Privacy Policy

This Privacy Policy explains how Cultivate Social LLC ("Company," "we," "us," or "our") collects, uses, stores, and protects information when you use Cultivate Social at cultivate-social.app (the "Service"). Cultivate Social is an AI-powered social media content platform designed for faith leaders, ministers, authors, and kingdom entrepreneurs.

By using the Service, you agree to the collection and use of information as described in this policy. This policy is incorporated into and subject to our Terms of Service.

1. Information We Collect

We collect the following categories of information when you use the Service:

• Account information: your name, email address, and password (stored as a cryptographic hash — we never store your password in plain text).
• Source content: sermons, transcripts, manuscripts, notes, and other materials you upload to generate social media campaigns. Supported upload formats include CSV, HTML, PDF, Microsoft Word (.docx), plain text (.txt), and timed-text transcripts (.vtt, .srt). You may also supply source content by pasting text directly, by connecting a meeting provider (Zoom or Fathom), or by submitting a YouTube URL for transcript ingestion.
• Generated content: captions, image prompts, generated images, video storyboards, rendered video files, post schedules, and brand voice settings you create or save in Cultivate Social.
• Brand visual identity: color palettes, font preferences, visual style selections, and any logo images you upload to personalize generated content — especially AI-generated video posts. These inputs are associated with your brand record and used solely to style content produced for that brand.
• Social account connections: OAuth tokens and account identifiers from LinkedIn, Facebook, Instagram, Threads, and any other platforms you connect. These are used solely to publish content on your behalf when you request it.
• Meeting provider connections: OAuth tokens and account identifiers from Zoom and Fathom when you connect those providers. These are used solely to fetch meeting transcripts you authorize us to ingest.
• Usage data: basic analytics about how you interact with the Service — such as which features you use, when you log in, and how you navigate the dashboard — to help us improve the platform.
• Payment information: your subscription tier and billing history. Card numbers and sensitive payment data are handled exclusively by Stripe and are never stored on our servers.
• Communications: emails or messages you send to our support team.
• Technical data: IP address, browser type, device type, and operating system, collected automatically when you access the Service.

2. Cookies and Tracking

Cultivate Social uses cookies and similar tracking technologies to operate the Service and understand how it is used. Cookies are small data files stored on your device. We use:

• Essential cookies: required for authentication, session management, and basic platform functionality. The Service cannot operate without these.
• Analytics cookies: used to understand how users interact with the platform so we can improve it. This data is aggregated and not tied to individual identities.
• Preference cookies: store your settings and dashboard preferences between sessions.

For full details on how we use cookies and how to control them, see our Cookie Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To create and manage your account and authenticate your identity.
• To process your uploaded source content and generate social media campaigns using AI models.
• To publish your scheduled posts to the social network accounts you have connected.
• To send transactional emails — including account confirmations, billing receipts, and security alerts.
• To respond to your support requests and communications.
• To diagnose technical problems, maintain service security, and improve the platform.
• To comply with applicable legal obligations.

We do not use your content or personal information for marketing purposes without your explicit consent.

4. Third-Party Services and Data Sharing

Cultivate Social depends on the following third-party service providers to operate. Each provider processes data in accordance with its own privacy policy. We share only the minimum data necessary for each service to function:

• Supabase — database, user authentication, and file storage. Your account data and uploaded content are stored in Supabase. Privacy Policy
• Anthropic (Claude API) — AI text and video-storyboard generation. Source content and prompts are transmitted to Anthropic's API to generate captions, posts, and video scene plans on your behalf. Anthropic does not use API inputs to train its models. Privacy Policy
• Replicate — AI image generation. Image prompts are transmitted to Replicate when you use the image generation feature. Privacy Policy
• Apiframe — AI music generation (Suno API proxy). When you generate video posts with music enabled, the music prompt and basic track parameters are transmitted to Apiframe, which routes the request to the underlying Suno music-generation model. The generated audio file is returned to Cultivate Social and stored on Cloudinary. Apiframe does not receive your account information, source materials (transcripts, podcast episodes, etc.), or any data beyond what is needed to generate the music track itself. Privacy Policy
• Cloudinary — image and video hosting and delivery for generated and uploaded media. Rendered video files produced by the video generation feature are stored on Cloudinary and served through its CDN. Privacy Policy
• LinkedIn and Meta (Facebook, Instagram, Threads) — social network APIs used to publish content you schedule. Connecting these accounts grants Cultivate Social API-level posting permissions you authorize. LinkedIn · Meta
• Zoom — when you connect your Zoom account, we access meeting recordings and transcripts through the Zoom API solely to generate social media content at your request. We access only the transcript text of meetings you authorize — we do not access video or audio recordings, participant lists, chat messages, or any other Zoom data. Transcripts are processed through our content generation pipeline and stored in your account. You may disconnect Zoom at any time from your dashboard. Privacy Policy
• Fathom — when you connect your Fathom account, we receive meeting transcripts through the Fathom API (via OAuth) and webhook notifications solely to generate social media content at your request. We access only transcripts from meetings you authorize. You may disconnect Fathom at any time from your dashboard. Privacy Policy
• Supadata — third-party transcription service used when you submit a YouTube or Facebook URL through Cast and Catch. The URL you provide is sent to Supadata to retrieve a transcript of the video's publicly available content. For YouTube videos with captions, Supadata fetches the existing caption track. For Facebook videos and YouTube videos without captions, Supadata generates a transcript using AI from the video's audio. No user account credentials or private video data are transmitted. Privacy Policy
• Resend — transactional email delivery. Operational emails such as account verification, password reset, billing receipts, and tier-change notifications are sent to you through Resend. Your email address and message contents are shared with Resend for the sole purpose of delivering the email. Privacy Policy
• Sentry — error and performance monitoring. When the Service encounters an error, diagnostic information (including the request path, error message, and technical metadata) is sent to Sentry so we can diagnose and fix bugs. We do not intentionally send user content to Sentry. Privacy Policy
• Stripe — subscription billing and payment processing. Privacy Policy
• Netlify — website hosting for this marketing and legal site. Privacy Policy
• Railway — backend application hosting. Your data passes through Railway infrastructure when you use the Service. The video rendering pipeline (powered by Remotion, a programmatic video library) runs inside our Railway-hosted infrastructure — no third-party video-rendering provider receives your content. Privacy Policy
• Vercel — frontend application hosting for the Cultivate Social dashboard. Privacy Policy

We do not sell your personal information to any third party. We do not share your information with advertisers or data brokers. We may disclose your information if required by law, court order, or to protect the rights and safety of the Company, its users, or the public.

5. Data Storage and International Transfers

The Company is based in Texas, United States. Your data is primarily stored and processed in the United States through our service providers (Supabase, Railway, Cloudinary). Some providers may process data in data centers located in other countries. By using the Service, you consent to the transfer and processing of your information in the United States and other locations where our service providers operate, which may have different data protection laws than your country of residence.

6. Data Minimization

When responding to any request for user data — whether from a user, a public authority, a partner platform (such as Meta, LinkedIn, or any other social network we connect to), or a service provider — Cultivate Social discloses only the minimum information necessary to respond to the specific request. We do not provide more data than required. This applies to government and law enforcement requests, partner platform compliance requests, user account data requests, and any other context where Cultivate Social is asked to share user information. We design our systems and processes to collect, store, and access the smallest amount of data needed to deliver our service.

7. What We Do Not Do

• We do not sell your personal information to any third party — ever.
• We do not use your uploaded content or generated content to train AI models.
• We do not access your connected social media accounts for any purpose other than publishing the specific content you explicitly schedule.
• We do not share your content or personal information with other Cultivate Social users.
• We do not send unsolicited marketing emails. Any promotional communications will include a clear unsubscribe option.

8. Your Rights

You have the following rights regarding your personal information:

• Access: you may request a copy of the personal information we hold about you.
• Correction: you may request that we correct inaccurate or incomplete information.
• Deletion: you may request that we delete your personal information and account.
• Portability: you may request an export of your content and data in a portable format.
• Revocation: you may disconnect any connected social account from within your dashboard at any time, immediately revoking our access to that account.

To exercise any of these rights, email support@cultivate-social.app. We will respond within 30 days.

9. California Residents — CCPA Notice

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights. Under the CCPA, you have the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, the right to opt out of the sale of your personal information (we do not sell personal information), and the right not to be discriminated against for exercising your CCPA rights.

To submit a CCPA request, email support@cultivate-social.app with the subject line "CCPA Request." We will verify your identity and respond within 45 days as required by law.

10. Data Retention

We retain your account information and content for as long as your account remains active. If you delete your account, we will remove your personal information and content from our active systems within 30 days, and from backup systems within 90 days, except where retention is required by applicable law, regulation, or legitimate business purposes such as resolving disputes or enforcing our agreements.

11. Security

We use industry-standard security measures to protect your information, including encrypted connections (HTTPS/TLS), cryptographic password hashing, restricted database access controls, and regular security reviews. No system is completely secure, and we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

12. Children

Cultivate Social is not intended for anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, contact us at support@cultivate-social.app.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Texas, without regard to its conflict of law principles.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

15. Contact

If you have questions about this Privacy Policy or how we handle your information, email us at support@cultivate-social.app.

Cultivate Social LLC
(210) 992-2014
Dallas–Fort Worth, Texas