Legal

Privacy Policy — Built by Asteris

Last updated: 6 May 2026 · WOW Enterprise Company (My Cosmic Message Pty Ltd · ABN 30 652 358 159)

Plain English, no dark patterns, no legalese hiding things. If anything's unclear, email service@builtbyasteris.com.

Scope of this Privacy Policy

This Privacy Policy applies to the Built by Asteris application and all of its constituent apps:

Plan — social media scheduling, brand voice scoring, multi-platform publishing (including TikTok via the Built by Asteris developer integration)
Forge — content transformation from source material into platform-native posts
Bank — idea capture and AI Council synthesis

Built by Asteris is the operating brand and registered application name for our software. References below to "the service", "we", "our", or "us" mean Built by Asteris and the apps listed above, operated by WOW Enterprise Company (My Cosmic Message Pty Ltd, ABN 30 652 358 159).

1. What we collect

We collect the minimum information needed to deliver the service.

Account data — name, email address, and password (managed via Clerk). We never see your raw password.
Content you create — posts, brand voice profiles, Forge transforms, Bank ideas, and related metadata. This stays yours. We process it to deliver the service and never use it for training.
Billing data — handled entirely by Stripe. We store your subscription status and plan tier. We never see your full card number.
Anonymous usage analytics — page views, feature usage counts, error rates. No personal identifiers attached.
Support communications — emails and messages you send to our support addresses.

2. What we don't do

We do not train AI models on your content. We do not sell your data. We do not run ad networks or third-party tracking pixels. We do not share your content with anyone except the service providers required to deliver the product.

3. Where data lives

We use the following service providers. All operate under enterprise-grade SOC 2 / ISO 27001 or equivalent certifications.

Cloudflare D1 / R2

Primary database and file storage · Global edge, AU primary

Clerk

Authentication and account management

Stripe

Payment processing and subscription billing

Resend

Transactional email (receipts, alerts)

AI Gateway

Multi-model frontier AI access — training opt-out configured

Speech-to-text

Audio transcription — Forge only · training opt-out configured

All AI API providers are configured to opt out of training on submitted content. Your content is processed to produce your requested output and is not retained by these providers beyond what their data retention policies require.

3a. Connected social platforms

Plan, the scheduling app within Built by Asteris, publishes to your connected social platforms on your behalf. Each platform's data handling is described below.

TikTok

When you connect a TikTok account to Plan (operated under the Built by Asteris developer integration), we use TikTok's Login Kit (OAuth 2.0) and Content Posting API to publish posts you've authored and scheduled. Specifically:

What we receive from TikTok: your TikTok open ID, display name, and avatar (via the user.info.basic scope). Built by Asteris does NOT receive your TikTok password, email, phone number, follower list, DMs, or video viewing history.
What we send to TikTok: only the videos and captions you explicitly schedule for publication via Plan, sent at the scheduled time via the video.publish scope. Drafts and unscheduled posts are never sent.
Storage: TikTok access and refresh tokens are encrypted at rest in the Built by Asteris database. Tokens are deleted when you disconnect TikTok from Plan or delete your Built by Asteris account.
Retention: Built by Asteris keeps tokens only as long as your TikTok integration is connected. After disconnection or account deletion, tokens are purged within 24 hours.
Sharing: Built by Asteris does not sell, share, or transfer TikTok data to any third party. TikTok data is used exclusively to publish posts on your behalf via Plan.
Disconnect at any time: Settings → Connected accounts → Disconnect TikTok. This revokes Built by Asteris's access immediately and purges stored tokens.

Your use of TikTok via Built by Asteris remains subject to TikTok's Terms of Service and Privacy Policy.

The same data-handling principles apply to all other connected platforms within Plan (LinkedIn, X / Twitter, Instagram, Threads, Facebook, YouTube, Bluesky): minimum-scope OAuth, encrypted token storage, no sharing, immediate revocation on disconnect.

4. Your rights

Export your data — available from Settings → Data at any time. Produces a JSON export of your account, voice profiles, posts, and Bank ideas.
Delete your account — available from Settings → Danger Zone. Deletion cascades: your Stripe subscription is cancelled in the same call, your content is purged from our database, and your Clerk account is deleted.
GDPR requests — for data access, rectification, or portability requests under GDPR, email service@builtbyasteris.com. We respond within 5 business days.
Australian Privacy Act — we comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

5. Cookies

We use essential cookies only. See our Cookie Policy for the full list. No tracking cookies, no advertising cookies, no third-party cookies.

Clerk session cookie — keeps you logged in
Theme preference — remembers your light/dark preference
Dismissed banner state — remembers banners you've closed

6. Changes to this policy

Material changes are emailed to all active account holders 30 days before taking effect. Non-material changes (spelling corrections, clarifications) may be made without notice. The "Last updated" date at the top of this page always reflects the most recent revision.

7. Contact

Privacy questions, GDPR requests, data deletion requests, and security disclosures: service@builtbyasteris.com

WOW Enterprise Company · My Cosmic Message Pty Ltd · ABN 30 652 358 159 · Sydney, NSW, Australia