· legal · privacy policy ·
Privacy Policy
LAST UPDATED · MAY 22, 2026
01
Overview
CTRmaxxing ("we", "our", "us") is operated by Swami Shriji Krupa LLC, a New Jersey limited liability company. We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use and share it, and your rights and choices regarding your data. By using our Service, you consent to the practices described in this policy.
02
Information We Collect
2.1 Information you provide directly:
- Google account information (name, email address, profile picture) obtained through OAuth authentication
- Topics, idea selections, channel archetypes, custom rules, and style settings you provide for content generation
- Generated outputs you accept, edit, or save (scripts, titles, descriptions, thumbnail prompts and renders)
- Payment and billing information processed securely by Stripe (we never store your card details on our servers)
- Communications you send to us (support requests, feedback)
- Usage data: pages visited, features used, generation counts, run history
- Device information: browser type and version, operating system, screen resolution
- Network information: IP address, approximate geographic location (country/region level)
- Cookies and similar technologies for session management and analytics
- Log data: access times, referring URLs, error logs
- We do not collect biometric data
- We do not collect precise geolocation data
- We do not access your Google Drive, YouTube account, or other Google services beyond authentication
- We do not store credit card numbers, bank account details, or other financial account information
03
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process your generation requests (scripts, titles, descriptions, thumbnails)
- Process payments and manage subscriptions
- Authenticate your identity and manage your account
- Communicate with you about your account, billing, and Service updates
- Improve, optimize, and develop new features for the Service
- Detect, investigate, and prevent fraud, abuse, and security incidents
- Comply with legal obligations and enforce our Terms of Service
- Send promotional communications (with your consent, and with the ability to opt out at any time)
- Contract performance: processing necessary to provide the Service you subscribed to
- Legitimate interests: analytics, fraud prevention, service improvement
- Consent: marketing communications, optional cookies
- Legal obligation: tax records, compliance with law enforcement requests
04
AI Processing and Training
Your topics, idea selections, and style settings are sent to third-party AI providers (currently Anthropic for text generation and Google Gemini for image generation) to produce scripts, titles, descriptions, and thumbnails. We do not use your inputs, prompts, or generated outputs to train our own AI models. Third-party AI providers may have their own data processing policies; we encourage you to review the relevant provider terms (Anthropic, Google) for details on how they handle data sent through their APIs.
05
How We Share Your Information
We do not sell your personal information. We may share your data with:
- Service providers that help us operate the Service:
- Supabase (authentication and database hosting)
- Stripe (payment processing)
- Anthropic (text generation)
- Google AI / Gemini (image generation)
- Cloudflare R2 (image storage and CDN)
- Inngest (background job processing)
- PostHog (product analytics)
- Resend (transactional emails)
- Vercel (application hosting)
- Legal authorities when required by law, legal process, or to protect our rights, property, or safety
- Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
06
Data Retention
- Account data is retained for as long as your account is active
- Generated scripts, titles, descriptions, and thumbnails are stored for the duration of your active subscription
- After cancellation, generated content is retained for 30 days then deleted unless you request earlier deletion
- Payment records are retained as required by tax and accounting laws (typically 7 years)
- Server logs are retained for up to 90 days
- When you delete your account, we will delete your personal data within 30 days, except where retention is required by law
07
Children's Privacy (COPPA)
The Service is not directed to children. We do not knowingly collect, use, or disclose personal information from anyone under 18. If we discover that we have collected personal information from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us immediately.
08
Your Privacy Rights
8.1 Rights for all users:
- Access your personal data we hold
- Correct inaccurate personal data
- Delete your account and associated data
- Opt out of marketing communications at any time
- Right to know what personal information is collected and how it is used
- Right to delete personal information
- Right to opt out of the "sale" or "sharing" of personal information (we do not sell or share your personal information for cross-context behavioral advertising)
- Right to non-discrimination for exercising your privacy rights
- Right to limit the use of sensitive personal information (we do not collect sensitive personal information as defined by CPRA)
- Right to access, rectify, and erase your personal data
- Right to data portability (receive your data in a structured, machine-readable format)
- Right to restrict or object to processing
- Right to withdraw consent at any time (without affecting the lawfulness of prior processing)
- Right to lodge a complaint with your local data protection authority
09
Cookies and Tracking
We use the following types of cookies:
- Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
- Analytics cookies: Used to understand how the Service is used and to improve it (PostHog). You can opt out of analytics cookies.
10
Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) for all data transmissions
- Encryption at rest for stored data
- Row-level security policies in our database
- OAuth-based authentication (no passwords stored)
- Webhook signature verification on billing events
- Regular security reviews of our infrastructure
11
International Data Transfers
The Service is operated from the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission and/or the UK Information Commissioner's Office to provide adequate safeguards for international data transfers. By using the Service, you consent to your data being transferred to and processed in the United States.
12
Do Not Track
We honor the Global Privacy Control (GPC) signal as a valid opt-out request under CCPA/CPRA. We do not currently respond to other Do Not Track (DNT) browser signals, as there is no industry-standard specification for DNT.
13
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting a prominent notice on the Service or sending you an email at least 30 days before changes take effect. Your continued use of the Service after the effective date of the revised policy constitutes acceptance.
14
Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal data, reach out through our official X account.