AI Box

Generation language

Default language for AI-written scripts, TTS voiceovers, and captions. You can still override per-job.

Legal

Privacy Policy

Effective June 8, 2026

AI Box (“AI Box”, “we”, “our”, or “us”) is operated by Kenny Rigo. This Privacy Policy explains what information we collect when you use theaibox.app and the AI Box workspace (collectively, the “Service”), how we use it, who we share it with, how long we keep it, and the choices you have. By using the Service you agree to the practices described here.

If you only want to know how we handle data we get from Google APIs (including YouTube), jump to Google API Services & Limited Use.

1. Information we collect

1.1 Account information

We use Clerk for authentication. When you sign up, Clerk stores your email address, hashed password (or third-party sign-in identifier, e.g. Google or Apple), profile name, and an opaque user identifier. We receive your email, name, and Clerk user id; we do not see your password.

1.2 Billing information

Paid subscriptions and credit packs are processed by Stripe. Stripe collects your payment method details directly — we never see your full card number. We receive the Stripe customer id, subscription status, the plan you bought, and the last four digits of your card to display in the workspace.

1.3 Content you create

When you generate videos, images, voiceovers, scripts, captions, scheduled posts, autopilot programs, product ads, avatars, voice clones, or any other creative output, we store:

  • the prompts and configuration you submitted;
  • the rendered output files (video, image, audio) on our servers;
  • job metadata (timestamps, model used, credit cost, project tag);
  • uploads you provide as inputs (reference photos, voices, brand assets, product images).

1.4 Connected platforms

When you connect a third-party social account (YouTube, TikTok, Instagram, Facebook), we store the refresh / access tokens the platform issues us so we can publish on your behalf, the channel or page identifier, and the public display name. We do not retrieve, read, or store any data from those accounts beyond what is necessary to publish a video you generated and to show you what is connected.

1.5 Usage data

We log basic usage signals — render starts and completions, credit consumption, error traces, and the route URLs you visit on the workspace — for billing, debugging, and abuse prevention. We do not currently use third-party analytics or advertising cookies.

2. Google API Services & Limited Use

AI Box uses Google APIs to let you publish videos to your YouTube channel. The OAuth scopes we request are:

  • https://www.googleapis.com/auth/youtube.upload — required to upload videos you generated in AI Box to a YouTube channel you own.
  • https://www.googleapis.com/auth/youtube.readonly — used only to read the name and id of your channel so the workspace can label which account is connected.

What we receive from Google. An OAuth refresh token, a short-lived access token, your YouTube channel id, channel name, and the metadata (title, description, privacy status) you set on each upload through AI Box.

How we use it. The refresh token is used solely to obtain new access tokens for the purpose of (a) uploading videos to your channel when you click Publish or when an autopilot program you created fires, and (b) showing you which Google account is connected. We do not query, list, download, or read any other content from your YouTube account.

Limited Use. AI Box's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:

  • do not transfer Google user data to third parties except as necessary to provide or improve the Service, comply with applicable law, or as part of a merger / acquisition with notice to you;
  • do not use Google user data for advertising, including retargeting, personalized, or interest-based advertising;
  • do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security investigations or to comply with law, or the data has been aggregated and de-identified;
  • do not use Google user data to train, develop, or improve generalized AI / machine-learning models.

Revoking access. You can disconnect your Google / YouTube account at any time from Settings → Connections in the workspace, or by revoking AI Box at myaccount.google.com/permissions. Revoking will delete the tokens we hold for that connection within 30 days.

3. How we use your information

  • To provide the Service: render videos, schedule posts, fire autopilot programs, publish to your connected platforms.
  • To bill you: meter credit usage and process subscription payments through Stripe.
  • To support you: respond to your questions, debug failed renders, and notify you about important account events.
  • To improve the Service: aggregate, de-identified usage metrics (e.g. which models are most used, error rates).
  • To prevent abuse: detect and stop automated abuse, fraud, and violations of our Acceptable Use Policy.

4. Sharing & subprocessors

We do not sell your personal information. We share data only with the third-party processors needed to operate the Service:

  • Clerk — authentication, user identity.
  • Stripe — payment processing.
  • fal.ai, Replicate, OpenAI, Anthropic — AI model inference. The prompt text and any input media you submit are sent to the relevant provider only for the time needed to generate your output.
  • Google (YouTube Data API), TikTok, Meta (Instagram, Facebook) — only when you publish a video to one of these platforms.
  • Bright Data — URL scraping for the Product Ad wizard when you provide a product URL.
  • Email delivery providers, log aggregation, and our cloud hosting provider, used to operate the Service.

We may also disclose information if required by law, in response to a valid legal process, or to protect the rights, property, or safety of AI Box, our users, or the public.

5. Data retention

  • Account data — for the life of your account, plus up to 90 days after deletion for backup expiration.
  • Generated outputs — stored on our servers until you delete them. Deleted outputs are removed from primary storage within 7 days and from backups within 90 days.
  • OAuth tokens (YouTube, TikTok, Instagram, Facebook) — until you disconnect the platform or delete your account. Disconnected tokens are revoked and purged within 30 days.
  • Billing records — retained for the period required by tax and financial regulations (typically 7 years in the US).
  • Logs and usage data — retained for up to 90 days for debugging and abuse prevention, then aggregated or deleted.

6. Your rights & choices

Depending on where you live, you may have the right to:

  • access the personal information we hold about you;
  • correct inaccurate information;
  • delete your account and the associated data;
  • export a copy of your generated content;
  • opt out of non-essential communications.

You can delete your account from Settings → Account → Delete account in the workspace, or by emailing us at keny.ents@gmail.com. We will respond within 30 days.

7. Security

We use industry-standard measures — TLS for data in transit, encrypted storage at rest, scoped access tokens, and least-privilege service credentials — but no service is perfectly secure. Please use a strong, unique password and do not share your account credentials.

8. Children

The Service is not directed to children under 13 (or under 16 in some jurisdictions). If you believe a child has provided us personal information, please contact us and we will delete it.

9. International transfers

The Service is operated from the United States and the data we hold may be processed in the US and in the regions where our subprocessors operate. By using the Service you consent to these transfers.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective date at the top of this page and, for material changes, notify you by email or an in-app notice before the changes take effect.

11. Contact

Questions, requests, or concerns? Email keny.ents@gmail.com.