Privacy Policy

1. Introduction

BDS Growth Engine ("Company," "we," "us," or "our"), operated by Business Development Source Corp, provides marketing automation, content generation, and publishing tools (the "Service").

This Privacy Policy explains how we collect, use, process, store, and share information when you use our platform, including when you connect third-party services such as Google, LinkedIn, and Meta (Facebook/Instagram).

We are committed to transparency, data minimization, and compliance with the Google API Services User Data Policy, including the Limited Use requirements.

2. Information We Collect

We collect only the information necessary to provide the Service.

2.1 Account Information

• Name and email address
• Business name and details provided during registration
• Subscription plan and billing cycle selection

We do not store plaintext passwords. Authentication is handled securely through industry-standard methods.

2.2 Connected Account Information (OAuth)

When you connect third-party services, we may receive:

• Access tokens and refresh tokens
• Basic profile information (name, email, account identifiers)
• Content metadata necessary to publish or manage content on your behalf

We only access data explicitly authorized by you through official OAuth authorization flows. We do not collect or store social media passwords.

2.3 Content and Inputs

We collect content you create or provide within the platform, including:

• Content topics and keywords
• Brand voice and style preferences
• Text prompts, articles, video scripts, and media selections
• Scheduling preferences
• Brand website URL (if you provide one for brand research)

This content is stored solely to provide requested functionality.

2.4 Agency Branding Data (White-Label Plan)

If you subscribe to our White-Label Agency plan, we collect additional branding data: agency display name, logo image, brand colors, and favicon. This data is used solely to customize the platform's appearance for you, your staff, and your clients. It is not shared with third parties or used for any other purpose. You may update or delete branding data at any time through your account settings.

2.5 Usage Data

We collect limited technical information such as log data, platform interaction metrics, and feature usage information. This data is used to improve performance, reliability, and security.

3. How We Use Information

We use collected information solely to:

• Provide, operate, and maintain the Service
• Generate, edit, and publish user-authorized content to your connected social media accounts only upon your specific request or enabled automation
• Enable connected account functionality
• Maintain security and prevent fraud
• Communicate with you regarding your account and service updates
• Comply with legal obligations

We do not use your data for unrelated purposes. We do not sell your data.

4. Automated Processing & AI-Powered Services

The Service includes automated content generation and processing features. To deliver these features, user-provided content inputs may be processed by the following third-party services:

• OpenAI: Used to generate marketing scripts, blog articles, social media captions, and visual scene descriptions based on content topics and brand voice preferences you provide. OpenAI Privacy Policy.
• Microsoft Edge TTS: Used for text-to-speech narration in generated videos. Only the script text you create is sent to this service. Microsoft Privacy Statement.
• Kokoro TTS (Self-Hosted): An open-source text-to-speech engine hosted on our own servers. Script text is processed locally and is not sent to any external third party.
• Pexels & Pixabay: Used to source royalty-free stock video footage based on content-related search queries. No personal data is shared with these services. Pexels Privacy Policy | Pixabay Privacy Policy.

4.1 Data Sent to AI Providers

The following types of user-provided content may be sent to third-party AI providers:

• Content topics and keywords you provide
• Brand voice and style preferences you select
• Brand website content (if you provide a URL for brand research)
• Generated script text (for text-to-speech conversion)

4.2 Data NOT Sent to AI Providers

We do not send the following to any AI or third-party content provider:

• Your name, email, or account credentials
• OAuth access tokens, refresh tokens, or any token data
• Social media account data or Google user data
• Payment or billing information

4.3 Additional AI Processing Commitments

• AI processing occurs solely to provide functionality you explicitly request.
• We do not use your content to independently train public AI models.
• We do not sell or license your content for third-party marketing purposes.
• Third-party service providers that assist with automated processing are contractually restricted to processing data only on our behalf and solely to provide requested services.

5. Google API Data Use & Limited Use Compliance

When you connect Google services (such as YouTube, Blogger, or Google Business Profile), we access and use Google user data strictly in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use Google user data only to provide user-initiated functionality that is prominent in the requesting application's user interface.
• We do not sell Google user data.
• We do not use Google user data for advertising or marketing purposes.
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features of the Service, or as required by law.
• We do not use Google user data to train generalized or public AI models.
• We do not allow humans to read Google user data unless: (a) you have given affirmative consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

Access to Google data is limited to the minimum scopes required for functionality. Upon disconnecting your Google account, associated access tokens are immediately revoked and deleted.

6. Data Sharing & Disclosure

We do not sell personal information. We may share data only in the following limited circumstances:

6.1 Service Providers

We may share information with trusted third-party providers that assist with cloud hosting, infrastructure, AI processing, payment processing, and security monitoring. These providers are contractually bound to confidentiality and data protection obligations and may only process data on our behalf to provide requested services.

6.2 Legal Requirements

We may disclose information if required by law, regulation, subpoena, or legal process, or to protect our legal rights.

6.3 Business Transfers

In the event of a merger, acquisition, or asset sale, user data may be transferred subject to this Privacy Policy. The receiving party must agree to respect this policy.

7. Data Protection & Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). All communications with third-party API providers are conducted over encrypted HTTPS connections.
• Encryption at Rest: Sensitive data stored in our database, including OAuth access tokens and API keys, is encrypted at rest.
• Access Controls: Platform access is protected by authenticated sessions with secure token-based authentication (JWT). Role-based access controls restrict data visibility based on user roles (Super Admin, Agency Admin, Staff, Client).
• OAuth Token Security: Social media access tokens are stored securely, transmitted only over encrypted channels, and are never exposed to client-side code. Users can revoke access tokens at any time through their account settings or directly through the connected platform.
• Minimal Data Collection: We collect only the data necessary to provide our services. AI service requests contain only content-related inputs — never personal identifiers or Google user data.
• Third-Party Security: All third-party AI and media providers used by our platform maintain their own security certifications and data protection policies.
• Regular Reviews: We periodically review our security practices, access logs, and third-party integrations to ensure continued compliance with data protection standards.

No system can guarantee absolute security, but we take commercially reasonable measures to protect your information.

8. Data Retention & Deletion

We retain personal information only as long as necessary to:

• Provide the Service and maintain account functionality
• Comply with legal obligations

When you disconnect a third-party account, associated access tokens are immediately revoked and deleted. You may request deletion of your account and all associated data at any time by contacting support or using the deletion tools within your dashboard.

Upon cancellation of a White-Label subscription, all branding data is removed and default platform branding is restored.

9. Your Rights & Controls

Depending on your location, you may have rights regarding your personal data. You may:

• Access and review your account information
• Update or correct your information
• Disconnect connected social media accounts at any time
• Request deletion of your account and all associated data
• Revoke OAuth permissions directly through the connected provider (e.g., Google Account settings)

9.1 White-Label Subscriber Rights

In addition to the rights above, White-Label Agency subscribers may:

• Update or replace branding assets at any time through the Settings page
• Request complete removal of all branding data by contacting support
• Export a summary of all branding data stored on your behalf upon request

10. White-Label Services & Social Media Connections

Social media account connections (e.g., Google, Facebook, LinkedIn) are powered by BDS Growth Engine's enterprise infrastructure. When users connect their social media accounts, the authorization consent screen will display "BDS Growth Engine" as the requesting application. This is required by the social media platforms and does not affect any white-label presentation within the Platform interface.

11. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

12. International Users

If you access the Service outside the United States, your information may be processed in the United States or other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your information to these jurisdictions.

13. Changes to This Policy

We may update this Privacy Policy periodically. If material changes are made, we will update the "Last Updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Limitation of Liability

15. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Business Development Source Corp
General: bdsgrowthengine@businessdevelopmentsource.com
Legal: legal@businessdevelopmentsource.com
Support: support@businessdevelopmentsource.com
Abuse: abuse@businessdevelopmentsource.com
Website: https://bdsgrowth.com