Privacy Policy

growth.leviathansi.xyz — Leviathan Systems

Last Updated: July 2025 | Effective Date: July 2025

1. Overview

This Privacy Policy describes how Leviathan Systems ("we," "us," "our") collects, uses, stores, and protects information when you use the services at growth.leviathansi.xyz (the "Services"), including the LVTN Content Swarm autonomous social media management tools.

2. Information We Collect

2.1 Information You Provide

  • Account Credentials: OAuth tokens (access tokens, refresh tokens, open IDs) for TikTok, Instagram, YouTube, X/Twitter — provided when you authorize the Services via each platform's OAuth flow
  • API Keys: Keys for AI providers (OpenAI, Stability AI, Runway, Pika) you configure
  • Configuration Data: Posting schedules, engagement rules, content templates, hashtag lists, safety settings
  • Contact Information: Email address if you contact us for support

2.2 Information Collected Automatically

  • Usage Logs: Timestamps, API calls, posting activity, engagement actions, error logs
  • Performance Metrics: Views, likes, comments, shares, follower counts retrieved from platform APIs
  • Technical Data: IP address, user agent, device info (standard web server logs)

2.3 Information from Third Parties

  • Platform APIs: Profile info (display name, avatar, open ID), post metrics, comments, follower data — retrieved via authorized API calls
  • AI Providers: Generated content (images, videos, text) returned from API calls you initiate

3. How We Use Information

PurposeLegal Basis
Operate the Services (post content, engage, schedule)Contract performance
Authenticate and authorize platform API callsContract performance
Store and manage your configurationContract performance
Generate analytics and performance reportsLegitimate interest
Debug errors and improve reliabilityLegitimate interest
Respond to support requestsContract performance
Comply with legal obligationsLegal obligation

4. Data Storage & Security

4.1 Local Storage

All data is stored locally on your infrastructure (SQLite database in ./data/swarm.db, .env file for secrets, ./output/ for generated media). We do not operate a centralized cloud database for your data.

4.2 Encryption

  • OAuth tokens and API keys are stored in your .env file (plaintext at rest — protect your server)
  • Data in transit uses HTTPS/TLS for all API communications
  • No encryption at rest is provided by the software — you are responsible for disk encryption

4.3 Retention

Data TypeRetention
OAuth tokensUntil you revoke access or delete the .env file
Posts/EngagementsIndefinite in local SQLite unless you delete the database
Generated mediaStored in ./output/ until manually deleted
LogsRotated per your logging configuration (default: swarm.log)

5. Data Sharing

We do not sell, rent, or share your data with third parties except:

RecipientPurpose
Social Platforms (TikTok, Meta, Google, X)API calls you authorize (posting, reading metrics, engagement)
AI Providers (OpenAI, Stability, Runway, Pika)Content generation requests you initiate
Your InfrastructureAll data resides on your servers/containers
Legal AuthoritiesOnly if required by law or valid legal process

6. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your data (query the local SQLite database)
  • Rectify inaccurate configuration data
  • Erase data by deleting the database, .env, and output files
  • Port your data (export from SQLite/JSON)
  • Object to processing (stop the swarm, revoke OAuth tokens)
  • Withdraw consent (disconnect platforms via their settings)

To exercise these rights, you control the infrastructure — delete or modify files directly.

7. Platform-Specific Notes

7.1 TikTok

  • Access tokens expire in 24 hours; refresh tokens last 365 days
  • open_id is stored to identify the authorized user
  • Videos posted via API go to user's inbox as drafts for review

7.2 Instagram/Meta

  • Long-lived access tokens (60 days) refreshed via Meta's flow
  • Business Account ID stored for API routing

7.3 YouTube/Google

  • OAuth 2.0 with offline access (refresh tokens)
  • Tokens refreshed automatically before expiry

7.4 X/Twitter

  • OAuth 2.0 with PKCE (code_verifier)
  • Bearer token and user access tokens stored

8. AI Provider Data

When you use AI generation features:

  • Prompts and generated content are sent to the respective AI provider
  • Each provider has its own data retention and training policies
  • We do not control or have visibility into provider-side data handling
  • Review each provider's privacy policy: OpenAI, Stability AI, Runway ML, Pika

9. Cookies & Tracking

The Services do not use cookies, tracking pixels, or analytics scripts. No client-side tracking occurs. Server logs contain standard HTTP request metadata only.

10. Children's Privacy

The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us and we will delete it.

11. International Transfers

Your data resides on the infrastructure you control. If you deploy to servers outside your home jurisdiction, you are responsible for compliance with applicable data transfer laws (GDPR, CCPA, etc.).

12. Security Incident Notification

We do not operate a centralized service — security of your deployment is your responsibility. If you discover a breach of your local data, you are responsible for any required notifications.

13. Changes to This Policy

We may update this Privacy Policy. Changes will be posted at growth.leviathansi.xyz/privacy with an updated "Last Updated" date. Continued use constitutes acceptance.

14. Contact

Leviathan Systems
Email: privacy@leviathansi.xyz
Website: https://growth.leviathansi.xyz

Appendix: Data Inventory

Data TypeSourceStored WhereRetention
OAuth Access TokensPlatform OAuth.env (plaintext)Until revoked
OAuth Refresh TokensPlatform OAuth.env (plaintext)Until revoked
Open IDsPlatform OAuth.env + SQLiteUntil revoked
AI API KeysUser input.env (plaintext)Until removed
Post RecordsService operationSQLite (swarm.db)Indefinite
Engagement LogsService operationSQLite (swarm.db)Indefinite
Analytics SnapshotsPlatform APIsSQLite (swarm.db)Indefinite
Generated MediaAI Providers./output/ filesystemUntil deleted
ConfigurationUser inputconfig.yaml + SQLiteUntil changed
Application LogsService operationswarm.log (rotating)Per log config