ShadowNova
Privacy Policy
Last updated: July 02, 2026 · Effective: July 02, 2026
ShadowNova is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform. We comply with the General Data Protection Regulation (GDPR) and applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
2. Data We Collect
2.1 Account Information
- Name and email address (provided during registration)
- Encrypted password (never stored in plain text)
- Account preferences and settings
- Timezone and language preferences
2.2 Social Media Connection Data
When you connect your social media accounts (YouTube, TikTok, Facebook), we store:
- OAuth access tokens and refresh tokens (encrypted using AES-256-CBC)
- Platform account identifiers and usernames
- Profile information returned by the platform's API
We never store your social media passwords. Access is granted exclusively through official OAuth 2.0 authorization flows.
2.3 Content Data
- Video content and scripts you create within the platform
- Scheduled posts and publication settings
- Analytics and performance metrics collected from connected platforms
2.4 Technical Data
- IP address and browser information (stored in server logs, max 30 days)
- Session data (stored securely, expires after 2 hours of inactivity)
- Usage logs for security and debugging purposes
3. How We Use Your Data
We use your personal data exclusively for:
- Service delivery: Authenticating your account and providing platform features
- Social media publishing: Posting content to your connected accounts on your behalf
- Analytics: Retrieving performance data from connected platforms
- Communication: Sending daily reports and service notifications to your registered email
- Security: Detecting and preventing fraudulent or abusive activity
- Legal compliance: Meeting our legal obligations under applicable law
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Third-Party Services
ShadowNova integrates with the following third-party services to provide its functionality:
- YouTube (Google LLC): Video publishing and analytics — Google Privacy Policy
- TikTok (ByteDance Ltd.): Video publishing — TikTok Privacy Policy
- Facebook (Meta Platforms Inc.): Video publishing — Meta Privacy Policy
- Cloudflare R2: Secure file storage for video content and PDF reports
- Anthropic (Claude AI): AI-powered script generation — content is processed but not stored by Anthropic for training purposes
- HeyGen: AI video generation service
- ElevenLabs: AI voice synthesis
- Resend: Transactional email delivery
5. Data Storage and Security
Your data is stored on servers located in the European Union (Hetzner, Germany). We implement the following security measures:
- All data transmitted over HTTPS/TLS encryption
- OAuth tokens encrypted at rest using AES-256-CBC
- Passwords hashed using bcrypt (cost factor 12)
- Regular security audits and access controls
- Files stored in private Cloudflare R2 buckets with signed URLs
6. Data Retention
- Account data: Retained until you delete your account
- OAuth tokens: Retained until you disconnect the account or delete your profile
- Published content: Retained for 12 months after publication
- Analytics data: Retained for 12 months
- Server logs: Retained for 30 days
- PDF reports: Available for 7 days via signed URL, then deleted from storage
7. Your Rights (GDPR)
As a user, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data ("right to be forgotten")
- Right to restriction: Request that we limit how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to the processing of your data
- Right to withdraw consent: Withdraw consent at any time without affecting prior processing
To exercise any of these rights, contact us at fdakam@gmail.com. We will respond within 30 days.
8. Revoking Social Media Access
You can revoke ShadowNova's access to your social media accounts at any time:
9. Cookies
ShadowNova uses only essential cookies required for the service to function:
- Session cookie: Maintains your login session (expires after 2 hours of inactivity)
- CSRF token: Security token to prevent cross-site request forgery
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
10. Children's Privacy
ShadowNova is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice on our platform. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact & Complaints
For privacy-related inquiries or to exercise your rights, contact us at:
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Germany: Bundesbeauftragter für den Datenschutz (BfDI).