← Back to RippleUGC

Privacy Policy

Last updated: April 2, 2026

1. Introduction

RippleUGC ("we," "our," or "us") operates the RippleUGC platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using RippleUGC, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Profile Information: Profile picture and display name you choose to provide.
  • Payment Information: Billing details processed securely through Stripe. We do not store your full credit card numbers on our servers.
  • Content: Videos, captions, scripts, hashtags, and other content you upload or create through the Service.
  • Communications: Messages you send us through contact forms or support channels.

2.2 Information from Third-Party Platforms

When you connect your social media accounts, we collect:

  • Instagram: Your Instagram username, user ID, and OAuth access tokens. We use the Instagram Business Login API and Content Publishing API to schedule and publish posts on your behalf.
  • TikTok: Your TikTok username, open ID, and OAuth access tokens. We use the TikTok Content Posting API to publish videos on your behalf.
  • Post Analytics: View counts, like counts, and comment counts from your published posts for analytics purposes.

2.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, and actions taken within the Service.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: IP address, access times, and referring URLs.
  • Cookies: Session cookies for authentication and preferences. See Section 7 for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Schedule and publish content to your connected social media accounts.
  • Display analytics and performance metrics for your posts.
  • Process payments and manage your subscription.
  • Send you transactional emails (e.g., post failure notifications, account alerts).
  • Respond to your support requests and communications.
  • Detect, prevent, and address technical issues and security threats.
  • Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your content for advertising purposes.

4. How We Share Your Information

We may share your information with:

  • Social Media Platforms: Instagram and TikTok receive your content when you schedule posts. This is the core function of the Service.
  • Service Providers: We use third-party services to operate the platform:
    • Supabase — Database and file storage hosting.
    • Stripe — Payment processing.
    • Deepgram — Audio transcription of inspiration videos (only when you explicitly request a transcript).
    • Redis/BullMQ — Job scheduling infrastructure.
    • SMTP Provider — Transactional email delivery.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

5. Data Storage and Security

  • Your data is stored on servers hosted by Supabase (PostgreSQL database and file storage).
  • OAuth access tokens for connected social media accounts are encrypted at rest using AES-256 encryption before being stored in the database.
  • All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
  • Video files you upload are stored in secure cloud storage with access controlled by signed, time-limited URLs.
  • Passwords are hashed using bcrypt and are never stored in plaintext.
  • We implement access controls so that only authenticated users can access their own data.

While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

  • We retain your account information for as long as your account is active.
  • Uploaded videos are retained until you delete them or your account is closed.
  • Post analytics data is retained for the lifetime of your account.
  • If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, financial records).
  • Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics.

7. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and session management. These cannot be disabled.
  • OAuth State Cookies: Short-lived cookies (10 minutes) used during the social media account connection process to prevent cross-site request forgery (CSRF) attacks.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@rippleugc.com. We will respond to your request within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected and how it is used.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of personal information. Note: we do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:

  • Contract: Processing necessary to provide the Service you requested.
  • Legitimate Interest: Processing for analytics, security, and service improvement.
  • Consent: Processing based on your explicit consent (e.g., connecting social media accounts).
  • Legal Obligation: Processing required to comply with applicable law.

You may lodge a complaint with your local data protection authority if you believe your rights have been violated.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@rippleugc.com.

12. Third-Party Links

The Service may contain links to third-party websites or services (e.g., Instagram, TikTok, Stripe). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at:

  • Email: privacy@rippleugc.com
  • Website: https://rippleugc.com