Privacy policy.

This policy applies to brands and the people acting on a brand's behalf when they use Panoverse — the marketing site, the dashboard at panoverse.com, and any related APIs or services we operate. It does not cover third-party sites we link to, or the separate creator network run by Kolect.

We collect three buckets of data, all in service of running the platform.

• Account data. Name, email, and authentication identifiers from our identity provider (Clerk). If you join a brand workspace, we record your role and which brand you belong to.
• Brand and product data. Anything you upload or write into the dashboard — brand profile, product descriptions, product photos, reference videos, scripts, briefs, comments, and the deliverables we produce for you.
• Billing data. Payment information is collected and stored by Stripe; we receive a token plus invoice metadata (amount, status, last-four). We do not store full card numbers.
• Connected ad-platform and commerce data. When you connect a Meta Ads, TikTok Ads, Google Ads, or Shopify account, we receive an OAuth access token plus the campaign, performance, and order data you authorize. The exact scopes and data fields are listed in section 04 below.
• Usage and operational telemetry. Standard request logs (timestamp, IP, route, response code), production logs (which AI calls were made for which deliverable, the cost, the prompt, the output), and basic product analytics. We do not run third-party advertising trackers.

• To produce your videos. Brand and product data is sent to AI providers (see subprocessors below) so they can generate the images and clips that make up your deliverables.
• To run the platform. Account, role, and usage data is used to authenticate, route requests, enforce quotas, and surface a per-deliverable production timeline in the dashboard.
• To bill you. Usage and pricing data drive invoices and balance accounting. Billing identity goes to Stripe.
• To support you. When you contact us, we use your messages and account context to investigate and respond.
• To improve Panoverse. We analyze aggregated, de-identified usage patterns to make the product better. We do not sell your data, and we do not use your brand assets or deliverables to train our own models.

Panoverse can connect to your ad and commerce platforms so we can report on how the creatives we deliver actually perform. All connections are opt-in, made through the platform's own OAuth flow, and can be disconnected at any time from dashboard › integrations. The sections below describe what we ask for and what we do with it, platform by platform.

Meta (Facebook & Instagram).

When you click "Connect Meta Ads," we redirect you to Facebook's OAuth consent screen. The permissions we request are limited to what we need to read your campaign performance and match it to Panoverse-produced creatives:

• ads_read. Read your ad accounts, campaigns, ad sets, ads, and Insights metrics.
• business_management. List the ad accounts and Pages in your Business Manager so you can pick which ones to connect.
• pages_show_list. Enumerate the Pages you administer so we can attribute ad creatives to the Page that ran them.
• instagram_basic. Read basic metadata for Instagram business accounts linked to your Pages, so Instagram-side ad performance can be attributed back to Panoverse creatives.

After you authorize the connection, we periodically read the following data on your behalf via the Meta Marketing API:

• Account-level. Ad account ID, name, currency, time zone, and the parent Business Manager ID.
• Campaign hierarchy. Campaign, ad set, and ad IDs, names, status, objective, and schedule.
• Performance Insights. Spend, impressions, reach, clicks, CPM, CPC, CTR, conversions, purchase ROAS, frequency, and video-view metrics at the campaign / ad-set / ad granularity you select.
• Creative metadata. For each ad: the creative ID, body text, link, and the image or video asset IDs — used to match Meta-side performance to the Panoverse deliverable that was uploaded.
• Page and Pixel identifiers. Page IDs and Pixel / dataset IDs you have authorized, used only to scope insight queries and creative-attribution.

We use Meta data only to (a) display performance in your Panoverse dashboard, (b) attribute the performance of Panoverse-produced creatives, and (c) inform the category-level signal that drives our research and recommendation features. We do not use Meta data to retarget users, build custom audiences, run advertising of our own, or sell to third parties. We do not share Meta data with anyone outside the infrastructure subprocessors listed in section 05, and we have not been granted permission to read your Page's organic content beyond what is required to attribute ad creatives.

The OAuth refresh token and the data above are encrypted at rest in Supabase and accessed only by your authorized brand workspace. You can disconnect at any time from dashboard › integrations; this revokes the stored token, stops further data pulls, and deletes cached Meta-derived data within 30 days. You can also revoke Panoverse's app from your Meta account at any time at facebook.com/settings/?tab=business_tools.

Data deletion request: Per Meta's Platform Terms, you can request immediate deletion of all Meta-derived data we hold by emailing steven@kolect.ai with the subject line "Meta data deletion" and the ad account or business ID involved. We will confirm deletion within 30 days. Panoverse complies with Meta's Platform Terms and Developer Policies; if we ever lose access to those APIs (because Meta revokes our app, or because you revoke consent), the cached data is purged on the same 30-day schedule.

Public Meta Ad Library.

Separately from the OAuth flow above, Panoverse scrapes the public Meta Ad Library to find competitor creatives running in your category. This is public data published by Meta and does not require any user's consent. The only personal data involved is whatever advertisers themselves chose to make public through the Ad Library (advertiser name, Page name, ad creative). We never link Ad Library data to a specific individual viewer.

TikTok Ads.

When you connect a TikTok Ads account, we use TikTok's Business OAuth to read advertiser ID, campaign / ad-group / ad hierarchy, performance metrics (spend, impressions, clicks, completion rate, conversions), and ad creative metadata. Use, storage, and deletion behavior mirrors the Meta section above: data is used only for performance reporting and creative attribution, encrypted at rest, and purged within 30 days of disconnection.

Google Ads.

When you connect a Google Ads account, we use Google's OAuth to read customer ID, campaign / ad-group / ad hierarchy, performance metrics, and creative metadata via the Google Ads API. Use, storage, and deletion behavior mirrors the Meta section above. Panoverse complies with the Google API Services User Data Policy, including the Limited Use requirements: Google user data is never used for advertising of our own or transferred to anyone outside the subprocessors in section 05.

Shopify.

When you connect a Shopify store, we use Shopify's OAuth to read shop metadata, order summaries, and product catalog entries you authorize. We use this data to attribute Panoverse-produced creatives to the orders they generated. We do not read individual customer profiles or store payment data.

We rely on a small set of third parties to operate the platform. They each receive only the data they need.

Each provider operates under its own privacy and data-processing terms. We maintain the current named list of AI model providers and other auxiliary subprocessors and will share it on request under a standard NDA — email steven@kolect.ai.

When we generate a video, your prompts, product images, and reference assets are sent to the AI providers above so they can return outputs. We pass your data to those providers under agreements that prohibit using your inputs or outputs to train their foundation models. Panoverse itself does not train models on customer data.

Account data lives for as long as your account is active. Brand assets, scripts, production logs, and deliverables are retained for as long as your brand workspace exists, plus a 90-day grace window after deletion so we can recover from operator error. Billing records are retained for seven years to meet tax and accounting requirements. You can request earlier deletion by emailing steven@kolect.ai.

All traffic to Panoverse uses TLS. Data at rest in Supabase is encrypted. Access to production systems is limited to a small number of engineers and is logged. We are not SOC 2 certified today and we'll say so plainly here when that changes.

Depending on where you live, you may have the right to:

• Access. Request a copy of the personal data we hold about you.
• Correct. Ask us to fix data that is wrong or out of date.
• Delete. Ask us to delete your account and the personal data attached to it.
• Export. Receive your brand's deliverables and metadata in a portable format.
• Object or restrict. Tell us to stop or limit specific uses of your data.

Email steven@kolect.ai from the address on your account and we'll respond within 30 days.

We use a small number of strictly-necessary cookies to keep you signed in (set by Clerk) and to remember UI preferences. We do not use cookies for advertising or cross-site tracking. Your browser's "do not track" signal is honored where it applies.

Panoverse is operated from the United States and our infrastructure providers are predominantly US-based. If you access the platform from outside the United States, your data will be transferred to and processed in the US under Standard Contractual Clauses where required.

Panoverse is a B2B product not directed to anyone under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we'll remove the account.

When we make a material change, we'll update the effective date at the top of this page and notify active brand admins by email. Continued use after a change means you accept the updated policy.

Panoverse is operated by Kolect, Inc. For privacy questions or requests, write to steven@kolect.ai. For everything else, the in-app chat is faster.