1. Data We Collect

Account profile, payment metadata, device, usage logs, and interaction details.

AI-related metadata includes prompts, uploaded input materials, generated outputs, and result metadata.

When creator payouts, adult-content compliance, or safety reviews are involved, we may process age checks, identity checks, tax records, complaint records, and moderation data.

• Prompts, uploaded input images (if any), and generated outputs.
• Model request time, response summaries, and error codes.
• Support conversations, complaints, dispute handling, and moderation logs.
• Age or identity check data such as verification status, passport result, selfie match result, retry logs, and risk flags.
• W-8BEN or other tax records, signature image, signature time, IP address, and User-Agent.
• Chat messages, chat-uploaded media, notification preferences, and delivery records.

2. AI and Processor Data

AI inference may involve external model providers under contractual and security controls.

Uploaded prompts and images are processed for generation only unless explicitly configured otherwise.

To enforce adult-content and platform safety policies, prompts, images, videos, chat media, and outputs may be reviewed with automated and human moderation.

• Prompts and input materials are not used for training except where explicitly configured with explicit consent.
• Sensitive personal information is processed and retained only within necessity and shortest retention principles.
• If content involves minors, bestiality, non-consensual sexual content, or other high-risk violations, related records may be retained for appeals, risk control, compliance, or investigations.

3. Third Parties and Payment Providers

We only share data necessary for service delivery and compliance.

• Stripe: billing and chargeback operations.
• Identity, tax, and compliance providers: age and identity verification, payout review, tax documentation handling, and anti-fraud risk controls.
• Infrastructure providers: hosting, delivery, storage, anti-fraud.
• No sale of your personal data to brokerages.

4. Privacy Rights

Depending on your region, you may request access, correction, deletion, export, and withdrawal of consent.

5. Cross-border Processing

Data may be processed in different jurisdictions under transfer safeguards and contracts.

6. Security and Breach Response

We implement encryption, access control, monitoring and incident response.

7. Third-Party Social Platform Integration (Meta / Instagram / Threads)

When you use Govoko's Social Publishing feature to connect your own Instagram Business or Threads account, the following terms apply.

We only request the minimum permissions necessary to publish content you have personally reviewed and approved.

• Permissions requested: instagram_business_basic (read basic account info), instagram_business_content_publish (publish reviewed content), threads_basic (read basic Threads account info), threads_content_publish (publish reviewed content).
• Data we store: platform account ID, username, encrypted OAuth access token, token expiration, granted scopes, connection/revocation timestamps.
• Data we DO NOT access, store, or share: direct messages, follower/following lists, other users' personal data, Instagram Insights/analytics.
• Access tokens are encrypted at rest with cloud KMS-managed keys and are cleared immediately when you disconnect, when you revoke Govoko via Instagram/Threads settings, or when you delete your Govoko account (within 30 days).
• Data deletion requests can be made via: the Govoko dashboard disconnect button, removing Govoko in Instagram/Threads settings, or emailing privacy@govoko.app.
• Registered Meta callbacks: Data Deletion at https://govoko.app/api/meta/data-deletion, Deauthorize at https://govoko.app/api/meta/deauthorize.
• By connecting an account you confirm you legitimately own or are authorized to operate it, and that you will not use Govoko for spam, impersonation, or coordinated inauthentic behavior.