ZovGen
Open studio

Legal

Privacy Policy

Last updated: March 20, 2026

ZovGen is operated by BFAT SASU (France). Business & privacy questions: Contact.

1. Introduction

BFAT SASU ("Company", "we", "us", or "our") operates the ZovGen website and online service ("Service"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Service.

The Service generates short-form content packs from URLs you provide, stores outputs for a limited time on our servers, and may connect to third-party platforms when you choose OAuth or publishing features.

By using the Service, you acknowledge the practices described here. If you disagree, do not use ZovGen.

2. Company information

Legal entity: BFAT SASU
SIREN: 944 393 388 · SIRET: 944 393 388 00011
VAT: FR05944393388 · RCS: 944 393 388 R.C.S. Nantes
Registration: Commercial Court of Nantes, May 14, 2025
Contact: contact page (including GDPR requests).

3. Information we collect

3.1 You provide

  • Source URLs and generation settings (e.g. language, format, target platforms) that you submit to create a "job".
  • Optional contact email if you choose to leave one with a job (for operational or future notification features).
  • API keys if you subscribe to automation/API features and configure keys as described in our docs.
  • Payment-related identifiers as processed by our payment provider (we do not store full card numbers).

3.2 Generated and derived data

  • Generated media and text (e.g. slides, video exports, captions, suggested post copy) produced from your URL and settings.
  • Scraped or fetched public page data needed to build the pack (e.g. title, description, imagery as permitted by the source and technical constraints).

3.3 Automatically collected

  • Technical logs: IP address, user agent, timestamps, request metadata, and error logs for security and debugging.
  • Job identifiers and status to operate the pipeline and show progress in the app.

3.4 OAuth and platform tokens

When you connect Google (YouTube), TikTok, or Meta through our Connect flows, we receive tokens from the provider and store them on our servers so you can use publishing-related features you request. You can disconnect according to provider settings; contact us if you need help revoking on our side.

4. Legal bases (EEA/UK)

Where GDPR applies, we rely on:

  • Contract — to deliver the Service you request;
  • Legitimate interests — security, abuse prevention, improving reliability, and limited analytics that do not override your rights;
  • Consent — where required (e.g. non-essential cookies or certain marketing, if we add them);
  • Legal obligation — where we must comply with law.

5. How we use information

  • Run generation jobs, store results, and expose downloads or publishing actions you trigger;
  • Validate subscriptions and plan limits via our merchant of record;
  • Protect the Service (rate limits, fraud, security monitoring);
  • Maintain, debug, and improve the product;
  • Comply with law and respond to lawful requests.

6. Retention

  • Generation outputs and job metadata are kept for a rolling window (default: 90 days) from creation, then deleted automatically from our active storage, unless a longer period is required by law.
  • Logs are kept for a shorter operational period appropriate for security and troubleshooting.
  • OAuth tokens are kept until you disconnect, revoke access with the provider, or we delete them as part of account cleanup / support.
  • Billing records may be retained longer as required for tax, accounting, and legal obligations (via Lemon Squeezy and our books).

7. Storage, security, and location

Data is processed on servers we control (e.g. cloud or dedicated hosting). We apply reasonable technical and organizational measures (access control, encryption in transit as standard via HTTPS, backups where configured). No method is 100% secure.

AI features may call model providers (e.g. OpenAI, Anthropic, Groq) depending on server configuration. Only content required for the request is sent, per our integration. Review their policies if you need processor-level detail.

8. Sharing and subprocessors

We do not sell your personal information. We share data with:

  • Lemon Squeezy — payments and tax; privacy policy.
  • Google, TikTok, Meta — when you use OAuth or publishing; their policies apply.
  • Hosting / infrastructure — where our application and files are stored.
  • AI / media providers — when those features are enabled in your deployment.
  • Authorities — if required by applicable law.

9. Your rights

Depending on jurisdiction, you may have rights to access, rectify, delete, restrict, object, or port data, and to withdraw consent where processing is consent-based. To exercise rights, contact us via Contact. You may also lodge a complaint with your supervisory authority (e.g. CNIL in France).

10. Cookies

See our Cookie Policy (and section on cookies there).

11. Children

ZovGen is not directed to children under 13, or 16 where local law requires. We do not knowingly collect personal information from children.

12. International transfers

If we transfer personal data outside the EEA, we will use appropriate safeguards where required (e.g. Standard Contractual Clauses) or rely on adequacy decisions, in addition to provider terms.

13. Changes

We may update this policy. Material changes will be reflected by updating the "Last updated" date and, where appropriate, an in-Service notice.

14. California (CCPA/CPRA) — summary

California residents may have rights to know, delete, and correct personal information, and to limit use of sensitive information. We do not "sell" personal information as traditionally defined. Contact us via Contact to exercise rights.