1. Overview
This Privacy Policy describes how Leviathan Systems ("we," "us," "our") collects, uses, stores, and protects information when you use the services at growth.leviathansi.xyz (the "Services"), including the LVTN Content Swarm autonomous social media management tools.
2. Information We Collect
2.1 Information You Provide
- Account Credentials: OAuth tokens (access tokens, refresh tokens, open IDs) for TikTok, Instagram, YouTube, X/Twitter — provided when you authorize the Services via each platform's OAuth flow
- API Keys: Keys for AI providers (OpenAI, Stability AI, Runway, Pika) you configure
- Configuration Data: Posting schedules, engagement rules, content templates, hashtag lists, safety settings
- Contact Information: Email address if you contact us for support
2.2 Information Collected Automatically
- Usage Logs: Timestamps, API calls, posting activity, engagement actions, error logs
- Performance Metrics: Views, likes, comments, shares, follower counts retrieved from platform APIs
- Technical Data: IP address, user agent, device info (standard web server logs)
2.3 Information from Third Parties
- Platform APIs: Profile info (display name, avatar, open ID), post metrics, comments, follower data — retrieved via authorized API calls
- AI Providers: Generated content (images, videos, text) returned from API calls you initiate
3. How We Use Information
| Purpose | Legal Basis |
|---|---|
| Operate the Services (post content, engage, schedule) | Contract performance |
| Authenticate and authorize platform API calls | Contract performance |
| Store and manage your configuration | Contract performance |
| Generate analytics and performance reports | Legitimate interest |
| Debug errors and improve reliability | Legitimate interest |
| Respond to support requests | Contract performance |
| Comply with legal obligations | Legal obligation |
4. Data Storage & Security
4.1 Local Storage
All data is stored locally on your infrastructure (SQLite database in ./data/swarm.db, .env file for secrets, ./output/ for generated media). We do not operate a centralized cloud database for your data.
4.2 Encryption
- OAuth tokens and API keys are stored in your
.envfile (plaintext at rest — protect your server) - Data in transit uses HTTPS/TLS for all API communications
- No encryption at rest is provided by the software — you are responsible for disk encryption
4.3 Retention
| Data Type | Retention |
|---|---|
| OAuth tokens | Until you revoke access or delete the .env file |
| Posts/Engagements | Indefinite in local SQLite unless you delete the database |
| Generated media | Stored in ./output/ until manually deleted |
| Logs | Rotated per your logging configuration (default: swarm.log) |
5. Data Sharing
We do not sell, rent, or share your data with third parties except:
| Recipient | Purpose |
|---|---|
| Social Platforms (TikTok, Meta, Google, X) | API calls you authorize (posting, reading metrics, engagement) |
| AI Providers (OpenAI, Stability, Runway, Pika) | Content generation requests you initiate |
| Your Infrastructure | All data resides on your servers/containers |
| Legal Authorities | Only if required by law or valid legal process |
6. Your Rights
Depending on your jurisdiction, you may have rights to:
- Access your data (query the local SQLite database)
- Rectify inaccurate configuration data
- Erase data by deleting the database,
.env, and output files - Port your data (export from SQLite/JSON)
- Object to processing (stop the swarm, revoke OAuth tokens)
- Withdraw consent (disconnect platforms via their settings)
To exercise these rights, you control the infrastructure — delete or modify files directly.
7. Platform-Specific Notes
7.1 TikTok
- Access tokens expire in 24 hours; refresh tokens last 365 days
open_idis stored to identify the authorized user- Videos posted via API go to user's inbox as drafts for review
7.2 Instagram/Meta
- Long-lived access tokens (60 days) refreshed via Meta's flow
- Business Account ID stored for API routing
7.3 YouTube/Google
- OAuth 2.0 with offline access (refresh tokens)
- Tokens refreshed automatically before expiry
7.4 X/Twitter
- OAuth 2.0 with PKCE (
code_verifier) - Bearer token and user access tokens stored
8. AI Provider Data
When you use AI generation features:
- Prompts and generated content are sent to the respective AI provider
- Each provider has its own data retention and training policies
- We do not control or have visibility into provider-side data handling
- Review each provider's privacy policy: OpenAI, Stability AI, Runway ML, Pika
10. Children's Privacy
The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided data, contact us and we will delete it.
11. International Transfers
Your data resides on the infrastructure you control. If you deploy to servers outside your home jurisdiction, you are responsible for compliance with applicable data transfer laws (GDPR, CCPA, etc.).
12. Security Incident Notification
We do not operate a centralized service — security of your deployment is your responsibility. If you discover a breach of your local data, you are responsible for any required notifications.
13. Changes to This Policy
We may update this Privacy Policy. Changes will be posted at growth.leviathansi.xyz/privacy with an updated "Last Updated" date. Continued use constitutes acceptance.
14. Contact
Leviathan Systems
Email: privacy@leviathansi.xyz
Website: https://growth.leviathansi.xyz
Appendix: Data Inventory
| Data Type | Source | Stored Where | Retention |
|---|---|---|---|
| OAuth Access Tokens | Platform OAuth | .env (plaintext) | Until revoked |
| OAuth Refresh Tokens | Platform OAuth | .env (plaintext) | Until revoked |
| Open IDs | Platform OAuth | .env + SQLite | Until revoked |
| AI API Keys | User input | .env (plaintext) | Until removed |
| Post Records | Service operation | SQLite (swarm.db) | Indefinite |
| Engagement Logs | Service operation | SQLite (swarm.db) | Indefinite |
| Analytics Snapshots | Platform APIs | SQLite (swarm.db) | Indefinite |
| Generated Media | AI Providers | ./output/ filesystem | Until deleted |
| Configuration | User input | config.yaml + SQLite | Until changed |
| Application Logs | Service operation | swarm.log (rotating) | Per log config |