Privacy Policy
Last updated: March 26, 2026
1. Introduction
DigiShift Consulting LLC ("DigiShift," "we," "us," "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including the DigiShift Media Manager platform, our websites, and related tools (collectively, the "Services").
By using our Services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Services.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, company name, and contact details provided during registration or through our contact form
- Content: Scripts, media files, metadata, and other content you create or upload through our platform
- Platform credentials: OAuth tokens and account identifiers for connected services (YouTube, TikTok, Instagram). We never store your platform passwords.
- Communications: Messages sent through our contact form, support channels, or Telegram interface
- Payment information: Billing details processed through third-party payment processors (we do not store credit card numbers)
2.2 Information Collected Automatically
- Usage data: API calls, content pipeline metrics, feature usage patterns
- Performance data: Content performance metrics from connected platforms (views, engagement, revenue) used to optimize our Services
- Log data: IP addresses, browser type, timestamps, referring URLs, and pages visited
- Device information: Operating system, device type, and screen resolution
2.3 Information from Third-Party Platforms
When you connect your YouTube, TikTok, or Instagram accounts, we receive:
- Account/channel identifiers and profile information
- Content performance metrics (views, likes, comments, shares, watch time)
- Revenue and monetization data (where authorized)
- Audience demographic data (aggregate, not individual)
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide, maintain, and improve our Services | Contract performance |
| Process and publish content to connected platforms on your behalf | Contract performance |
| Generate analytics, performance reports, and content optimization recommendations | Legitimate interest |
| AI-assisted content generation (scripts, metadata, thumbnails) | Contract performance |
| Communicate about your account, updates, and support requests | Contract performance |
| Ensure security, detect fraud, and prevent abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Improve our AI models and content optimization algorithms using aggregated, de-identified data | Legitimate interest |
4. AI and Automated Processing
Our Services use artificial intelligence and automated processing for:
- Content generation: AI models generate scripts, video metadata, thumbnail designs, and content recommendations
- Content optimization: A/B testing and performance analysis to improve content quality
- Scheduling: Automated determination of optimal publishing times and content pacing
AI-generated content is produced by third-party AI providers (Google Gemini, Anthropic Claude). Your content prompts may be processed by these providers subject to their respective privacy policies. We do not send your personal information to AI providers; only content-related data necessary for generation.
5. Third-Party Platform Data
When you connect your platform accounts, we access only the data necessary to provide our Services. Specifically:
5.1 YouTube (Google)
We use the YouTube Data API v3 to upload videos, manage metadata, and retrieve analytics. Our use of YouTube data is governed by Google's Privacy Policy. You can revoke access at any time via Google Security Settings.
5.2 TikTok
We use TikTok's Content Posting API to publish video content. Our use of TikTok data is governed by TikTok's Privacy Policy. You can revoke access through TikTok's app settings.
5.3 Instagram (Meta)
We use the Instagram API with Instagram Login to publish Reels and manage content. Our use of Instagram data is governed by Meta's Privacy Policy. You can revoke access through Instagram's connected apps settings.
We do not sell, rent, or share your platform data with any third parties beyond what is necessary to provide the Services.
6. Data Storage, Security, and Transfers
6.1 Storage
Your data is stored on secure servers located in Falkenstein, Germany (EU) and Backblaze B2 cloud storage in the United States. Media files are replicated across multiple regions for redundancy. Database backups are performed daily and encrypted.
6.2 Security Measures
We implement industry-standard security measures including:
- TLS 1.2/1.3 encryption for all data in transit
- Encrypted storage for credentials and sensitive data
- Access controls and principle of least privilege
- Regular security audits and vulnerability assessments
- Automated daily backups with cross-region replication
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6.3 International Data Transfers
Your data may be transferred between the European Union (server infrastructure) and the United States (cloud storage, AI providers, platform APIs). These transfers are conducted in compliance with applicable data protection laws, including the use of Standard Contractual Clauses where required by GDPR.
7. Data Retention
- Account data: Retained for as long as your account is active
- Content and media: Retained until you delete it or your account is terminated
- Performance analytics: Retained in aggregated form to improve our Services
- Log data: Retained for 90 days for security and debugging purposes
- Backup data: Database backups retained for 8 days; media backups retained indefinitely unless deletion is requested
Upon account termination, we will delete your personal information within 90 days, except where retention is required by law or legitimate business purposes (e.g., fraud prevention, dispute resolution).
8. Data Sharing
We do not sell your personal information. We may share information with:
- Service providers: Cloud hosting (Hetzner, Backblaze), AI providers (Google, Anthropic), and other services necessary to operate. These providers process data only on our behalf and are bound by data processing agreements.
- Platform APIs: Content, metadata, and authorized account data shared with YouTube, TikTok, and Instagram as necessary to publish and manage content you've authorized.
- Legal requirements: When required by law, regulation, subpoena, court order, or legal process.
- Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.
9. Your Rights
9.1 General Rights
Regardless of your location, you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information
- Portability: Request your data in a structured, machine-readable format
- Revoke platform access: Disconnect any connected platform account at any time
To exercise these rights, contact us at info@digishiftconsulting.com or use our contact form. We will respond within 30 days.
9.2 European Economic Area (GDPR)
If you are located in the EEA, you have additional rights under the General Data Protection Regulation:
- Right to restrict processing of your personal data
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time (without affecting prior processing)
- Right to lodge a complaint with your local data protection authority
Our legal bases for processing are: contract performance, legitimate interest, and consent, as detailed in Section 3.
9.3 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
- Right to delete: You may request deletion of your personal information, subject to certain exceptions
- Right to opt-out of sale: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
Categories of personal information collected in the past 12 months: Identifiers (name, email), internet activity (usage data, log data), professional information (company name), and content you provide. We do not collect sensitive personal information as defined by the CPRA.
10. Data Deletion
You may request deletion of your data at any time by:
- Emailing info@digishiftconsulting.com with the subject "Data Deletion Request"
- Using our contact form and selecting the appropriate option
Upon receiving a verified deletion request, we will:
- Delete your account and personal information within 30 days
- Delete your content and media files from active storage within 30 days
- Remove your data from backups within 90 days
- Revoke all connected platform tokens
- Confirm deletion via email
We may retain certain data where required by law or for legitimate purposes such as fraud prevention or resolving disputes.
11. Cookies and Tracking
Our website uses:
- Essential cookies: Required for basic site functionality (session management)
- reCAPTCHA cookies: Google reCAPTCHA on our contact form sets cookies to verify human visitors. These are governed by Google's Privacy Policy.
We do not use advertising cookies, tracking pixels, or third-party analytics. We do not participate in cross-site tracking or behavioral advertising.
12. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child, please contact us immediately.
13. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of becoming aware of the breach (as required by GDPR)
- Provide details of the breach, the data affected, and steps we are taking to address it
- Notify relevant data protection authorities where required by law
- Offer guidance on steps you can take to protect yourself
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the revised policy on this page with an updated "Last updated" date and, where practicable, by email. Your continued use of our Services after the effective date constitutes acceptance. We encourage you to review this policy periodically.
15. Contact
For privacy-related inquiries, data requests, or concerns, contact us at:
- DigiShift Consulting LLC
- Email: info@digishiftconsulting.com
- Web: digishiftconsulting.com/contact
For EU data protection inquiries, you may also contact your local supervisory authority.