Privacy Policy

Effective date: May 2026

UGCJoy ("we," "us," or "our") operates a done-for-you creative content agency platform. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website and services.

1. Information We Collect

We collect the following types of information:

  • Account information — When you sign up via Google OAuth or email magic link, we collect your name, email address, and profile picture (if available).
  • Payment information — Subscription payments are processed by Stripe. We do not store your full card details; Stripe handles this securely on our behalf.
  • Brand information — Details about your brand, including logos, style guides, brand voice, target audience, and other assets you provide to help us create content for you.
  • Content requests — Briefs, feedback, revision notes, and any other instructions you submit for content creation.
  • Communications — Messages you send us through the platform, email, or any other channel.
  • Usage data — Information about how you interact with our platform, including pages visited, features used, and timestamps.
  • Cookies and similar technologies — We use cookies to maintain sessions, remember preferences, and gather analytics. See the Cookies section below for more details.
  • Referral data — If you were referred by another user or arrived via a referral link, we record that referral relationship.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our creative content services.
  • Process your subscription and manage billing through Stripe.
  • Authenticate your identity via Google OAuth or email magic links.
  • Communicate with you about your content requests, deliverables, and account.
  • Send transactional emails such as order confirmations and delivery notifications.
  • Analyze usage patterns to improve the platform experience.
  • Detect, prevent, and address fraud or security issues.
  • Comply with legal obligations and enforce our terms.

3. Your Content and Brand Assets

Brand assets and content briefs you provide are used solely to fulfill your content requests. We do not share your brand materials with other clients. All content we deliver to you is created exclusively for your use.

4. Third-Party Services

We rely on trusted third-party services to operate our platform:

  • Google OAuth— For secure sign-in. Google's privacy policy applies to data they process.
  • Stripe— For payment processing. Stripe's privacy policy governs how they handle your payment data.
  • Cloudflare R2 — For secure file storage of your brand assets and delivered content.
  • Cloud hosting providers — For running and serving our application.
  • Analytics tools — To understand how our platform is used and to improve the experience.

5. Social Login

When you sign in with Google, we request only the minimum scopes necessary: openid, email, and profile. We do not request access to your contacts, calendar, drive, or any other Google services. You can revoke access at any time through your Google account settings.

6. Data Retention

We retain your personal data for as long as your account is active and as needed to provide our services. If you request account deletion, we will remove your personal data within 30 days. Brand assets and associated files stored in our systems will also be deleted upon account removal.

7. Data Security

We take reasonable measures to protect your information, including:

  • HTTPS encryption for all data in transit.
  • Secure, authenticated sessions.
  • Regular security audits and monitoring.
  • Access controls limiting who can view your data internally.
  • Ownership verification on all API endpoints to prevent unauthorized access to your resources.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Ask us to correct inaccurate information.
  • Erasure — Request deletion of your personal data.
  • Portability — Receive your data in a structured, machine-readable format.
  • Objection — Object to certain types of processing.
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at the email provided on our website.

9. Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 13, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We take appropriate safeguards to ensure your data remains protected in accordance with this Privacy Policy, regardless of where it is processed.

11. Cookies

We use the following types of cookies:

  • Essential cookies — Required for the platform to function, such as authentication and session management.
  • Analytics cookies — Help us understand how visitors interact with the platform so we can improve it.
  • Preference cookies — Remember your settings and choices for a better experience.

You can manage cookie preferences through your browser settings.

12. Updates to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will revise the effective date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.