(“we”, “us”) handles personal data in connection with the ugcs.farm service. For privacy-related questions or to exercise any of the rights described below, email legal@ugcs.farm.

2. What we collect

We collect three categories of data:

  • Account data. When you register, we collect your email address, an optional display name, and a password (which we store only as a salted hash). You may optionally supply a personal Gemini API key, which we store encrypted and use only when you explicitly choose to run requests under your own key.
  • Project content. Source video clips you upload (or that we ingest from URLs you provide), reference images, generated stills, generated prompts, and the metadata that makes the dashboard work (project names, timestamps, run statuses, error messages).
  • Operational telemetry.Standard server logs (IP address, user-agent string, request paths, error traces), basic product analytics for understanding feature usage, and security logs needed to detect abuse. We do not sell any of this data and do not place advertising trackers.

3. Why we use it

We process the data above to:

  • operate, maintain, and improve the Service;
  • authenticate you, secure your account, and detect and respond to abuse or terms violations;
  • transmit your inputs to the third-party model providers necessary to generate the outputs you requested (see Section 4);
  • communicate with you about the Service (account notices, material legal updates, and security alerts) — we do not send marketing email without your opt-in;
  • comply with legal obligations and enforce our Terms.

Where applicable law requires a legal basis (for example under the GDPR), we rely on (a) the contract with you to provide the Service, (b) our legitimate interest in operating and securing the Service, and (c) your consent for any processing where consent is the appropriate basis (such as optional analytics in jurisdictions that require it).

4. Who we share it with

We do not sell your personal data. We share data only with the sub-processors necessary to run the Service, each under contractual data-protection obligations:

  • Hosting and infrastructure — our cloud hosting provider, the platform we run application servers on, and our managed PostgreSQL database provider.
  • Generative AI model providers — we transmit your video frames, prompts, and reference images to providers such as Google (Gemini) and the third-party video model you select (Sora, Veo, Wan, Kling, or whichever provider is chosen for the generation step). Each provider applies its own privacy and content-handling policies; review them before uploading material that warrants extra care.
  • Analytics — privacy-respecting web analytics (e.g. Vercel Analytics) used in aggregate form to understand feature usage.

We may also disclose data when legally required (subpoena, court order, regulatory request) or to protect the rights, property, or safety of the operator of ugcs.farm, our users, or the public.

5. How long we keep it

Source clips, reference images, and generated assets are automatically deleted 30 days after their last activity, or sooner if you delete the containing project. Account records are retained while your account is active and for a short tail thereafter to satisfy legal, accounting, or fraud-prevention obligations. Aggregated, de-identified telemetry may be retained longer for product analytics.

6. Your rights

Depending on where you live, you may have the right to: access the personal data we hold about you; correct it; delete it; export it in a portable format; object to or restrict certain processing; and withdraw consent where consent is the legal basis. To exercise any of these rights, email legal@ugcs.farm. We’ll respond within the period required by applicable law (typically 30 days). You may also lodge a complaint with your local data-protection authority.

7. Security

We use TLS in transit, encrypted storage at rest, and standard access controls. No internet service is perfectly secure; we cannot guarantee absolute confidentiality, and you should avoid uploading material whose disclosure would cause irreparable harm.

8. Children

The Service is not directed to and should not be used by anyone under the age of 13 (or the higher minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

9. International transfers

Our infrastructure and sub-processors may be located outside your country, including in jurisdictions whose data-protection laws differ from yours. Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses or another valid transfer mechanism.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change, we will update the effective date at the top of this page and notify account holders by email at least 7 days before the change takes effect.