Svmmon Home Privacy Terms

Privacy Policy.

Effective June 21, 2026 (v3) Operator Svmmon
Short version. We collect the minimum needed to run a hosted SaaS. Your email, your billing info (handled by our payment processor), the content you create, and OAuth tokens for any social accounts you connect. We don't sell your data. We don't train AI on your content. You can export or delete everything at any time.

01 What we collect

Account information. Your email address (used for login and billing notifications), your display name if you set one, and your authentication provider (email or Google OAuth).

Billing data. Held by our payment processor. We see your subscription status and invoice amounts. We never see your card number.

Your content. Slideshows, hooks, prompts, image collections, generated outputs. Stored in our cloud database (US region) with strict per-user access controls.

Third-party tokens. When you connect a TikTok, YouTube, or Instagram account, we store OAuth access and refresh tokens encrypted at rest. Used to (a) post content on your behalf when you initiate or schedule a post, and (b) read the list of posts you've made on your own connected account along with their performance metrics (such as view count, like count, watch time, and follower/following counts) so Svmmon can show you a unified analytics dashboard of your own content. We only ever access content and metrics on accounts you have personally authorized, never anyone else's.

Usage data. Slideshow generation counts per billing period (for quota enforcement), API call logs for cost tracking, login timestamps and IP addresses for fraud prevention (retained up to 180 days).

Support correspondence. If you email us, we keep the email so we can reply.

Consent records. When you agreed to which version of this policy and our terms. Required by GDPR and CCPA.

Encrypted AI provider API key. Only if you opt into bring-your-own-key on the Unlimited tier. Stored encrypted at rest; we never log the plaintext.

02 What we don't collect

03 How we use what we collect

04 Where data lives

Data category Storage
Account info, content, OAuth tokens Cloud database (US region), encrypted at rest
Generated slideshows Cloud object storage (US region), with retention policy
Billing data Third-party payment processor (PCI-compliant)
Authentication state Managed authentication provider
Server logs Application and worker hosting (US region, encrypted in transit, retained up to 180 days)

We do not transfer your data outside the United States unless required by law or to deliver functionality (our AI provider's API may process inference requests in different regions per its terms).

05 Third parties we share data with

We are not in the data-selling business. We share data only with the infrastructure providers needed to run the Service:

We do NOT share data with advertising networks or data brokers. The full, versioned sub-processor list — including every provider's name, purpose, location, and policy link — lives at app.svmmonapp.com/subprocessors.

YouTube API Services. When you connect a YouTube account, Svmmon uses YouTube API Services to publish content to your channel and to read performance metrics on your own videos. By using Svmmon's YouTube integration, you agree to be bound by the YouTube Terms of Service. Google's handling of any data accessed through YouTube API Services is governed by the Google Privacy Policy. You can revoke Svmmon's access to your YouTube account at any time via your Google Account permissions page at myaccount.google.com/permissions.

06 Cookies and tracking

Affiliate attribution. Our marketing site uses a third-party affiliate-attribution provider to credit the affiliate who referred you. Once it loads, it stores persistent identifiers in your browser's localStorage and sends your IP address, browser user agent, and approximate geolocation to that provider to track clicks and conversions. The provider acts as a data processor for this. In the EU, EEA, and UK, this tracker loads only after you accept the cookie banner; if you decline, it never loads and none of these identifiers or data are sent. In other regions, where prior consent is not legally required, it loads automatically. You can contact us to have it disabled. The provider is named, with its policy and DPA links, on our sub-processor list.

07 Your rights

Under GDPR (EU residents), CCPA (California residents), and similar laws, you have rights regarding your data. Through Svmmon, you can:

Account deletion soft-deletes your account for 7 days (sign back in within that window to restore it), then cancels your subscription and permanently removes your content from cloud storage, your database rows (cascades to all owned data), and your payment-processor customer record metadata. Residual copies in encrypted backups are purged within 90 days. Anonymized billing logs are retained as required by tax and financial regulations (typically 7 years).

To exercise any right, email support@svmmonapp.com. We aim to acknowledge requests within 7 days and to resolve them within the statutory period (up to 30 days under GDPR, extendable for complex requests as the law permits).

08 Children

Svmmon is not directed at children under 13 (or 16 in the EU). We don't knowingly collect data from children. If you believe a child has provided us data, contact us at support@svmmonapp.com and we'll delete it.

09 Security

We implement industry-standard practices:

No system is perfectly secure. If you suspect a breach, contact us at security@svmmonapp.com.

10 Data breach notification

In the event of a data breach affecting your personal information, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach, via the email associated with your account, in compliance with GDPR and applicable U.S. state laws.

11 Retention

Data category Retention
Active account dataWhile your account is active
Generated contentWhile your account is active, subject to per-tier storage caps (see Terms section 9)
Server logsUp to 180 days
Billing records7 years (tax and financial regulation)
Deleted account data7-day grace, then permanently removed; backups purged within 90 days

12 Changes to this policy

We may update this policy. Material changes will be announced via email at least 30 days in advance. The effective date at the top reflects the most recent revision.

13 Contact

Questions or requests? Email support@svmmonapp.com.

For security-specific inquiries: security@svmmonapp.com.