BACK TO HOME

Privacy Policy

Last updated: 28 May 2026

1. Who we are

UGC Autopilot ("we", "us") is a software-as-a-service product operated from the United Kingdom that helps creators and brands generate, schedule, and personalise UGC-style content using AI. Contact: support@ugcautopilot.io.

2. What we collect

  • Account data — email, password (hashed with bcrypt), name, referral code.
  • Usage data — hooks generated, leads imported, drips sent, opens / clicks / replies.
  • Billing data — Stripe customer ID + subscription state. Card details are stored by Stripe, never by us.
  • Outreach contacts — emails and metadata you import or that Hunter / Tavily return on your behalf. We treat these as your data, processed under your instructions.
  • Cookies — a single httpOnly session cookie for auth. No marketing trackers.

3. How we use it

  • To run the product features you signed up for (drips, hook gen, video gen, dashboards).
  • To bill you accurately and process refunds via Stripe.
  • To improve the product (aggregated, never sold to third parties).
  • To send transactional emails (receipts, password resets, drip notifications) via Resend.

4. Who we share it with

Strictly the processors needed to deliver the service:

  • Stripe — payment processing.
  • Resend — transactional and outreach email delivery.
  • Cloudflare — inbound email routing for reply detection.
  • MongoDB Atlas — managed database (EU / US regions).
  • OpenAI / Anthropic / Google — text and video generation via Emergent's Universal Key.
  • Tavily / Hunter.io — only when you click "Discover leads".

We never sell personal data.

5. Your rights (GDPR / CCPA)

You may request a copy, correction, or deletion of your data at any time by emailing support@ugcautopilot.io. We'll action requests within 30 days. Account deletion wipes your hooks, leads, drips, generations and billing metadata; Stripe records are retained for the legally required period (7 years in the UK).

6. Retention

Account data is retained while your account is active and for 30 days after cancellation. Billing records are kept for 7 years to satisfy UK tax law. You can request earlier deletion of non-billing data.

7. Security

All traffic is TLS-encrypted. Passwords are bcrypt-hashed. Webhook payloads are signed (svix for Resend, HMAC-SHA256 for Stripe). Admin access is logged. We do not store payment card details.

8. Children

UGC Autopilot is for users 18+. We do not knowingly collect data from minors.

9. Changes

Material changes will be emailed at least 7 days before they take effect.

10. Contact

Email support@ugcautopilot.io for any privacy question or data-rights request.