Privacy Policy

Last updated: May 15, 2026

1. Introduction

CleanCut ("we", "our", or "us"), operated by Content Cartel LLC, provides AI-powered video editing and social media management tools. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at cleaner.contentcartel.net (the "Service").

2. Information We Collect

We collect information in the following ways:

  • Account Information: When you create an account, we collect your name, email address, and authentication credentials.
  • Social Media Data: When you connect your Facebook, Instagram, or other social media accounts, we access profile information, pages you manage, and content publishing permissions as authorized by you through Meta's login flow. We only access data necessary to provide scheduling and publishing services.
  • Google Account & YouTube Data: When you connect your Google account to use YouTube features, we access your YouTube channel information, video metadata, upload capability, and analytics as authorized by you through Google's OAuth consent screen. See Section 4b for details on which scopes we request and how we use them.
  • Content: Media files (videos, images) you upload for editing or scheduling, along with captions and metadata you provide.
  • Usage Data: Information about how you interact with the Service, including features used, timestamps, and device information.
  • Analytics Data: Post performance metrics retrieved from connected social media accounts to display in your dashboard.

3. How We Use Your Information

  • To provide, maintain, and improve the Service, including video editing, content scheduling, and social media publishing.
  • To authenticate your identity and manage your connected social media accounts.
  • To publish content to your social media accounts at your scheduled times.
  • To display analytics and insights about your published content.
  • To communicate with you about your account, updates, and support.
  • To ensure the security and integrity of the Service.

4. Meta Platform Data

When you connect your Facebook or Instagram account, we receive data through Meta's APIs ("Platform Data"). We handle this data in accordance with Meta's Platform Terms and Developer Policies:

  • We only request permissions necessary for the features you use (e.g., publishing posts, reading insights).
  • We do not sell, license, or otherwise monetize Platform Data.
  • We do not use Platform Data to build user profiles for advertising or to provide data to data brokers.
  • We store access tokens securely and refresh them as needed.
  • You can disconnect your social media accounts at any time from your profile settings, which revokes our access.

4a. LinkedIn Platform Data

When you connect your LinkedIn account, we receive data through LinkedIn's APIs and handle it under LinkedIn's Platform Guidelines and API Terms of Use:

  • What we read: your member ID (sub), name, email, profile picture, and (if approved under LinkedIn's Marketing Developer Platform) engagement metrics on posts you created through CleanCut (impressions, reach, likes, comments, shares).
  • What we write: posts you scheduled or queued via CleanCut, published to your profile on your behalf with your w_member_social grant.
  • Scope minimisation: we only request scopes needed for features you use. LinkedIn-specific scopes today: openid, profile, email, w_member_social. Read-only analytics scopes are only requested after LinkedIn partner approval.
  • No resale or modeling: we do not sell LinkedIn data, train ML models on it, or use it for advertising targeting.
  • Revocation: disconnecting from Scheduler → Settings revokes our access immediately and deletes the stored token. LinkedIn also posts a deauthorization notice to us at /api/linkedin/deauthorize if you remove the app from LinkedIn directly; we mark the connection revoked on receipt.

4b. Google API Services & YouTube Data

CleanCut's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements. We additionally comply with the YouTube Terms of Service; by connecting your YouTube account you also agree to those terms. Google's privacy practices are described in the Google Privacy Policy.

Scopes we request and why:

  • youtube.upload — to publish videos you have prepared in CleanCut to your YouTube channel at the time you schedule. We never upload without an explicit user-scheduled publish action.
  • youtube — to set metadata on videos you publish (title, description, tags, thumbnail, privacy status, playlist placement) and to manage scheduled publish times on your channel.
  • youtube.readonly — to read your channel and existing videos so the Planner can show you what you have already published and help you avoid duplicate topics.
  • yt-analytics.readonly — to read aggregate channel and video performance metrics (views, watch time, retention) and display them in the Analytics dashboard so you can see how your published content performed.

What we store: the OAuth refresh token (encrypted at rest), the channel ID and channel name you connected, and the metadata of videos you scheduled or published through CleanCut. We do not store the raw bytes of videos already on YouTube, comments, viewer identity, or any data about other people's channels.

Limited Use disclosure (required by Google):

  • We use Google user data only to provide and improve the user-facing features described above (scheduling, publishing, planning, analytics) in CleanCut. We do not use this data for any other purpose.
  • We do not transfer Google user data to third parties except as necessary to provide the Service (e.g., cloud hosting on Oracle Cloud Infrastructure, database on Supabase) or to comply with applicable law. These processors are contractually bound to use the data only on our behalf.
  • We do not use Google user data for advertising, retargeting, or to build profiles for marketing purposes.
  • We do not sell Google user data.
  • We do not use Google user data to train, fine-tune, or evaluate generalized AI/ML models. AI features in CleanCut (caption generation, idea generation, etc.) operate on content you upload to CleanCut directly, not on data retrieved from your YouTube channel.
  • Humans do not read your Google user data except (a) with your explicit prior consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operations.

Retention & deletion: Google account tokens and YouTube data are retained while your YouTube connection is active. You can revoke our access at any time from Scheduler → Connections in CleanCut, which immediately deletes the stored refresh token and deactivates the connection on our side. You can additionally revoke our app at https://myaccount.google.com/permissions. To request deletion of all Google-derived data we have stored, email moisesoliveros@novaad.io; we will action the request within 30 days.

Security: OAuth refresh tokens are encrypted at rest using a Fernet-derived key managed outside the application database. Tokens are transmitted only over TLS and are decrypted only in-memory at the moment of an API call.

5. Data Sharing

We do not sell your personal data. We may share information only in these circumstances:

  • With your social media platforms: To publish content you have scheduled, at your direction.
  • Service providers: We use cloud hosting and infrastructure providers to operate the Service. These providers process data on our behalf under strict contractual obligations.
  • Legal requirements: If required by law, regulation, or legal process.

6. Data Retention

We retain your data for as long as your account is active. Uploaded media files are retained for processing and deleted after export or at your request. Social media tokens are retained while your accounts are connected. You may request deletion of all your data at any time.

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS), secure token storage, and access controls. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Withdraw consent for data processing.
  • Export your data in a portable format.
  • Disconnect social media accounts at any time.

To exercise these rights, contact us at moisesoliveros@novaad.io.

9. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Content Cartel LLC
Email: moisesoliveros@novaad.io