Privacy Policy
Last Updated: April 2026
1. Introduction
QuotVid ("we", "our", "us") operates the website quotvid.com and the web application at app.quotvid.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services — including our social media auto-posting integrations with YouTube, Instagram, TikTok, Pinterest, and Facebook. By using QuotVid, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Information you provide directly: - Full name and email address (collected at registration) - Password (stored in hashed form using bcrypt — we never store plain text passwords) - Billing information (processed by Lemon Squeezy — we do not store card details) - Persona settings (content category, language, video style, watermark, color preferences) - Uploaded content (background videos, background images, audio files, logo images) From social platform connections (only when you connect a platform): - Platform display name and account/channel ID (display only — shown in your dashboard) - OAuth access and refresh tokens (encrypted with AES-256-GCM before storage — never logged, never visible in API responses) - Facebook Pages list (for the page selector UI) - Pinterest board list (for the board selector UI) We do NOT collect: social media passwords, follower or friend lists, direct messages, post history outside QuotVid, video analytics, audience demographic data. Information collected automatically: - Usage data (pages visited, features used, videos generated) - Device and browser information - IP address (stored only as part of OAuth state validation records, not logged persistently) - JWT authentication tokens (stored in browser memory — no persistent cookies)
3. How We Use Your Information
We use your information to: - Create and manage your QuotVid account - Generate AI quote videos based on your persona settings - Post videos to connected social media platforms on your behalf and on your schedule - Send transactional emails (account verification, password reset, billing receipts) - Improve our AI models and video generation quality - Respond to support requests - Comply with legal obligations We do not sell your personal data to third parties. We do not use your data for advertising purposes.
4. Social Media Platform Integrations
When you connect a social media account, we use that connection only to post your generated videos. Here is exactly what we access per platform: YouTube: We use the videos.insert API to upload your videos as YouTube Shorts. We store your channel_id and channel_title for display in your dashboard. We do not access your video library, subscriber list, playlists, or analytics. Instagram: We use the media container and publish API to post your videos as Instagram Reels. We store your ig_user_id. We do not access DMs, follower lists, stories, or post performance data. TikTok: We use the publish API to post your videos. We store your open_id and display name. We do not access follower lists, video history, messages, or analytics. Pinterest: We use the pins API to create Video Pins on your boards. We store your user_id and board list (for the board selector). The board list is fetched at connection time and refreshed as needed. Facebook Pages: We use the Page video API to post videos to your selected Page. We store a Page access token (encrypted with AES-256-GCM), page_id, and page_name. We do not access your personal timeline, friend lists, messages, or Page analytics. Disconnecting: When you disconnect a platform from your Integrations screen, your token is immediately and permanently deleted from our systems. We lose all access to that account. Posts already published on the platform remain there per that platform's policies.
View all integrations →5. Third-Party Services
QuotVid uses the following third-party services that may process your data: Lemon Squeezy — Payment processing and subscription management. Cloudflare R2 — Secure cloud storage and CDN for your generated videos, uploaded backgrounds, and audio files. OpenAI / Anthropic — AI language model APIs used to generate quote content. Only prompt text (category, language, style) is sent — no personal data is included. Railway — Cloud hosting provider where our application and database are hosted. Resend — Transactional email delivery. YouTube / Meta / TikTok / Pinterest APIs — Used only when you have connected those platforms. No data is sent to these APIs beyond what is required to post your video. No data is sold to advertisers or data brokers.
6. Data Storage & Security
Your data is stored on secure servers hosted by Railway. We implement the following security measures: - Encrypted connections (HTTPS/TLS for all traffic) - Hashed password storage (bcrypt with cost factor 12) - AES-256-GCM encryption for all OAuth platform tokens - JWT-based authentication with refresh token rotation - HMAC-SHA256 signed state parameters for OAuth flows - PKCE (Proof Key for Code Exchange) on TikTok OAuth - Regular security reviews
7. Video Retention
AI-generated videos (created via AI Persona mode): Automatically soft-deleted after 7 days. The expiry date is visible in your Generated Videos list. Download your favorites before they expire. Custom Studio videos (created via Custom Studio): Stored indefinitely until you delete them. These are never auto-deleted. Account deletion: All your videos are deleted from Cloudflare R2 storage within 30 days of account deletion. Note: Videos already published to social media platforms remain on those platforms after deletion from QuotVid. To remove them from a platform, you must delete them directly on that platform.
8. Data Retention
We retain your account data for as long as your account is active. If you delete your account: - Your account is soft-deleted immediately (you lose access) - Personal data and videos are hard-deleted within 90 days - OAuth tokens for connected platforms are deleted immediately upon account deletion We may retain some data longer where required by law (e.g., billing records for tax purposes).
9. Your Rights (GDPR and Similar)
Depending on your location, you may have the following rights: - Access: Request a copy of your personal data - Correction: Request correction of inaccurate data - Deletion: Request deletion of your account and data - Portability: Request your data in a portable format - Objection: Object to certain types of data processing - Withdraw consent: Disconnect any social platform at any time To exercise any of these rights, email us at: hello@quotvid.com
10. Cookies
QuotVid uses JWT-based authentication stored in browser memory. We do not use persistent session cookies for authentication. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Only strictly necessary functional tokens are used.
11. Children's Privacy
QuotVid is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately at hello@quotvid.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice in the application. Continued use of QuotVid after changes constitutes acceptance of the updated policy.
13. Contact
For privacy-related questions or to exercise your rights: hello@quotvid.com quotvid.com