Privacy Policy

CASTD ("we", "us", or "our") operates castd.app, an AI-powered content repurposing platform. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our services. By creating an account or using CASTD, you agree to the practices described here.

Questions? Email us at privacy@castd.app.

Account Information

When you register, we collect your name, email address, and a hashed password. If you sign in with a third-party provider (Google, GitHub), we receive your name and email from that provider.

Video Uploads & Content

When you upload video or audio files, we store those files and any derived content (clips, transcripts, captions) on your behalf. You retain ownership of everything you upload.

Usage Data

We automatically collect log data including IP addresses, browser type, pages visited, actions taken within the app, and timestamps. This data helps us diagnose bugs, understand how features are used, and improve the product.

Billing Information

Subscription and payment details are processed by Stripe. We never store full card numbers; we only retain a Stripe customer ID and subscription status.

Social Account Credentials

When you connect a social media account, we store the platform-issued account ID and display name. OAuth tokens used for publishing are encrypted and stored securely on CASTD servers and are never shared with third parties except the target social platform.

• AI Processing: Uploaded videos are sent to AI inference services (currently Replicate) to generate transcripts, captions, and suggested clips. By uploading content, you consent to this processing.
• Publishing: When you schedule or post content, your caption text, media files, and target platform account IDs are transmitted directly to the selected social platforms on your behalf via their official APIs.
• Account Management: We use your email to send transactional messages (receipts, password resets, usage alerts). We do not send marketing email without your explicit opt-in.
• Analytics & Improvement: Aggregated, anonymized usage data helps us understand product performance and prioritize features.
• Security & Fraud Prevention: We monitor for abuse, unauthorized access, and violations of our Terms of Service.

CASTD relies on the following third-party services to operate:

• Stripe — payment processing and subscription management. Stripe's Privacy Policy governs how Stripe handles your payment data.
• Replicate — cloud AI inference for video transcription and caption generation. Files sent to Replicate are subject to Replicate's data handling terms.
• Social Platform APIs — Publishing requests are sent directly to each platform's official API (TikTok, Instagram, YouTube, etc.). Your credentials are never shared with unauthorized third parties.
• Social Platform APIs — TikTok, Instagram, YouTube, LinkedIn, Twitter/X, Facebook, Pinterest, Bluesky, and Threads. Each platform's own privacy policy applies to content posted there.

We do not sell your personal data to any third party. We share data with the services above only to the extent necessary to provide the features you use.

We retain your account data and uploaded content for as long as your account is active. If you cancel your subscription, your data remains accessible until you explicitly delete your account or request deletion. After deletion, we remove your personal data within 30 days, except where retention is required by law or for legitimate dispute resolution.

Anonymized, aggregated analytics data may be retained indefinitely as it cannot identify you.

Depending on your jurisdiction, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data
• Request deletion of your account and associated data
• Object to or restrict certain processing
• Data portability (receive your data in a machine-readable format)

To exercise any of these rights, email privacy@castd.app from the address associated with your account. We will respond within 30 days.

CASTD uses essential session cookies required for authentication. We do not use third-party advertising or tracking cookies. We may use first-party analytics to understand product usage.

We use HTTPS for all data in transit and encrypt sensitive data at rest. Access to production systems is restricted and logged. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but are committed to industry-standard practices.

CASTD is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us at privacy@castd.app and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by emailing your registered address or by posting a notice in the app. Continued use of CASTD after the effective date of changes constitutes acceptance.

If you connected your Facebook or Instagram account to CASTD and later remove the app from your Facebook settings, or if you request deletion of your CASTD account, we will permanently delete all data associated with your Facebook/Instagram connection within 30 days. This includes your access tokens, account IDs, and any content metadata stored on our servers.

To request deletion of your Facebook/Instagram data specifically:

• Email privacy@castd.app with subject line "Facebook Data Deletion Request"
• Or use the Delete Account option inside CASTD (Settings → Danger Zone)

We will confirm deletion within 30 days. This is also the callback URL registered with Meta for automated deletion requests: https://castd.app/api/auth/facebook/data-deletion

CASTD  ·  castd.app
Privacy inquiries: privacy@castd.app