CTRMAXXING ∕∕ OPERATOR TOOLCHAINEARLY ACCESS · DOORS OPEN SOON
ctrmaxxing
· legal · privacy policy ·

Privacy Policy

LAST UPDATED · JULY 1, 2026

01

Overview

CTRmaxxing ("we", "our", "us") is operated by Swami Shriji Krupa LLC, a New Jersey limited liability company. We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use and share it, and your rights and choices regarding your data. By using our Service, you consent to the practices described in this policy.
02

Information We Collect

2.1 Information you provide directly:
  • Google account information (name, email address, profile picture) obtained through OAuth authentication
  • Topics, idea selections, channel archetypes, custom rules, and style settings you provide for content generation
  • Generated outputs you accept, edit, or save (scripts, titles, descriptions, thumbnail prompts and renders, voiceovers, and rendered videos)
  • Voice selections and media you upload for use in your renders (footage clips, images, audio)
  • Payment and billing information processed securely by Stripe (we never store your card details on our servers)
  • Communications you send to us (support requests, feedback)
2.2 Information collected automatically:
  • Usage data: pages visited, features used, generation counts, run history
  • Device information: browser type and version, operating system, screen resolution
  • Network information: IP address, approximate geographic location (country/region level)
  • Cookies and similar technologies for session management and analytics
  • Log data: access times, referring URLs, error logs
2.3 Information we do NOT collect:
  • We do not collect biometric data
  • We do not collect precise geolocation data
  • We do not access your Google Drive, YouTube account, or other Google services beyond authentication
  • We do not store credit card numbers, bank account details, or other financial account information
03

How We Use Your Information

We use the information we collect to:
  • Provide, operate, and maintain the Service
  • Process your generation requests (scripts, titles, descriptions, thumbnails)
  • Process payments and manage subscriptions
  • Authenticate your identity and manage your account
  • Communicate with you about your account, billing, and Service updates
  • Improve, optimize, and develop new features for the Service
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service
  • Send promotional communications (with your consent, and with the ability to opt out at any time)
3.1 Aggregated and de-identified insights:

We analyze data generated inside the Service (the channel archetypes you choose, your style and scripting settings, the topics and ideas you generate, and aggregate usage patterns) in aggregated and de-identified form. We use these insights to understand content and format trends, identify niche and topic opportunities, and improve our models, archetypes, and recommendations for all users. This analysis is not tied to your name, email, or any identifier that singles you out, and we never sell your personal information. We do not access your external YouTube account or analytics for this purpose (see Section 2.3). Where required, our legal basis is our legitimate interest in operating and improving the Service; you may object to this processing of your de-identified product data at any time by contacting us at the address in Section 14.

Legal basis for processing (GDPR):
  • Contract performance: processing necessary to provide the Service you subscribed to
  • Legitimate interests: analytics, fraud prevention, service improvement
  • Consent: marketing communications, optional cookies
  • Legal obligation: tax records, compliance with law enforcement requests
04

AI Processing and Training

To produce your content, your inputs and generated artifacts are processed by third-party providers and infrastructure. This currently includes:
  • Large language model providers (currently Anthropic, US) for text generation: your topics, idea selections, custom rules, and style settings are sent to produce scripts, titles, and descriptions
  • An image generation provider (currently Google, US) for thumbnail rendering
  • A voice synthesis and transcription provider (US): script text is sent to generate voiceovers, and generated audio may be transcribed for caption timing
  • Render compute infrastructure (US) that assembles your voiceover, media, and graphics into a finished video
  • Managed media retrieval providers, used only when you enable publicly sourced footage for a render
  • A media processing server we operate in the European Union, used for media retrieval and transcription
We do not use your inputs, prompts, or generated outputs to train our own AI models. Third-party AI providers may have their own data processing policies; we encourage you to review the relevant provider terms (Anthropic, Google) for details on how they handle data sent through their APIs.
05

How We Share Your Information

We do not sell your personal information. We may share your data with:
  • Service providers that help us operate the Service:
  • Supabase (authentication and database hosting)
  • Stripe (payment processing)
  • Anthropic (text generation)
  • Google AI / Gemini (image generation)
  • Cloudflare R2 (media storage and CDN)
  • Inngest (background job processing)
  • Resend (transactional emails)
  • Vercel (application hosting and privacy-focused analytics)
  • A voice synthesis and transcription provider (US)
  • Render compute infrastructure providers (US)
  • Managed media retrieval providers (used only for renders where you enable publicly sourced footage)
  • A European hosting provider (EU) for media processing and transcription
  • Legal authorities when required by law, legal process, or to protect our rights, property, or safety
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
Each third-party service provider is contractually obligated to protect your data and use it only for the purposes we specify.
06

Data Retention

  • Account data is retained for as long as your account is active
  • Generated content (scripts, titles, descriptions, thumbnails, voiceovers, and videos) is retained while your account is active so you can access your run history
  • You can request deletion of your generated content or your entire account at any time by emailing legal@ctrmaxxing.com. Deletion requests are processed by our team and completed within 30 days, except where retention is required by law
  • Payment records are retained as required by tax and accounting laws (typically 7 years)
  • Server logs are retained for up to 90 days
07

Children's Privacy (COPPA)

The Service is not directed to children. We do not knowingly collect, use, or disclose personal information from anyone under 18. If we discover that we have collected personal information from a minor, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us immediately.
08

Your Privacy Rights

8.1 Rights for all users:
  • Access your personal data we hold
  • Correct inaccurate personal data
  • Delete your account and associated data
  • Opt out of marketing communications at any time
8.2 Additional rights under CCPA/CPRA (California residents):
  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt out of the "sale" or "sharing" of personal information (we do not sell or share your personal information for cross-context behavioral advertising)
  • Right to non-discrimination for exercising your privacy rights
  • Right to limit the use of sensitive personal information (we do not collect sensitive personal information as defined by CPRA)
8.3 Additional rights under GDPR (EEA/UK residents):
  • Right to access, rectify, and erase your personal data
  • Right to data portability (receive your data in a structured, machine-readable format)
  • Right to restrict or object to processing
  • Right to withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Right to lodge a complaint with your local data protection authority
To exercise any of these rights, email legal@ctrmaxxing.com. We will respond within 30 days (or sooner where required by law).
09

Cookies and Tracking

We use the following:
  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics: We use a privacy-focused analytics service (Vercel Analytics) to understand aggregate usage of the Service. It does not use cookies and does not track you across other sites.
We do not use analytics or advertising cookies, or third-party tracking pixels. You can control cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.
10

Data Security

We implement industry-standard security measures to protect your data, including:
  • Encryption in transit (TLS/HTTPS) for all data transmissions
  • Encryption at rest for stored data
  • Row-level security policies in our database
  • OAuth-based authentication (no passwords stored)
  • Webhook signature verification on billing events
  • Regular security reviews of our infrastructure
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not liable for breaches beyond our reasonable control.
11

International Data Transfers

The Service is operated from the United States, and most processing occurs in the US. Some media processing and transcription occurs on infrastructure we operate in the European Union (see Section 4). If you access the Service from outside these regions, your information will be transferred to and processed in the US and, for the processing described above, the EU. For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission and/or the UK Information Commissioner's Office to provide adequate safeguards for international data transfers. By using the Service, you consent to your data being transferred to and processed in the United States and the European Union as described.
12

Do Not Track

We honor the Global Privacy Control (GPC) signal as a valid opt-out request under CCPA/CPRA. We do not currently respond to other Do Not Track (DNT) browser signals, as there is no industry-standard specification for DNT.
13

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting a prominent notice on the Service or sending you an email at least 30 days before changes take effect. Your continued use of the Service after the effective date of the revised policy constitutes acceptance.
14

Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, email legal@ctrmaxxing.com. For general product support, email support@ctrmaxxing.com. You can also reach us through our official X account, but email is the reliable channel for formal requests.