Privacy Policy

1. Introduction

Kompozy is a product of BILT AI LLC(Delaware, USA). In this policy, "Kompozy," "we," "us," and "our" refer to BILT AI LLC operating under the Kompozy brand (DBA). Kompozy provides a content-creation, scheduling, and publishing platform for creators and businesses. This Privacy Policy describes how we collect, use, disclose, store, and protect information when you use our website, applications, and APIs (collectively, the "Service"). By using the Service, you agree to the practices described here.

2. Information We Collect

2.1 Information you provide directly

• Account data: name, email address, mobile phone number (when you opt in to SMS), hashed password, workspace name, company information, billing address.
• Source content: RSS feeds, social posts, transcripts, prompts, uploaded images, audio, and video — anything you configure as an input.
• Generated content: the text, images, audio, and video the Service produces on your behalf.
• Payment information: processed by Stripe; we do not store full payment-card numbers on our servers.
• Support communications: messages you send us via email or in-product chat.

2.2 Information collected automatically

• Usage telemetry: features used, generations created, posts published, error logs, latency metrics, IP address, browser, device, and operating-system identifiers.
• Cookies and similar technologies: essential cookies for authentication and session management; we do not use third-party advertising or cross-site tracking cookies.

2.3 Information from third-party platforms (including Meta)

When you connect a third-party platform account (such as Facebook, Instagram, YouTube, TikTok, X, LinkedIn, Pinterest, Threads, or Bluesky), we receive information from that platform with your authorization. From Meta Platforms (Facebook and Instagram), via the Facebook Login, Facebook Graph API, and Instagram Graph API, we may receive:

• your Meta user ID, name, profile picture, and email address (only fields you authorize);
• a list of Facebook Pages and Instagram Business/Creator accounts you manage and the access tokens needed to act on your behalf;
• Page and Instagram account metadata (name, ID, category, profile picture, follower counts where permitted);
• media, captions, comments, and insights/analytics for content you publish through Kompozy or that you authorize us to read;
• any additional data covered by the permission scopes you explicitly grant during the OAuth consent flow.

We only request the minimum permission scopes required to operate the features you enable (for example, pages_show_list, pages_read_engagement, pages_manage_posts, instagram_basic, instagram_content_publish, business_management). You can review and revoke these permissions at any time at facebook.com/settings?tab=business_tools.

3. How We Use Information

• To operate the Service: transform source content into output, schedule and publish posts to platforms you connect, track credits and usage.
• To act on your behalf with Meta and other platforms: read accounts you authorize, publish content you create or approve, and retrieve insights for analytics features inside Kompozy.
• To improve the product: aggregate usage patterns, identify bugs, prioritize features.
• To communicate with you: service updates, security alerts, billing notifications. Marketing emails are opt-in.
• To bill you: process payments through Stripe.
• To comply with law and enforce our terms: respond to lawful requests, prevent fraud or abuse, enforce our Terms of Service.

4. What We Do Not Do

• We do not sell your personal data.
• We do not use data obtained from Meta Platforms for advertising or to build user profiles outside the Service.
• We do not use your workspace content or your Meta data to train third-party AI models unless you explicitly opt in.
• We do not share Meta-sourced data with data brokers, ad networks, or analytics providers that would use it for their own purposes.

5. How We Share Information

We share information only as described below:

• Service providers (subprocessors): vendors who process data on our behalf under written data-processing agreements (listed in Section 6).
• Platforms you connect: when you publish to Facebook, Instagram, or any other connected platform, we transmit the content and metadata required by that platform's API.
• Legal and safety: when required by law, subpoena, or court order, or to protect the rights, property, or safety of Kompozy, our users, or the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to affected users.

6. Subprocessors

We rely on the following third-party services to deliver the Service. Each handles a specific slice of your data under a data-processing agreement:

• Supabase — authentication, database, file storage (data hosted in the United States).
• Vercel — application hosting and edge delivery.
• Trigger.dev — background job orchestration for content generation and publishing.
• Anthropic, OpenAI, Google (Gemini) — text and image generation; source content is sent per request and is not used to train third-party models.
• HeyGen — AI avatar video generation for persona-led video output.
• ElevenLabs — voice synthesis and voice cloning for persona audio.
• Apify — managed scrapers for public TikTok, Instagram, and other ingestion sources.
• Meta Platforms — direct Facebook Graph API and Instagram Graph API access for publishing and analytics on accounts you authorize.
• GoHighLevel and Blotato — alternative publishing routes to social networks where configured.
• Stripe — payment processing.
• Mailchimp — newsletter delivery (only when you configure it).
• Pexels — stock B-roll for video composition.

7. Data Storage, Security, and International Transfers

Data is stored on servers operated by our hosting providers, primarily in the United States. All data in transit is encrypted via TLS. OAuth access tokens (including Meta access tokens) and API keys are encrypted at rest. We employ least-privilege access controls, audit logs for administrative actions, periodic security review, and segregation of customer data by workspace via row-level security. If you are located outside the United States, your information will be transferred to and processed in the United States and other jurisdictions where our subprocessors operate, subject to appropriate safeguards.

8. Data Retention

Account and workspace data is retained while your account is active. After account deletion, we retain data for up to 30 days to allow export and recovery, then permanently delete it within 90 days, except where longer retention is required by law (for example, tax, accounting, or fraud-prevention records). Aggregated, anonymized usage statistics that cannot be tied to an individual may be retained longer.

Meta-specific retention: Meta access tokens and the minimum metadata required to operate features you enable are retained while your Meta connection is active. When you disconnect a Meta account or delete your Kompozy account, we revoke the access token and delete associated Meta data within 30 days, subject to backup-rotation windows.

9. Your Rights and Choices

You can:

• Access and export your workspace data from Settings → Data Export.
• Disconnect a Meta account at any time from Settings → Connections; this revokes the access token and stops further data access.
• Revoke Kompozy's access from Meta directly at facebook.com/settings?tab=business_tools.
• Delete your account from Settings → Account, or by emailing privacy@kompozy.io.
• Request data deletion using the dedicated process described in Section 10.

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA, including the right to access, correct, port, restrict, or object to processing of your personal data, and the right to lodge a complaint with a supervisory authority. To exercise any of these rights, email privacy@kompozy.io. We will respond within the timeframes required by applicable law.

10. User Data Deletion (Meta Compliance)

In accordance with Meta Platform Terms, you may request deletion of data we obtained from Meta about you at any time. Two paths are available:

• In-app: go to Settings → Connections, click Disconnect next to your Facebook or Instagram account, and then click Delete Meta Data. We will revoke the access token, delete Meta-sourced records, and confirm completion by email.
• By email: send a request to privacy@kompozy.iowith the subject "Meta Data Deletion Request" and the email address associated with your Kompozy account. We will process the request within 30 days and reply with a confirmation code that you can verify against Meta's deletion-callback log.

Our Data Deletion Instructions URL, as registered with Meta, is https://bilt-kontent-engine.vercel.app/data-deletion.

11. Children's Privacy

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the age of digital consent). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in-product and/or by email at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.

13. SMS / Text Messaging Communications

Kompozy operates an SMS program for account, transactional, and free-trial-related communications. This section explains what we collect, how we use it, and how it is shared. It is intended to satisfy the disclosure requirements of U.S. mobile carriers and The Campaign Registry (TCR) for Application-to-Person (A2P 10DLC) messaging.

13.1 Information collected for SMS

• Mobile phone number: collected only when you affirmatively opt in (for example, by entering your number in a Kompozy signup, free-trial, or settings form and confirming consent).
• Consent records: the date, time, IP address, and form/page where you provided opt-in, plus a copy of the disclosure you accepted, retained as a record of consent.
• Delivery metadata: message status, timestamps, carrier responses, and STOP/HELP keyword history needed to operate the program.

13.2 How we use SMS information

• To send messages you opted in to receive, including free-trial onboarding reminders, account notifications, security alerts, billing notices, and (where you separately opted in) promotional messages about Kompozy.
• To honor STOP, UNSUBSCRIBE, CANCEL, END, QUIT, and HELP keyword requests.
• To maintain audit-quality records of consent, opt-out, and message delivery as required by the TCPA, FCC rules, and carrier policies.

13.3 Sharing of SMS / mobile information

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

The only third parties that receive your mobile number and message content are the licensed communications service providers we use to deliver SMS on our behalf (for example, our messaging aggregator, the mobile carriers themselves, and, where applicable, GoHighLevel as the platform routing the message). These providers act as subprocessors under written agreements and may not use your mobile information for their own marketing or resell it.

13.4 Program details

• Brand / sender: BILT AI LLC (dba Kompozy). Messages are sent under the Kompozy brand by its legal entity, BILT AI LLC.
• Program name: Kompozy SMS Alerts.
• Message types: account / transactional notifications, free-trial reminders, security alerts, billing notices, and (only with separate explicit opt-in) promotional messages.
• Message frequency: message frequency varies based on your account activity and the trial/onboarding events you trigger.
• Cost: message and data rates may apply, depending on your mobile plan.
• Opt-out: reply STOP to any message at any time to stop receiving SMS. We will send a one-time confirmation that you have been unsubscribed.
• Help: reply HELP for assistance, or email support@kompozy.io.
• Consent is not a condition of purchase of any Kompozy product or service.
• Carrier support: compatible with major U.S. carriers including AT&T, T-Mobile, Verizon Wireless, Sprint, U.S. Cellular, Boost Mobile, MetroPCS, Cricket, and others. Carriers are not liable for delayed or undelivered messages.

13.5 Retention of SMS data

Consent records and opt-out records are retained for as long as required by the TCPA, FCC rules, and carrier policy (generally at least four years after the last message sent), even if you delete your Kompozy account, so we can prove the lawful basis for any historical message.

14. Contact

For privacy questions, data-access requests, or data-deletion requests, email privacy@kompozy.io. For all other inquiries, email support@kompozy.io.

Phone: +1 (912) 915-2929

Mailing address:
BILT AI LLC (dba Kompozy)
7901 4th Street N, Suite 300
St Petersburg, FL 33702
United States