Privacy Policy
This policy describes how NewsCast collects, uses and protects your personal data, in line with the Swiss revised Federal Act on Data Protection (nFADP) effective since 1 September 2023, and the EU GDPR for users located in the European Union.
1. Data controller
The controller is Viral Social Media 1000, operator of NewsCast, with registered seat at 1201 Geneva, Switzerland. Contact for data protection matters: l.lepotvin56@gmail.com.
2. Data we collect
- Account: email, hashed password, preferred language, timezone.
- Content: RSS feeds, imported articles, generated scripts and videos.
- Social accounts: OAuth tokens for TikTok and Instagram (stored encrypted).
- Payment: billing details processed by Stripe; we never store card numbers.
- Technical usage: server logs, truncated IP, browser type, usage statistics.
- Communications: messages sent to support and to our AI assistant.
3. Purposes and legal bases
| Purpose | Legal basis (nFADP / GDPR) |
|---|---|
| Provide the Service | Contract performance |
| Billing and fraud prevention | Legal obligation and legitimate interest |
| Security and logging | Legitimate interest |
| User support | Contract performance |
| Service improvements (aggregated stats) | Legitimate interest |
4. Recipients and sub-processors
Your data is processed by the following sub-processors, strictly for the purposes above:
- Lovable / Supabase — hosting, database, authentication (EU).
- DeepSeek — script generation (LLM).
- FAL — image and video clip generation.
- ElevenLabs — voice synthesis.
- Creatomate — final video render.
- Stripe — payments and billing.
- TikTok / Meta (Instagram) — publishing videos on user request.
- Lovable AI Gateway — routing for the support assistant.
- Cloudflare — serverless edge execution / CDN.
5. Transfers outside Switzerland / EU
Some sub-processors are established in the United States. Transfers are covered by Standard Contractual Clauses and, where applicable, the Data Privacy Framework. A copy of the safeguards is available on request.
6. Retention
- Account data: while the account is active, then 30 days after deletion.
- Technical logs: 90 days.
- Invoices and accounting data: 10 years (art. 958f Swiss CO).
- Support conversations: 12 months.
7. Your rights
Under nFADP and GDPR you have the rights of access, rectification, deletion, objection, restriction and portability. To exercise them, contact l.lepotvin56@gmail.com. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your national data protection authority.
8. Cookies and local storage
We only use strictly necessary cookies / local storage (authentication session, language and theme preferences, support assistant conversation). No advertising or third-party tracking.
9. Security
Data is encrypted in transit (TLS) and at rest. Access is partitioned per user via Row Level Security at the database level. Secrets are stored in a dedicated secrets manager.
10. Changes
We may amend this policy. Material changes are notified by email at least 30 days before they take effect.
Last updated: June 10, 2026.