Privacy Policy

This Privacy Policy applies to personal information processed by GoFaceless as a data controller. “Personal information” means any information that identifies or could reasonably be used to identify an individual.

When you connect a third-party platform account to GoFaceless (for example, YouTube, TikTok, Instagram, Facebook, or X), data provided by those platforms becomes subject to this Privacy Policy in addition to the privacy policies of the respective platforms.

We collect the following categories of information:

• Account information. Name, email address, hashed password, profile preferences, country, and time zone.
• Billing information. Billing name, address, last four digits of your payment card, and transaction history. Full payment card numbers are collected and stored by Stripe, not by GoFaceless.
• Content you create. Scripts, prompts, voiceovers, thumbnails, captions, videos, schedules, and any other material you upload, generate, or store within the Service.
• Data from connected platforms. Authorization tokens, channel and account identifiers, public profile information, content metadata, analytics, and other data made available through the official APIs of third-party platforms, with your explicit authorization. Specific categories are described in Section 4.
• Usage and device data. Log data, IP address, browser and device type, operating system, referring and exit pages, feature usage, and timestamps.
• Cookies and similar technologies.First-party cookies and local storage are used for authentication, session management, preferences, and aggregated product analytics. See Section 7.
• Communications. Support requests, feedback, and correspondence you send to us.

We use personal information to:

• Provide, operate, maintain, and improve the Service.
• Authenticate users, process payments, and manage subscriptions.
• Execute actions you authorize on connected third-party platforms, such as publishing content, reading analytics, and managing scheduled posts.
• Personalize recommendations, intelligence, and playbooks based on your data.
• Respond to support inquiries and communicate service updates, security notices, and transactional messages.
• Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
• Comply with legal obligations and enforce our agreements.
• With your consent, send marketing communications that you may opt out of at any time.

We process personal information on the legal bases of contract performance, legitimate interests, consent, and compliance with legal obligations, as applicable under relevant data protection laws.

GoFaceless integrates with third-party platforms exclusively through their official APIs. The sections below describe the data we access, how we use it, and how you can revoke access. You may disconnect any platform from your GoFaceless account settings at any time.

4.1 YouTube API Services

GoFaceless uses YouTube API Services to enable features such as channel analytics, video uploads, metadata management, scheduling, and performance reporting. By connecting a YouTube account, you agree to be bound by the YouTube Terms of Service.

You acknowledge that GoFaceless’s use of information received from YouTube API Services is governed by the Google Privacy Policy.

You may revoke GoFaceless’s access to your Google and YouTube data at any time by visiting the Google security settings page: https://security.google.com/settings/security/permissions.

Data obtained through YouTube API Services is used only to provide the features you explicitly authorize. We do not use this data for targeted advertising, we do not transfer it to third parties for independent use, and we do not allow humans to read it except as strictly necessary for support, security, legal compliance, or with your explicit consent. Authorization tokens are stored encrypted at rest. Cached YouTube data is refreshed or deleted in accordance with the YouTube API Services Terms of Service, and in any case within thirty (30) days of a refresh request or disconnect event.

4.2 TikTok

GoFaceless uses the TikTok Login Kit, TikTok Content Posting API, and related TikTok developer APIs to enable authentication, publishing, scheduling, and analytics features. By connecting a TikTok account, you authorize GoFaceless to access the scopes you approve during the OAuth consent flow, which may include your open ID, union ID, public profile, video list, video metrics, and the ability to post content on your behalf.

Your use of TikTok through GoFaceless is also governed by the TikTok Terms of Service and the TikTok Privacy Policy. GoFaceless’s use of TikTok data complies with the TikTok Developer Terms of Service and the TikTok Platform Policies.

You may revoke GoFaceless’s access to your TikTok account at any time by visiting the “Manage app permissions” section inside the TikTok application settings, or by disconnecting TikTok from within GoFaceless. On revocation, we stop accessing new TikTok data immediately and delete cached TikTok data within thirty (30) days, except where retention is required by law.

4.3 Meta (Instagram and Facebook)

GoFaceless uses the Instagram Graph API, the Facebook Graph API, and other Meta platform APIs to provide features such as content publishing, insights, comment management, and scheduling for Instagram business and creator accounts and Facebook pages you manage. By connecting a Meta account, you authorize GoFaceless to access the scopes you approve during the Meta OAuth consent flow.

Your use of Meta services through GoFaceless is governed by the Meta Terms of Service and the Meta Privacy Policy. GoFaceless’s use of data received from Meta APIs complies with the Meta Platform Terms and the Meta Developer Policies.

You may revoke GoFaceless’s access to your Meta accounts at any time by visiting Business Integrations in your Meta account settings and removing GoFaceless.

Meta data deletion. To request deletion of personal information obtained from Meta, disconnect Meta from GoFaceless and email privacy@gofaceless.io with the subject line “Meta data deletion request”. We will confirm deletion within thirty (30) days. This Privacy Policy, together with that email address, serves as our data deletion instructions URL for the purposes of the Meta Platform Terms.

4.4 X (formerly Twitter)

GoFaceless uses the X API to enable authentication, publishing, scheduling, and analytics features. By connecting an X account, you authorize GoFaceless to access the scopes you approve during the X OAuth 2.0 consent flow.

Your use of X through GoFaceless is governed by the X Terms of Service and the X Privacy Policy. GoFaceless’s use of X data complies with the X Developer Agreement and Developer Policy.

You may revoke GoFaceless’s access at any time in the “Connected apps” section of your X account settings. GoFaceless honors deletions and privacy changes made on X. When content is deleted or made private on X, we remove the corresponding cached content from our systems within a commercially reasonable period, and in any event within the timelines required by the X Developer Agreement.

4.5 Stripe (payments)

Payments and billing are processed by Stripe, Inc. When you subscribe to GoFaceless or enroll in our affiliate program, you provide payment and payout information directly to Stripe. Stripe acts as an independent data controller for payment data and processes it in accordance with the Stripe Privacy Policy and the Stripe Services Agreement. GoFaceless receives limited billing metadata such as subscription status, invoice totals, and the last four digits of your card.

We do not sell personal information. We share personal information only in the following limited circumstances:

• Service providers. Infrastructure, hosting, analytics, email delivery, error monitoring, customer support, and payment processing vendors that are contractually bound to use data only to provide services to GoFaceless.
• Connected platforms. When you authorize GoFaceless to act on your behalf on a third-party platform, we transmit the data necessary to complete the action.
• Compliance and safety. When required by applicable law, legal process, or to protect the rights, property, or safety of GoFaceless, our users, or the public.
• Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to standard confidentiality protections and this Privacy Policy.
• With your consent. Any other sharing that you explicitly authorize.

We do not use data obtained from third-party platform APIs for independent advertising, for resale, or for any purpose not authorized by the relevant platform’s developer terms.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal information on one or more of the following legal bases:

• Contract. Processing necessary to provide the Service under our Terms of Service.
• Legitimate interests. Improving the Service, securing accounts, preventing fraud, and operating our business, where those interests are not overridden by your rights.
• Consent. Where you have given consent, for example to access connected platform data or to receive marketing communications. You may withdraw consent at any time.
• Legal obligation. Processing necessary to comply with legal requirements.

GoFaceless uses first-party cookies and similar technologies to keep you signed in, remember preferences, secure sessions, and measure product usage in aggregate. We do not use third-party advertising cookies or cross-site tracking pixels. You can configure your browser to block or delete cookies, although doing so may affect core functionality such as authentication.

We retain personal information for as long as your account is active and as needed to provide the Service. When you delete your account or disconnect a platform, we delete or anonymize the associated personal information within thirty (30) days, except where retention is required for legal, tax, accounting, fraud prevention, or dispute resolution purposes. Backups are overwritten on a rolling schedule.

GoFaceless implements administrative, technical, and physical safeguards designed to protect personal information, including encryption of data in transit (TLS 1.2 or higher), encryption of authorization tokens and sensitive fields at rest, least-privilege access controls, audit logging, and regular security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Depending on your location, you may have the following rights with respect to your personal information:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal information.
• Object to or restrict certain processing.
• Port your data to another service.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, to request deletion, and to opt out of the sale or sharing of personal information. GoFaceless does not sell or share personal information as defined by the CCPA.

To exercise any of these rights, contact us at privacy@gofaceless.io. We will respond within the timeframes required by applicable law and may need to verify your identity before fulfilling your request.

You can disconnect any third-party platform from your GoFaceless account at any time in your account settings. You may additionally revoke access directly on the platform:

• Google and YouTube: security.google.com/settings/security/permissions
• TikTok:Settings → Security and permissions → Manage app permissions
• Meta (Instagram and Facebook): Business Integrations
• X:Settings and privacy → Security and account access → Apps and sessions → Connected apps

GoFaceless operates internationally. Personal information may be processed and stored in countries outside the one in which you reside, including the United States. When we transfer personal information outside your jurisdiction, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or other recognized legal mechanisms.

GoFaceless is not directed to, and we do not knowingly collect personal information from, individuals under the age of 16. If you believe a child has provided us with personal information, contact us at privacy@gofaceless.io and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in the Service, our practices, or legal requirements. Material changes will be communicated in the product or by email, and the “Last updated” date at the top of this page will be revised. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

privacy@gofaceless.io