01 What we collect
Account information. Your email address (used for login and billing notifications), your display name if you set one, and your authentication provider (email or Google OAuth).
Billing data. Held by Stripe. We see your subscription status and invoice amounts — we never see your card number.
Your content. Slideshows, hooks, prompts, image collections, generated outputs. Stored in our Supabase database (US-East region) with strict per-user Row-Level Security.
Third-party tokens. When you connect a TikTok, YouTube, or Instagram account, we store OAuth access and refresh tokens encrypted at rest. Used only to post content on your behalf when you explicitly initiate a post.
Face library entries (when face-swap launches). Face images you upload, stored in Supabase Storage with strict per-user access controls.
Usage data. Slideshow and short generation counts per billing period (for quota enforcement), API call logs for cost tracking, login timestamps and IP addresses for fraud prevention (deleted after 90 days).
Support correspondence. If you email us, we keep the email so we can reply.
02 What we don't collect
- Your typed prompts in real-time beyond what gets persisted into your content database
- Behavior outside the Svmmon app — no tracking pixels beyond standard server-access logs
- Browser fingerprints, advertising IDs, or cross-site tracking data
- Content of your TikTok, YouTube, or Instagram accounts beyond the display name. OAuth tokens are used to upload content from Svmmon — we don't read your existing posts, viewers, comments, or analytics.
03 How we use what we collect
- Run your account — login, generate content, store your work, charge you, send service notifications
- Enforce quotas and prevent abuse — usage metering, rate limiting, fraud detection
- Improve the Service — aggregate, anonymized usage patterns may inform product decisions. We do NOT use your individual content for AI training without explicit opt-in.
- Comply with law — when required by valid legal process
04 Where data lives
| Data category | Storage |
|---|---|
| Account info, content, OAuth tokens | Supabase Postgres (US-East), encrypted at rest |
| Generated slideshows and videos | Supabase Storage (US-East), with retention policy |
| Billing data | Stripe (PCI-compliant infrastructure) |
| Authentication state | Supabase Auth (managed) |
| Server logs | Vercel and Railway (encrypted in transit, 30-day retention) |
We do not transfer your data outside the United States unless required by law or to deliver functionality (Anthropic and Akool APIs may process inference requests in different regions per their terms).
05 Third parties we share data with
We are not in the data-selling business. We share data only with infrastructure providers needed to deliver the Service:
- Supabase — database and storage hosting
- Stripe — billing
- Vercel — application hosting
- Railway — long-running job processing
- Anthropic — your prompts are sent to Anthropic's API when you generate text (per Anthropic's policy, prompts are not used for training)
- Akool (when face-swap is live) — face image and target video sent to Akool to perform the swap
- Google — only if you sign in with Google (we receive your email, name, and profile picture)
We do NOT share data with advertising networks, data brokers, or third-party analytics platforms.
06 Cookies and tracking
- Authentication cookies — required to keep you logged in
- Stripe billing cookies — set during checkout, required for payment processing
- No third-party tracking cookies on the application
- The marketing site (svmmonapp.com) may use first-party analytics for traffic measurement. No advertising cookies.
07 Your rights
Under GDPR (EU residents), CCPA (California residents), and similar laws, you have rights regarding your data. Through Svmmon, you can:
- Access — see your data in the app at any time
- Export — use "Export All" to download your full content history as a ZIP
- Correct — edit profile info, hooks, slideshows directly in the app
- Delete — delete your account from the account page (or by emailing us)
- Restrict processing — disable specific features (disconnect a social account) from settings
- Object — opt out of any non-essential processing (product update emails) from the account page
Account deletion cancels your subscription, removes your content from Supabase Storage, removes your Postgres rows (cascades to all owned data), and removes your Stripe customer record metadata. Anonymized billing logs are retained as required by tax and financial regulations (typically 7 years).
To exercise any right, email support@svmmonapp.com. We respond within 30 days.
08 Children
Svmmon is not directed at children under 13 (or 16 in the EU). We don't knowingly collect data from children. If you believe a child has provided us data, contact us at support@svmmonapp.com and we'll delete it.
09 Security
We implement industry-standard practices:
- HTTPS on all network traffic
- Encrypted at rest for sensitive data (OAuth tokens, etc.)
- Database-level Row-Level Security ensures users can only access their own data
- Stripe handles all payment card data — we never see card numbers
- Strong session security via Supabase Auth with industry-standard rotation
No system is perfectly secure. If you suspect a breach, contact us at security@svmmonapp.com.
10 Data breach notification
In the event of a data breach affecting your personal information, we will notify you within 72 hours of confirming the breach via the email associated with your account, in compliance with GDPR and applicable U.S. state laws.
11 Retention
| Data category | Retention |
|---|---|
| Active account data | While your account is active |
| Generated content | Per tier retention policy (see Terms section 9) |
| Server logs | 30 days |
| Stripe billing records | 7 years (tax and financial regulation) |
| Deleted account data | Permanently removed within 30 days of deletion request |
12 Changes to this policy
We may update this policy. Material changes will be announced via email at least 30 days in advance. The effective date at the top reflects the most recent revision.
13 Contact
Questions or requests? Email support@svmmonapp.com.
For security-specific inquiries: security@svmmonapp.com.