Aovyx Studio

Privacy Policy

Effective Date: May 30, 2026 Last Updated: May 30, 2026

This Privacy Policy describes how Aovyx Studio ("we," "us," "our," or the "Service"), operated by Marc Garcia as a sole proprietor based in California, United States, collects, uses, stores, and shares information when you use our social media management application accessible at aovyxstudio.com.

By creating an account or using Aovyx Studio, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Your email address
  • A password (stored as a one-way hash; we never see your plaintext password)
  • Your name (if you provide it)
  • Account preferences and settings

1.2 Connected Social Media Accounts

When you connect your Facebook Pages, Instagram Professional accounts, or other supported social media platforms through OAuth, we receive and store:

  • OAuth access tokens and refresh tokens (encrypted at rest using AES-256-GCM)
  • Account identifiers (Page IDs, Instagram Business Account IDs, etc.)
  • Account names and profile information
  • The permissions you grant during the OAuth flow

We use these tokens only to perform actions you authorize within the Service. We never share these tokens with third parties.

1.3 Content You Provide and Generate

  • Media files (images, videos) you upload for use in posts
  • Captions, hashtags, briefs, and other content you create or edit
  • AI-generated drafts produced by the Service on your behalf
  • Approval decisions, edits, and publishing history

1.4 Content Imported From Connected Accounts

With your authorization, we import historical content from your connected social media accounts, including:

  • Recent posts and their engagement metrics (likes, comments, shares, reach)
  • Post captions, media, and timestamps
  • Audience-level aggregate data exposed by platform APIs

We use this data to understand your brand voice, identify content themes, and improve AI-generated suggestions for your account. We do not use this data to train models that benefit other users' accounts.

1.5 Usage Information

We collect technical information when you use the Service:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device information (device type, operating system)
  • Service usage patterns (features used, generation requests, publish actions)

1.6 Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Keep you signed in (session cookies)
  • Remember your preferences
  • Understand how the Service is used (analytics)

You can control cookies through your browser settings. Disabling cookies may limit Service functionality.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service (authenticate you, connect your accounts, generate content, schedule posts, publish to your connected platforms)
  • Improve AI-generated suggestions for your specific account by learning from your existing content, your edits, and your approval decisions
  • Communicate with you about your account, the Service, and important updates
  • Monitor and prevent abuse, fraud, and security incidents
  • Comply with legal obligations

We do not use your data to:

  • Train AI models that benefit other customers' accounts
  • Sell your personal information or content to third parties
  • Send marketing communications without your consent

3. How We Share Your Information

We share information only as described below.

3.1 Service Providers (Sub-processors)

We use the following third-party services to operate Aovyx Studio. Each handles a specific function and is bound by confidentiality and data protection obligations:

Service ProviderPurposeData Shared
VercelWeb hosting and serverless infrastructureApplication traffic, server logs
SupabaseDatabase, authentication, and storageAccount data, encrypted tokens, content metadata
Cloudflare R2Media file storageImages and videos you upload
RailwayBackground worker hostingPublishing job data, queue state
OpenAIAI text generationPrompts, content briefs, brand voice context
AnthropicAI text generation (alternate provider)Prompts, content briefs, brand voice context
Upstash (Redis)Job queue managementPublishing job metadata
ResendTransactional email deliveryEmail address, email content

3.2 Social Media Platforms

When you instruct us to publish content, we send the relevant text, media, and metadata to the destination platform (e.g., Facebook, Instagram) on your behalf using the API access you authorized. This is the core function of the Service.

3.3 Legal Requirements

We may disclose information when required by law, court order, or valid legal process, or when necessary to protect the rights, property, or safety of Aovyx Studio, our users, or others.

3.4 Business Transfers

If Aovyx Studio is acquired, merged, or transfers ownership, your information may be transferred to the new entity. We will notify you of any such change and your choices.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service:

  • Account data: retained until you delete your account
  • OAuth tokens: retained until you disconnect the account or your account is deleted; deleted within 30 days of disconnection or account deletion
  • Generated content and drafts: retained until you delete them or delete your account
  • Usage logs: retained for up to 12 months for security and operational purposes
  • Backups: may persist for up to 90 days after deletion in encrypted backup systems

When you delete your account, we initiate deletion of your personal data within 30 days. Some data may persist longer in encrypted backups or where retention is required by law.

5. Your Rights and Choices

5.1 Access and Correction

You can view and update most of your account information directly in the Service settings.

5.2 Data Deletion

You can request deletion of your account and associated data at any time. See our Data Deletion Policy at /data-deletion for details. We will complete deletion within 30 days of your request.

5.3 Disconnecting Social Media Accounts

You can disconnect any connected social media account from within the Service. This revokes our access tokens for that account.

5.4 Data Portability

You can request a copy of the data we hold about you. Contact us at marc@aovyxstudio.com.

5.5 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, the right to opt out of any "sale" of personal information (we do not sell personal information), and the right to non-discrimination for exercising these rights. To exercise these rights, contact marc@aovyxstudio.com.

5.6 European Residents (GDPR)

If you are in the European Economic Area, UK, or Switzerland, you have rights under the General Data Protection Regulation including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing your data is the performance of our contract with you (providing the Service) and our legitimate interests in operating and improving the Service. To exercise these rights, contact marc@aovyxstudio.com.

6. Security

We use industry-standard security measures to protect your information:

  • All data in transit is encrypted using TLS
  • OAuth tokens are encrypted at rest using AES-256-GCM
  • Database access is restricted using row-level security policies
  • Passwords are stored using one-way hashing
  • Access to production systems is restricted to authorized personnel

No system is completely secure. If we discover a security incident that affects your data, we will notify you in accordance with applicable law.

7. Children's Privacy

Aovyx Studio is not directed to or intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover we have collected such information, we will delete it promptly. If you believe we have collected information from a child under 13, contact us at marc@aovyxstudio.com.

For users in jurisdictions where the minimum age is higher (e.g., 16 in some EU countries), our service is not intended for users under that age.

8. International Data Transfers

Aovyx Studio is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to such transfer. Where required, we use standard contractual clauses or other lawful mechanisms for international transfers.

9. AI-Generated Content

Aovyx Studio uses third-party AI services (OpenAI, Anthropic) to generate suggested content based on your inputs. Important notes:

  • AI outputs are suggestions; you remain responsible for what you choose to publish
  • AI providers may temporarily process the prompts and brand context we send to them, subject to their own data policies
  • We do not allow AI providers to train their models on your content
  • AI-generated content may occasionally contain inaccuracies; you should review all content before publishing

10. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. Review their privacy policies before providing personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice in the Service before the changes take effect. The "Last Updated" date at the top reflects the most recent revision.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Marc Garcia (sole proprietor) operating as Aovyx Studio Email: marc@aovyxstudio.com Website: https://aovyxstudio.com