Rigor
Legal

Privacy Policy

Last updated: April 27, 2026

1. Introduction

Rigor ("we", "us", or "our") respects your privacy. This Privacy Policy describes how we collect, use, share, and protect your information when you use our Service at tryrigor.com.

2. Information We Collect

Information you provide

  • Account information — name, email, password
  • Brand and profile information you enter during onboarding
  • Video content, transcripts, topic ideas, and generated content you create or upload
  • Payment information (processed by our payment provider)

Information from connected platforms

When you connect YouTube, Instagram, TikTok, X (Twitter), LinkedIn, Facebook, or Threads, we receive the tokens and profile data necessary to publish and analyze content on your behalf, based on the scopes you approve. We only request the scopes needed to deliver the features you use.

Information collected automatically

  • Usage data — pages visited, actions taken, feature engagement
  • Device and log data — IP address, browser type, OS, timestamps
  • Cookies and similar technologies for session management

2a. Cookies and Tracking

We use first-party cookies for authentication and session management. We do not use third-party advertising or cross-site tracking cookies. We use privacy-preserving analytics (page views and feature usage) without persistent cross-site identifiers. You can clear cookies at any time via your browser; doing so will sign you out.

3. How We Use Your Information

  • Provide and operate the Service, including transcription, AI content generation, publishing, and analytics
  • Maintain security and prevent abuse
  • Communicate with you about your account and the Service
  • Improve and develop new features
  • Comply with legal obligations

4. How We Share Your Information

We do not sell or rent your personal information, and we do not “share” it for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA/CPRA). We do not use data obtained from Meta, Google, TikTok, X, or LinkedIn APIs to build advertising profiles or to train generalized AI models. We share data only with:

  • Service providers — Supabase (database and auth), Vercel (hosting), Anthropic (AI content generation), Deepgram (audio transcription), and payment processors, each under confidentiality obligations
  • Connected platforms — only when you explicitly publish content through the Service
  • Legal and safety — when required by law, court order, or to protect rights and safety
  • Business transfers — in connection with a merger, acquisition, or sale of assets

5. Data Retention

We retain personal data only as long as needed for the purposes described above. Specifically:

  • Account data (name, email) — for the life of your account, plus 30 days after deletion
  • OAuth tokens for connected platforms — until you disconnect or delete the account, then purged within 7 days
  • Uploaded videos and transcripts — until you delete them or close your account, then purged within 30 days
  • Usage logs and audit logs — 12 months
  • Billing records — 7 years (legal/tax requirement)

Encrypted backups are rotated out within 90 days. After deletion, residual copies in service-provider backups are purged on those providers' standard rotation cycles.

6. Your Rights

Rigor complies with the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and applicable equivalents in other jurisdictions. Depending on where you live, you may have the right to:

  • Access or export your personal data
  • Correct inaccurate information
  • Delete your personal data
  • Object to or restrict certain processing
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@tryrigor.com.

7. Meta Platform User Data

When you connect a Facebook, Instagram, or Threads account, we access only the data required by the scopes you approve and comply with Meta's Platform Terms and Developer Policies. Specifically, from Meta we receive: your Facebook user ID and name; Pages you manage and Page access tokens (pages_show_list, pages_manage_posts, pages_read_engagement); Instagram Business/Creator account ID, username, profile picture, and media (instagram_basic, instagram_content_publish, instagram_manage_insights); and Threads profile + publishing tokens (threads_basic, threads_content_publish). We do not request or store your Meta password and never access private messages. You may revoke access at any time from your Meta account settings or the Rigor Settings page. To request deletion of data obtained via Meta, email privacy@tryrigor.com or follow the instructions at tryrigor.com/data-deletion.

8. Google API Services User Data

Rigor's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request the following YouTube scopes:

  • https://www.googleapis.com/auth/youtube.readonly — to list your channels and videos so you can select them inside Rigor
  • https://www.googleapis.com/auth/youtube.upload — to publish long-form videos and Shorts to your channel on your behalf
  • https://www.googleapis.com/auth/youtube.force-ssl — to update video metadata (title, description, tags) for videos uploaded by Rigor
  • https://www.googleapis.com/auth/yt-analytics.readonly — to surface your video performance inside Rigor's analytics dashboard

YouTube data we access is never used to serve advertising, never sold, never used to train generalized AI/ML models, and is only transferred to third parties as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger or acquisition with adequate notice to you.

8a. TikTok Data

When you connect TikTok, we receive your TikTok open_id, display name, avatar URL, and a publishing token (scopes: user.info.basic, video.upload, video.publish). Use of TikTok data complies with the TikTok Developer Terms of Service. You may revoke access at any time from TikTok Settings → Security → Manage app permissions.

9. Security

We use industry-standard safeguards including encryption in transit and at rest, row-level security policies, access controls, and regular audits. No system is perfectly secure; we cannot guarantee absolute security but take every reasonable measure to protect your data.

10. Children's Privacy

The Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected such data, contact us to request deletion.

11. International Transfers

Your information may be processed in countries other than your own. We implement appropriate safeguards, such as standard contractual clauses, to ensure your data receives adequate protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the new version on this page and update the effective date. Material changes will be communicated via email or in-app notice.

13. Contact

For privacy questions or requests, contact us at privacy@tryrigor.com.