Privacy Policy

Last updated: February 8, 2026

1. Introduction

AutoFaceless ("we", "us", or "our") operates the website autofaceless.ai and provides an automated video generation and publishing service (the "Service"). This privacy policy explains how we collect, use, store, share, and protect your personal information, including data obtained through third-party integrations such as Google APIs.

By using our Service, you agree to the collection and use of information as described in this Privacy Policy. We will not use or share your information with anyone except as described herein.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Your name, email address, and profile picture, collected when you sign up via our authentication provider (Clerk).
  • Payment Information: Billing details processed securely through Stripe. We do not store your credit card numbers on our servers.
  • Video Content Data: Video generation preferences, series configurations, and generated video files created through our Service.
  • Usage Data: Log data including IP address, browser type, pages visited, time spent, and other analytical data.
  • Cookies: We use cookies to enhance your experience and provide personalized service.

3. Google User Data

When you connect your YouTube account to AutoFaceless, we access specific Google user data through the YouTube Data API v3. This section describes exactly what data we access, how we use it, and how we protect it.

3.1 Data Accessed

We request the following Google API scopes:

  • youtube.readonly: We access your YouTube channel name, channel ID, and profile thumbnail. This is used solely to display your connected channel in your account settings so you can verify and manage your connection.
  • youtube.upload: We access the ability to upload videos to your YouTube channel. This is used solely to publish videos that you have explicitly scheduled through our series feature.

3.2 How We Use Google User Data

Your Google user data is used exclusively for the following purposes:

  • Channel Identification: Displaying your YouTube channel name and thumbnail in your AutoFaceless settings page so you can confirm which channel is connected.
  • Automated Video Publishing: Uploading AI-generated videos to your YouTube channel when you create a video series with YouTube as the destination. Videos are only uploaded when you have explicitly configured and enabled this feature.
  • Token Refresh: Maintaining a valid connection to your YouTube account by refreshing expired access tokens using your refresh token.

We do not use your Google user data to:

  • Train artificial intelligence or machine learning models
  • Display, sell, or distribute your data to third parties
  • Modify or delete your existing YouTube content
  • Access your YouTube analytics, comments, or subscriber data
  • Serve advertisements or create advertising profiles

3.3 Google User Data Sharing

We do not share your Google user data with any third parties. Your YouTube OAuth tokens and channel information are stored securely on our servers and are never transmitted to, accessed by, or sold to any external parties. The only data transfer that occurs is between our servers and the YouTube Data API for the specific purposes of displaying your channel information and uploading videos you have scheduled.

3.4 Google User Data Storage and Protection

Your Google user data is protected as follows:

  • OAuth access tokens and refresh tokens are stored in a secured database with encryption at rest.
  • All data transmission between our servers and Google APIs occurs over encrypted HTTPS connections.
  • Access to stored tokens is restricted to our server-side processes only and is never exposed to client-side code or other users.
  • We use Supabase (hosted on AWS) as our database provider, which provides enterprise-grade security including encryption, network isolation, and regular security audits.

3.5 Google User Data Retention and Deletion

We retain your Google user data only for as long as your YouTube account remains connected to our Service. You can revoke access at any time by:

  • Disconnecting in Settings: Go to your AutoFaceless Settings page and click "Disconnect" next to your YouTube account. This immediately deletes your OAuth tokens and channel data from our database.
  • Revoking via Google: Visit your Google Account Permissions page and remove access for AutoFaceless. We will be unable to access your account on the next token refresh attempt.
  • Contacting Us: Email us at support@autofaceless.ai to request deletion of all your data, including any Google user data.

Upon disconnection or deletion request, your OAuth tokens, channel information, and all associated Google user data are permanently deleted from our servers within 24 hours.

4. How We Use Your Information

Beyond Google user data described above, we use the information we collect to:

  • Provide, operate, and maintain our Service
  • Process transactions and manage your subscription
  • Generate and deliver AI-created video content
  • Send you service-related communications (e.g., video completion notifications)
  • Improve and optimize our Service
  • Detect and prevent fraud or abuse

5. Data Sharing

We do not sell your personal data. We share user data only in the following limited circumstances:

  • Service Providers: We use trusted third-party services to operate our platform, including Clerk (authentication), Stripe (payments), Supabase (database), and Cloudflare (content delivery). These providers only access data necessary to perform their functions and are bound by confidentiality agreements.
  • Legal Requirements: We may disclose your information if required by law, regulation, or legal process.
  • Protection of Rights: We may share information to protect the safety, rights, or property of AutoFaceless, our users, or the public.

We do not share, sell, or provide personal data to third-party advertisers or data brokers.

6. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over encrypted HTTPS connections
  • Database storage uses encryption at rest
  • Authentication tokens are securely managed and never exposed to client-side code
  • We use row-level security policies to ensure users can only access their own data
  • Regular security reviews and monitoring of our infrastructure

While we strive to use commercially acceptable means of protecting your information, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention and Deletion

We retain your personal data for as long as your account is active or as needed to provide you with our Service. Specifically:

  • Account Data: Retained while your account is active. Deleted upon account deletion request.
  • Generated Videos: Video files are retained on our content delivery network until automatically cleaned up or until you delete them.
  • OAuth Tokens: Retained while the third-party account is connected. Deleted immediately upon disconnection.
  • Payment Records: Retained as required by applicable financial regulations.
  • Log Data: Retained for up to 90 days for security and debugging purposes.

You may request deletion of your data at any time by emailing support@autofaceless.ai. We will process your request within 30 days and permanently delete your personal data from our systems, except where retention is required by law.

8. Third-Party Service Integrations

Our Service integrates with external platforms including YouTube (Google), Stripe, and Clerk. When using these integrations, we adhere to their respective API usage policies and user data protection guidelines. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

9. Links to Other Sites

Our Service may contain links to other sites. We are not responsible for the privacy practices or content of these external sites and strongly advise you to review their privacy policies.

10. Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If we discover that a child under 13 has provided us with personal information, we will immediately delete it from our servers.

11. Changes to This Privacy Policy

We may update our Privacy Policy periodically. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this page periodically for any changes. Changes are effective immediately upon posting.

12. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your data rights, please contact us:

13. Consent

By using our Service, you consent to our Privacy Policy and agree to its terms.