Privacy Policy

Effective May 14, 2026 · Last revised May 29, 2026

This Privacy Policy explains what information we (UP UGC Planner LLC, a Pennsylvania limited liability company, "UGC Planner", "we", "us", or "our") collect when you use the UGC Planner mobile application and our websites at ugcplanner.com and ugcplanner.app (collectively, the "Service"), how we use it, and the choices you have. We also describe the rights you have under the EU General Data Protection Regulation ("GDPR"), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA ("CCPA"), and other applicable privacy laws.

Plain-English summary. UGC Planner is built so your business records (brand deals, invoices, notes, files) live on your device first. You choose during onboarding whether to keep a backup copy on our servers. If you turn it on, the backup is encrypted on your device before it leaves; we store only ciphertext and cannot read or recover the contents. We do not sell your personal information, we do not show you ads, and we do not use your business records to train AI models.

1. Who we are & how to contact us

Data controller: UP UGC Planner LLC, a Pennsylvania limited liability company.

Postal address: 1500 Chestnut Street, Suite 2 PMB 1081, Philadelphia, PA 19102, United States.

Email: support@ugcplanner.app for privacy questions, data-subject requests, or to exercise any of the rights described below.

2. What we collect & why

2.1 Account data

When you sign in with Apple, Google, or email, we receive your sign-in identifier, email address, and (if you authorize it) display name. We use this only to identify your account and to send transactional messages (password resets, security alerts, receipts). Legal basis (GDPR): performance of the contract you enter into with us.

2.2 Business records you enter

Brand deals, invoices, expenses, ideas, calendar items, notes, and files you create or upload. By default these live on your device only. If you turn on cloud backup, an encrypted copy is sent to our servers; we cannot read it. Legal basis: performance of the contract.

2.3 Instagram (optional)

If you connect Instagram, we receive only what the Instagram Login API returns under the instagram_business_basic scope: your Instagram user ID, username, display name, profile picture URL, follower/following counts, and the metadata of your recent posts (caption, like/comment counts, media URLs). We store this so the in-app Instagram screens load quickly; we never store your Instagram password, and we cannot post on your behalf without your explicit action. Legal basis: consent, which you give by connecting the account and can revoke at any time.

2.4 Subscription & receipt data

Subscriptions are sold and processed by the Apple App Store and Google Play. We never receive your payment-card details. We receive only the receipt metadata Apple/Google share with us (transaction ID, product ID, expiration date, renewal status) so we can unlock the right tier on your account. Legal basis: performance of the contract.

2.5 Files in shared links (the "exchanger")

When you send a brand a share link to deliver files, those files are uploaded to our object storage (Cloudflare R2). We retain them only for the link's validity window (default 30 days), unless you set a different period or revoke the link sooner. Legal basis: performance of the contract.

2.6 Push notifications

If you allow notifications, we store the push token your device gives us (an APNS token on iOS, an FCM token on Android) so we can deliver alerts about your deals. Legal basis: consent, which you give in the OS-level permission prompt and can revoke at any time.

2.7 Device & usage diagnostics

We log app crashes and basic technical telemetry (app version, OS version, device model, anonymous installation ID) so we can fix bugs. We use Sentry for crash reporting. We do not link this telemetry to your business records. Legal basis: our legitimate interest in keeping the app stable.

2.8 Email open / click metadata

Transactional emails sent through SendGrid carry standard delivery/open/click metadata so we can confirm delivery and detect outages. We do not use this for marketing profiling. Legal basis: legitimate interest in service reliability.

3. What we do not collect

• We do not collect your payment-card data — Apple and Google process payments and remit net payouts to us.
• We do not collect precise location.
• We do not access your photo library or microphone in the background; only when you actively use a feature that needs them (attaching files, voice-to-deal entry) and after you grant the OS permission.
• We do not buy, sell, or rent personal data, and we do not use your content to train any third-party AI model.

4. Sensitive personal information (CCPA / CPRA)

We do not intentionally collect "sensitive personal information" as defined by California law (e.g., precise geolocation, government IDs, racial/ethnic origin, religion, union membership, health, sex life, contents of mail/email/text). If you voluntarily attach such content to a deal note or invoice, it inherits whatever storage mode you chose (local-only or end-to-end encrypted backup); we have no access to its contents under the end-to-end mode.

5. Your two storage choices

UGC Planner offers a clear, informed choice during onboarding and at any time in Settings → Backup & sync:

• On this device only. Your business records never leave your device. We never receive them. You are solely responsible for that data: if you delete the app or change devices without exporting, the data cannot be recovered by us or by you.
• Encrypted cloud backup (end-to-end). Your data is encrypted on your device using XSalsa20-Poly1305 (TweetNaCl) before upload. We store only ciphertext. The encryption key lives in your device's OS-level secure storage (iCloud Keychain on iOS, Android Keystore on Android) and, where you set one, can be re-derived from a recovery passphrase you control; it is never shared with us. If the key is gone and no device still holds the data, the backup is permanently unrecoverable. This is an inherent property of end-to-end encryption; you accept this trade-off when you choose this mode.

6. AI features

Some features you trigger (Voice Fill, contract / brief parsing, caption drafting) send the specific content you submit to AI sub-processors (OpenAI and Anthropic) to return a result. We send only what is necessary for the request, the providers do not retain your prompt or output beyond the short windows required for abuse monitoring under their enterprise terms, and your content is not used to train any third-party model. AI features are opt-in by action: if you don't use them, no content is sent to them.

7. Sub-processors

We use the following sub-processors to operate the Service:

• Vercel — application hosting (United States)
• Neon — managed PostgreSQL database (United States, EU)
• Cloudflare R2 — object storage for backups and exchanger files (global edge)
• Apple Push Notification service — iOS push (United States)
• Firebase Cloud Messaging — Android push (Google, United States)
• SendGrid — transactional email (United States)
• Sentry — crash reporting and error monitoring (United States, EU)
• OpenAI, Anthropic — AI features you trigger (United States)
• Stripe — only if and when we sell anything outside the App Store / Google Play
• Apple App Store, Google Play — subscription billing and receipt validation
• Meta (Instagram Graph API) — only if you connect your Instagram account

8. International transfers

UGC Planner is operated from the United States; most sub-processors are US-based. When personal data of EU, EEA, UK, or Swiss residents is transferred outside their region, we rely on the EU Commission's Standard Contractual Clauses (SCCs) and equivalent UK/Swiss safeguards, together with the supplementary measures required by relevant data-protection authorities.

9. How long we keep things (retention)

• Account record: while your account exists. Deleted within 30 days of account deletion.
• End-to-end-encrypted backups: until you turn the feature off or delete your account. Deleted within 30 days of deletion or feature-off.
• Exchanger files: until link expiry (default 30 days) or earlier revocation. Background cleanup job purges expired links daily.
• Instagram cached profile / posts snapshot: while your Instagram connection is active. Deleted on disconnect or account deletion.
• Subscription receipts (transaction IDs, plan, expiry): kept for the lifetime of the subscription plus 7 years to satisfy tax / accounting / audit obligations.
• Server logs: 90 days, then automatic purge.
• Push tokens: until your device unregisters or you disable notifications.
• Crash reports: 90 days in Sentry, then automatic purge.

10. Your rights under GDPR (EU/EEA/UK)

If GDPR or UK GDPR applies to you, you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate data;
• Erase your data (the "right to be forgotten");
• Restrict processing in specified circumstances;
• Object to processing based on legitimate interests;
• Receive your data in a portable format;
• Withdraw consent at any time, where consent is the legal basis;
• Lodge a complaint with your local supervisory authority. A list is available at edpb.europa.eu.

To exercise any right, email support@ugcplanner.app. We respond within 30 days (extendable by a further 60 days for complex requests, with notice).

11. Your rights under CCPA / CPRA (California)

If you are a California resident, you have the right to:

• Know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share it with (this notice describes all of these);
• Access the specific pieces of personal information we have about you;
• Delete your personal information, subject to limited legal exceptions;
• Correct inaccurate personal information;
• Limit the use and disclosure of sensitive personal information;
• Opt out of sale or sharing of personal information.

We do not sell or share your personal information as those terms are defined under California law. We have not done so in the preceding 12 months.

You have the right to be free from retaliation for exercising any of these rights. You may use an authorized agent; we may require reasonable verification of authority. To submit a request, email support@ugcplanner.app with the subject "CCPA Request".

Shine the Light (Cal. Civ. Code § 1798.83): California residents may request information regarding any disclosure of personal information to third parties for direct-marketing purposes. We do not engage in this disclosure, so the answer for the prior calendar year is "none."

12. How we protect your data

• End-to-end encryption (XSalsa20-Poly1305 via TweetNaCl) for cloud backups; we never see plaintext.
• TLS for all network transport.
• Encryption at rest on Neon (managed Postgres) and Cloudflare R2.
• Scoped API tokens, principle of least privilege, audit logging on production access.
• Sentry alerting on unusual error patterns; automated dependency-vulnerability monitoring.

No system is perfectly secure. We notify affected users without undue delay if a personal-data breach is likely to result in a risk to your rights (GDPR Art. 33–34, and analogous US state laws).

13. Children

The Service is not directed to children under 13 (in the United States, under COPPA) or under 16 (in the EU / EEA, under GDPR). We do not knowingly collect personal information from children under those ages. If you believe a child has provided us personal information, email support@ugcplanner.app and we will delete it promptly.

14. Changes to this policy

We may update this Privacy Policy as the Service evolves. Material changes will be announced in-app at least 14 days before they take effect. The "Last revised" date at the top reflects the most recent change.

15. Contact

Privacy questions, data-subject requests, or anything else: support@ugcplanner.app.

UP UGC Planner LLC · 1500 Chestnut Street, Suite 2 PMB 1081, Philadelphia, PA 19102, United States.