Privacy Policy

Last updated: February 25, 2026

1. Who We Are

OctoScale.ai ("we", "us", "our") is an AI-powered video creation and social media automation platform operated by BIT Enterprises UG (haftungsbeschränkt). This Privacy Policy explains how we collect, use, and protect your personal data.

Responsible party (Verantwortlicher) within the meaning of the GDPR:
BIT Enterprises UG (haftungsbeschränkt)
Franz-Schubert-Str. 20, 34277 Fuldabrück, Germany
Email: [email protected]

2. Data We Collect

  • Account data: Email address and name when you register. Passwords are hashed and managed by our authentication provider — we do not store them in plain text.
  • Usage data: Pages visited, features used, timestamps, and device/browser information — collected via Google Analytics.
  • Payment data: Processed by our Merchant of Record, Creem (Armitage Labs OÜ). We do not store credit card numbers or payment details on our servers.
  • Content data: Videos, images, scripts, and other content you create or upload through the Service.

3. How We Use Your Data

  • To provide and improve the Service.
  • To process transactions via Creem.
  • To analyze usage patterns and optimize performance (Google Analytics).
  • To communicate with you about your account or changes to the Service.
  • To comply with legal obligations.

4. Legal Basis (GDPR)

  • Contract performance (Art. 6(1)(b) GDPR) — to deliver the Service you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — to analyze usage and improve the Service.
  • Consent (Art. 6(1)(a) GDPR) — where required, e.g. for analytics cookies.
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with applicable laws.

5. Third-Party Services

Google Analytics

We use Google Analytics to understand how users interact with the Service. Google Analytics uses cookies to collect anonymized usage data (pages visited, session duration, device type). This data is processed by Google LLC (USA). For more information, see Google's Privacy Policy. You can opt out via the Google Analytics Opt-Out Add-on.

Creem (Payment Processing)

Creem (Armitage Labs OÜ) acts as the Merchant of Record for all payments. When you make a purchase, your payment information is collected and processed directly by Creem. We do not have access to your full payment details. See Creem's Terms for details on how they handle your data.

Other Service Providers

We use third-party providers for AI processing, hosting, and infrastructure to deliver the Service. Your content may be processed by these providers on our behalf. We only share the minimum data necessary.

We do not use any advertising services or sell your data to third parties.

6. Cookies

We use only essential cookies required for the Service to function (e.g., authentication) and analytics cookies via Google Analytics. We do not use advertising or tracking cookies.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account deletion, we remove your personal data within 30 days, except where retention is required by law.

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Delete your data ("right to be forgotten").
  • Restrict processing of your data.
  • Port your data to another service.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at [email protected].

9. Data Security

We use industry-standard technical and organizational measures to protect your data, including encrypted connections (TLS), secure authentication, and access controls.

10. International Transfers

Some of our service providers (e.g., Google) may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service.

12. Contact & Supervisory Authority

For privacy-related questions, contact us at [email protected].

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.