Privacy Policy

§ 01

Introduction

Rigor (“we”, “us”, or “our”) respects your privacy. This Privacy Policy describes how we collect, use, share, and protect your information when you use the Service at tryrigor.com and app.tryrigor.com.

§ 02

Information We Collect

Information you provide

Account information — name, email, password
Brand and profile information you enter during onboarding
Video content, transcripts, topic ideas, and generated content you create or upload
Payment information (processed by our payment provider)

Information from connected platforms

When you connect YouTube, Instagram, TikTok, X, LinkedIn, Facebook, or Threads, we receive the tokens and profile data necessary to publish and analyse content on your behalf, based on the scopes you approve. We only request the scopes needed to deliver the features you use.

Information collected automatically

Usage data — pages visited, actions taken, feature engagement
Device and log data — IP address, browser type, OS, timestamps
Cookies and similar technologies for session management

§ 02a

Cookies and Tracking

We use first-party cookies for authentication and session management. We do not use third-party advertising or cross-site tracking cookies. We use privacy-preserving analytics (page views and feature usage) without persistent cross-site identifiers. You can clear cookies at any time via your browser; doing so will sign you out.

§ 03

How We Use Your Information

Provide and operate the Service — transcription, AI content generation, publishing, analytics
Maintain security and prevent abuse
Communicate with you about your account and the Service
Improve and develop new features
Comply with legal obligations

§ 04

How We Share Your Information

We do not sell or rent your personal information, and we do not “share” it for cross-context behavioural advertising as defined under the California Consumer Privacy Act (CCPA/CPRA). We do not use data obtained from Meta, Google, TikTok, X, or LinkedIn APIs to build advertising profiles or to train generalised AI models. We share data only with:

Service providers — Supabase (database and auth), Vercel (hosting), Anthropic (AI content generation), Deepgram (audio transcription), Google Gemini (image generation), Modal (video processing), and payment processors, each under confidentiality obligations
Connected platforms — only when you explicitly publish content through the Service
Legal and safety — when required by law, court order, or to protect rights and safety
Business transfers — in connection with a merger, acquisition, or sale of assets

§ 05

Data Retention

We retain personal data only as long as needed for the purposes described above. Specifically:

Account data (name, email) — for the life of your account, plus 30 days after deletion
OAuth tokens for connected platforms — until you disconnect or delete the account, then purged within 7 days
Uploaded videos and transcripts — until you delete them or close your account, then purged within 30 days
Usage logs and audit logs — 12 months
Billing records — 7 years (legal/tax requirement)

Encrypted backups are rotated out within 90 days. After deletion, residual copies in service-provider backups are purged on those providers’ standard rotation cycles.

§ 06

Your Rights

Rigor complies with the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and applicable equivalents in other jurisdictions. Depending on where you live, you may have the right to:

Access or export your personal data
Correct inaccurate information
Delete your personal data
Object to or restrict certain processing
Withdraw consent at any time
Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@tryrigor.com.

§ 07

Meta Platform User Data

When you connect a Facebook, Instagram, or Threads account, we access only the data required by the scopes you approve and comply with Meta’s Platform Terms and Developer Policies. Specifically, from Meta we receive: your Facebook user ID and name; Pages you manage and Page access tokens (pages_show_list, pages_manage_posts, pages_read_engagement); Instagram Business/Creator account ID, username, profile picture, and media (instagram_basic, instagram_content_publish, instagram_manage_insights); and Threads profile + publishing tokens (threads_basic, threads_content_publish). We do not request or store your Meta password and never access private messages. You may revoke access at any time from your Meta account settings or the Rigor Settings page. To request deletion of data obtained via Meta, email privacy@tryrigor.com or follow the instructions at app.tryrigor.com/data-deletion.

§ 08

Google API Services User Data

Rigor’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request the following YouTube scopes:

https://www.googleapis.com/auth/youtube.readonly — to list your channels and videos so you can select them inside Rigor
https://www.googleapis.com/auth/youtube.upload — to publish long-form videos and Shorts to your channel on your behalf
https://www.googleapis.com/auth/youtube.force-ssl — to update video metadata (title, description, tags) for videos uploaded by Rigor
https://www.googleapis.com/auth/yt-analytics.readonly — to surface your video performance inside Rigor’s analytics dashboard

YouTube data we access is never used to serve advertising, never sold, never used to train generalised AI/ML models, and is only transferred to third parties as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger or acquisition with adequate notice to you.

§ 08a

TikTok Data

When you connect TikTok, we receive your TikTok open_id, display name, avatar URL, and a publishing token (scopes: user.info.basic, video.upload, video.publish). Use of TikTok data complies with the TikTok Developer Terms of Service. You may revoke access at any time from TikTok Settings → Security → Manage app permissions.

§ 09

Security

We use industry-standard safeguards including encryption in transit and at rest, row-level security policies, access controls, and regular audits. No system is perfectly secure; we cannot guarantee absolute security but take every reasonable measure to protect your data.

§ 10

Children’s Privacy

The Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected such data, contact us to request deletion.

§ 11

International Transfers

Your information may be processed in countries other than your own. We implement appropriate safeguards, such as standard contractual clauses, to ensure your data receives adequate protection.

§ 12

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the new version on this page and update the effective date. Material changes will be communicated via email or in-app notice.

§ 13

Contact

For privacy questions or requests, contact us at privacy@tryrigor.com.