Privacy Policy
Effective Date: March 17, 2026 · Last Updated: March 17, 2026
This Privacy Policy describes how One Peak Creative Ltd. ("Company", "we", "us", "our") collects, uses, shares, and protects your information when you use Format Finder ("Service"). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
Information You Provide
- Account information: Email address, name (optional), and authentication credentials (managed via Supabase Auth with magic link / OAuth sign-in).
- Profile & niche information: Your self-described content niche, target audience, and creator profile details. This information is used to personalize AI-generated content suggestions.
- Video URLs: Public video URLs (Instagram, TikTok, YouTube) you submit for analysis. We scrape publicly available metadata and transcripts from these URLs.
- Chat & interaction data: Messages you send through the AI chat feature, brainstorm inputs, and content preferences you express through the Service.
- Payment information: Processed by Stripe. We do not store your credit card number or full payment details. We retain your Stripe customer ID and subscription status.
- Support communications: Emails and bug reports you send us.
Information Collected Automatically
- Usage analytics: We use PostHog to collect anonymized usage data including pages visited, features used, session duration, and interaction patterns. This helps us improve the Service.
- Device & browser information: Browser type, operating system, device type, and screen resolution (collected via PostHog).
- Log data: Server logs including IP addresses, request timestamps, and error information for security and debugging purposes.
- Cookies: We use essential cookies for authentication and session management. PostHog may set analytics cookies. You can control cookies through your browser settings.
2. How We Use Your Information
- To provide the Service: Your niche description, video URLs, and chat inputs are processed by AI models to generate personalized content suggestions, scripts, and analysis.
- To personalize your experience: Your niche and preferences are used to tailor brainstorm results and recommendations.
- To process payments: Subscription management and billing through Stripe.
- To improve the Service: Anonymized usage analytics help us understand which features are valuable and where to improve.
- To communicate with you: Account-related emails, product updates, and responses to support requests.
- To ensure security: Monitoring for abuse, rate limiting, and protecting against unauthorized access.
3. AI Processing & Third-Party Data Sharing
Your inputs (niche descriptions, video URLs, chat messages) are sent to third-party AI providers to generate content. These providers process your data according to their own privacy policies and data processing agreements.
Third-Party Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Google (Gemini AI) | AI content generation, analysis, chat | Niche descriptions, chat messages, video transcripts |
| Supabase | Database, authentication, file storage | Account data, content data, video embeds |
| Stripe | Payment processing | Email, payment details, subscription info |
| Supadata | Video metadata & transcript retrieval | Public video URLs |
| Apify | Web scraping (fallback for video metadata) | Public video URLs |
| AssemblyAI | Audio transcription (fallback) | Audio extracted from public videos |
| PostHog | Product analytics | Anonymized usage data, browser info |
| Inngest | Background job processing | Job metadata (video IDs, user IDs) |
| Upstash (Redis) | Rate limiting | User IDs (for rate limit tracking only) |
| Resend | Transactional email | Email addresses, email content |
We do not sell your personal information. We share data with third parties only as described above to operate the Service.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 2 years after deletion |
| Payment records | 7 years (legal/tax requirements) |
| Video transcripts & analysis | Duration of account, or until you delete them |
| Brainstorm & script data | Duration of account, or until you delete them |
| Chat history | Duration of account, or until you delete them |
| Analytics data | Retained per PostHog's retention policy; anonymized upon account deletion |
| Security logs | 90 days |
5. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Delete your account and associated personal data.
- Export your data in a portable format.
- Object to certain processing of your data.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, contact us at help@onepeakcreative.com. We will respond within 30 days.
6. Data Security
We implement reasonable security measures to protect your data, including:
- Encryption in transit (HTTPS/TLS) for all data transmission.
- Encryption at rest for database storage (via Supabase).
- Authentication via secure magic links and OAuth — we do not store passwords.
- Rate limiting to prevent abuse and unauthorized access.
- Input sanitization and prompt injection detection.
- Regular security monitoring and logging.
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
7. HIPAA & Regulated Professions
Format Finder is not a HIPAA-covered entity and is not designed to store, process, or transmit Protected Health Information (PHI). If you are a healthcare professional or other regulated professional, do not submit actual patient data, client data, or other protected information to the Service. The niche descriptions and inputs you provide should describe your content focus in general terms — not include identifiable information about real individuals under your care.
8. Children's Privacy
The Service is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.
9. International Data Transfers
Your data may be processed in Canada, the United States, and other countries where our third-party service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. Continued use after changes take effect constitutes acceptance.
11. Contact
If you have questions about this Privacy Policy or our data practices, contact us at: help@onepeakcreative.com
One Peak Creative Ltd.
Kelowna, British Columbia, Canada