Privacy Policy

Last updated:

OneSpot is in invite-only access ahead of public launch. The full privacy policy is being drafted with counsel and will be published on this page before the platform opens to public sign-ups.

This page describes the data OneSpot handles in plain terms so that invite-period users have an accurate, conservative picture of what we collect and where it goes. The published policy will extend (not contradict) what is described here.

What OneSpot collects during invite-period access

  • Account — name, email, hashed password, and the optional TOTP secret you enroll. Roles and permissions are stored alongside your account row.
  • Source material you upload— videos, images, documents, links, and notes you import into a project, plus any AI-generated derivatives OneSpot produces from them. Stored in our Google Cloud Storage bucket, accessed only by the platform's runtime service account.
  • Social-platform credentials you grant — short-lived OAuth tokens for Meta (Facebook + Instagram), LinkedIn, and Google. Stored encrypted; used only to publish the posts you schedule.
  • Operational logs — request IDs, timing, error traces, and AI provider call records. No request body content beyond what is needed for the call itself. Logs are retained per Google Cloud Logging defaults.

Third-party AI providers your content is sent to

When you generate a script, image, video clip, voiceover, or background music in OneSpot, the prompts and any reference assets you attach are sent to the AI provider that powers that tool. Each call leaves OneSpot's infrastructure. The current set of providers OneSpot may call on your behalf:

  • Anthropic (Claude) — scripts, captions, prompts.
  • OpenAI — scripts, captions, prompts.
  • xAI (Grok / Grok Imagine) — scripts, captions, images.
  • Google (Gemini + Vertex AI / Veo 3) — scripts, captions, video generation.
  • Runway — video generation.
  • Kling — video generation.
  • ElevenLabs — text-to-speech and music generation.

Your content sent to these providers is subject to their own terms and privacy policies. The published OneSpot privacy policy will enumerate the data categories that flow to each.

What OneSpot does not do

  • We do not sell personal information to third parties.
  • We do not use your uploaded source material or generated outputs to train models. The AI providers' own training-data policies apply to anything sent to them; see their docs.
  • We do not retain expired OAuth tokens longer than necessary to refresh or revoke them.

Contact

During invite-period access, contact the OneSpot team that issued your invite for any privacy questions or data deletion requests. A formal point of contact will be published with the full policy.