This Privacy Policy describes how One Peak Creative Ltd. ("Company", "we", "us", "our") collects, uses, shares, and protects your information when you use Format Finder ("Service"). By using the Service, you agree to the practices described in this policy.
1. Information We Collect
Information You Provide
- Account information: Email address, name (optional), and authentication credentials (managed via Supabase Auth with email/password, magic link, or OAuth sign-in where available).
- Profile & niche information: Your self-described content niche, target audience, and creator profile details. This information is used to personalize AI-generated content suggestions.
- Video URLs: Public video URLs (Instagram, TikTok, YouTube) you submit for analysis. We scrape publicly available metadata and transcripts from these URLs.
- Uploaded videos and audio: Video and audio files you import or upload for editing, transcription, captions, analysis, or export.
- Chat & interaction data: Messages you send through the AI chat feature, brainstorm inputs, and content preferences you express through the Service.
- Payment information: Processed by Stripe. We do not store your credit card number or full payment details. We retain your Stripe customer ID and subscription status.
- Support communications: Emails and bug reports you send us.
Information Collected Automatically
- Usage analytics: We use PostHog to collect anonymized usage data including pages visited, features used, session duration, and interaction patterns. This helps us improve the Service.
- Device & browser information: Browser type, operating system, device type, and screen resolution (collected via PostHog).
- Log data: Server logs including IP addresses, request timestamps, and error information for security and debugging purposes.
- Cookies: We use essential cookies for authentication and session management. PostHog may set analytics cookies. You can control cookies through your browser settings.
2. How We Use Your Information
- To provide the Service: Your niche description, video URLs, and chat inputs are processed by AI models to generate personalized content suggestions, scripts, and analysis.
- To personalize your experience: Your niche and preferences are used to tailor brainstorm results and recommendations.
- To process payments: Subscription management and billing through Stripe.
- To improve the Service: Anonymized usage analytics help us understand which features are valuable and where to improve.
- To communicate with you: Account-related emails, product updates, and responses to support requests.
- To ensure security: Monitoring for abuse, rate limiting, and protecting against unauthorized access.
3. AI Processing & Third-Party Data Sharing
Your inputs (niche descriptions, video URLs, chat messages, uploaded-video transcripts, and generated draft content) may be sent to third-party AI providers to generate content. The iOS app asks for provider-specific consent before it sends data to Google Gemini or AssemblyAI for the first time. You can withdraw that consent later in the iOS app settings.
Third-Party Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Google (Gemini AI) | AI content generation, analysis, chat | Niche descriptions, chat messages, hooks, scripts, captions, shot plans, video transcripts, and analysis prompts |
| Supabase | Database, authentication, file storage | Account data, content data, uploaded media metadata, project snapshots, and video embeds |
| Stripe | Payment processing | Email, payment details, subscription info |
| Supadata | Video metadata & transcript retrieval | Public video URLs |
| Apify | Web scraping (fallback for video metadata) | Public video URLs |
| AssemblyAI | Audio transcription for uploaded or submitted videos | Audio extracted from uploaded videos or public videos that require transcription |
| PostHog | Product analytics | Anonymized usage data, browser info |
| Inngest | Background job processing | Job metadata (video IDs, user IDs) |
| Upstash (Redis) | Rate limiting | User IDs (for rate limit tracking only) |
| Resend | Transactional email | Email addresses, email content |
We do not sell your personal information. We share data with third parties only as described above to operate the Service.
AI Consent & Content Safety
The iOS app presents separate consent controls for Google Gemini and AssemblyAI before first transmission to each provider. If you decline or later revoke consent, features that depend on that provider will be unavailable until consent is granted again.
Format Finder uses provider safety controls, input sanitization, prompt-injection detection, and objectionable-content filtering to reduce harmful AI output. Generated or uploaded content can be reported in-app. Reports are sent to our support team and urgent abuse reports can also be sent to help@onepeakcreative.com.
4. AI Model Training
We use pseudonymized data about how you use Format Finder to train and improve our internal AI models. The goal is for the Service to produce better suggestions over time, both for your niche and for similar niches. This applies only to data collected on or after June 4, 2026 (the date this section took effect); data collected before then is not used for model training.
What we use for training
- The niche descriptions and target-audience inputs you type into brainstorm and similar features.
- The AI outputs generated for you in response to those inputs (hooks, formats, scripts, suggestions).
- Internal quality ratings of those outputs assigned by our team, not by you or other customers.
Before any record enters a training pipeline, we strip account identifiers such as your user ID and email address. Because this data is pseudonymized rather than fully anonymized, it may still qualify as personal data under some laws, but we do not attempt to re-identify it or link it back to your account.
What we do NOT use for training
- The content you create on Format Finder (saved formats, scripts, drafts, shot plans, captions).
- Videos you upload to the editor, and audio or transcripts derived from them.
- Your chat conversations with the AI assistant.
- Your payment, account, or billing data.
Third parties
We do not sell or share training data with third parties. Our use of third-party AI providers (see Section 3) is for inference only and is governed by their enterprise data-processing terms, which preclude those providers from training their own models on your data.
Opting out
You may opt out of having your data used for model training by emailing us at help@onepeakcreative.com. Once you opt out, we stop using your data for any training run that occurs after we receive your request, including data we had already collected.
Right to be forgotten and trained models
When you delete your account, we remove your data from our active systems within 30 days. However, where pseudonymized records have already been incorporated into a previously trained model, removing your contribution from the model is not technically possible without retraining the model from scratch. Retraining occurs periodically, at which point any deleted data is excluded from the new training corpus.
You do not have to delete your account to exercise this right. You can request erasure of specific records, such as the training records derived from a particular brainstorm session, by emailing us at help@onepeakcreative.com. We handle targeted erasure requests through the same channel and within the same 30-day window as full account deletion, subject to the same limitation above for records already incorporated into a previously trained model.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account. After deletion, only limited legal, tax, fraud-prevention, and security records are retained where required. |
| Payment records | 7 years (legal/tax requirements) |
| Video transcripts & analysis | Duration of account, or until you delete them |
| Pseudonymized model-training records | Kept as a pseudonymized training corpus. Removed from the active corpus within 30 days of account deletion or opt-out; records already incorporated into a trained model are excluded at the next periodic retraining. |
| Uploaded media and editor project files | Duration of account, or until you delete the project or account |
| Brainstorm & script data | Duration of account, or until you delete them |
| Chat history | Duration of account, or until you delete them |
| Analytics data | Retained per PostHog's retention policy; anonymized upon account deletion |
| Security logs | 90 days |
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Delete your account and associated personal data.
- Export your data in a portable format.
- Object to certain processing of your data.
- Withdraw consent where processing is based on consent.
You can delete your account from the iOS app under Settings → Account → Delete Account. Account deletion removes your Supabase authentication identity, account profile, uploaded editor media objects, project data tied to your account, and generated content tied to your account, except for limited records we must retain for legal, tax, fraud-prevention, or security reasons. You can also contact us at help@onepeakcreative.com. We will respond within 30 days.
7. Data Security
We implement reasonable security measures to protect your data, including:
- Encryption in transit (HTTPS/TLS) for all data transmission.
- Encryption at rest for database storage (via Supabase).
- Authentication via Supabase Auth. We do not store plaintext passwords.
- Rate limiting to prevent abuse and unauthorized access.
- Input sanitization, objectionable-content filtering, and prompt injection detection.
- Regular security monitoring and logging.
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. HIPAA & Regulated Professions
Format Finder is not a HIPAA-covered entity and is not designed to store, process, or transmit Protected Health Information (PHI). If you are a healthcare professional or other regulated professional, do not submit actual patient data, client data, or other protected information to the Service. The niche descriptions and inputs you provide should describe your content focus in general terms — not include identifiable information about real individuals under your care.
9. Children's Privacy
The Service is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.
10. International Data Transfers
Your data may be processed in Canada, the United States, and other countries where our third-party service providers operate. By using the Service, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. Continued use after changes take effect constitutes acceptance.
12. Contact
If you have questions about this Privacy Policy or our data practices, contact us at: help@onepeakcreative.com
One Peak Creative Ltd.
Kelowna, British Columbia, Canada