Skip to content

Privacy Policy

Effective date: 21 June 2026

Keryx ("Keryx", "the application") is open, self-hosted command-line software published by Matt Cockayne (phpboyscout.uk). This policy explains what data Keryx handles when you — the operator — run it to generate and publish short promotional videos to your own social media accounts.

Keryx is self-hosted

There is no Keryx server and no hosted service. You install and run the binary on your own machine or your own CI. Matt Cockayne and phpboyscout.uk do not operate Keryx on your behalf and do not receive, store, transmit, or have any access to your credentials, tokens, or content. All processing happens on infrastructure you control.

What data Keryx accesses

Keryx only handles data you explicitly provide or direct it to act on:

  • Account authorization. When you connect Keryx to a platform (Instagram, YouTube, TikTok, LinkedIn) it receives an OAuth access/refresh token and the basic account identifiers needed to publish on your behalf (for example the user id, channel id, or open id, and your account's allowed posting options).
  • Content you choose to publish. The video files, titles, captions, and hashtags you generate and direct Keryx to post.
  • Generation inputs. The blog-post text and any assets you supply to the video-generation step.

Keryx requests only the minimum permissions required to publish — for example TikTok video.publish + user.info.basic, YouTube youtube.upload, and Instagram content-publishing scopes. It does not read your feeds, message others, or access data unrelated to publishing your own content.

How Keryx uses data

Data is used solely to perform the actions you invoke: to generate media and to publish it to the accounts you have authorized. Keryx performs no profiling, advertising, or analytics, and does not sell, rent, or share your data, and does not use it to train any model.

Where data is stored

  • OAuth tokens are stored locally under your control — in your operating system keychain, a local configuration file, or, in CI, your own secret storage. They are never transmitted to phpboyscout.uk or to any third party other than the issuing platform itself during normal token refresh.
  • Keryx maintains no database and no central store. Generated media lives in your local project workspace.

Who data is shared with

Only the third parties you configure and direct, under their own terms and privacy policies:

  • The social platform you are posting to — receives the video and its caption/metadata when you publish.
  • The AI generation providers you enable for the generation step (by default Google Gemini for imagery and ElevenLabs for voice and music). The prompts, text, and assets needed to generate your media are sent to these providers when you run generation.

No other disclosure occurs.

Data retention and deletion

  • Tokens persist locally until they expire or you delete them (remove the keychain item or the config entry).
  • To revoke Keryx's access entirely, remove the application's authorization in the platform's own settings — for example:
    • TikTok: Settings → Security & permissions → Manage app permissions
    • Google / YouTube: Google Account → Security → Your connections to third-party apps
    • Instagram / Facebook: Settings → Business integrations
    • LinkedIn: Settings → Data privacy → Permitted services

then delete the local tokens. - Generated media is yours to keep or delete like any other local file.

Children

Keryx is a developer tool, not directed at or intended for children. The content it publishes is the operator's own.

Changes to this policy

We may update this policy. The effective date above reflects the current version; the full change history is tracked in the Keryx repository's git log.

Contact

Questions or data requests: matt@phpboyscout.uk.