Privacy Policy

To provide the service, we process the following categories of data:

• Account information: your name, email address and the information you provide when creating an account.
• Connected platform data: the OAuth access tokens obtained when you connect your Instagram and LinkedIn accounts. These tokens are stored encrypted at rest and are used only for the actions you request, such as publishing content and managing messages on your behalf.
• Content data: the posts, images, videos, drafts, calendar plans and message automation rules you create or upload.
• Usage data: technical records of how you use the service (session information, activity logs, credit usage, error logs, IP address).
• Payment data: subscription status and invoice references. Your card details are not stored by us; payments are processed through Stripe.

• To provide the service and to create and manage your account.
• To generate, schedule and publish content on connected platforms on your behalf.
• To manage incoming messages and run the automations you define.
• To manage and bill your subscription and credit usage.
• To maintain security, prevent abuse and resolve issues.
• To meet our legal obligations.

This processing relies on legal bases such as the performance of a contract, legitimate interests, legal obligations and, where required, your explicit consent.

To provide the service, we share your data with the following third parties, only to the extent and for the purposes necessary:

• Meta (Instagram/Facebook): account connection, content publishing and messaging.
• LinkedIn: account connection and content publishing.
• Stripe: payment and subscription processing.
• AI providers: processing of your relevant prompts/inputs to generate the text, image, video and voiceover content you request.
• Supabase: database, authentication and file storage infrastructure.
• Vercel: application hosting and content delivery.

Some of these providers may be located abroad; any transfer of data outside your jurisdiction is carried out with the safeguards required by applicable data protection law.

We retain your personal data only for as long as the processing purposes require and within the statutory retention periods set out by applicable law. When you delete your account, any data not subject to a legal retention obligation is deleted or anonymized within a reasonable period.

Retention periods by category are as follows:

• Connected platform access tokens (OAuth tokens): retained for as long as the relevant account stays connected; removed when you disconnect the account or delete your account.
• Content, drafts, calendar plans and message automation rules: retained until you delete them or close your account.
• Message automation activity logs: contain only the metadata needed for operation (sender identifier, status, reply type, timestamp); message content is not stored permanently, and these records are kept until you close your account.
• Usage/technical logs (session, activity log, errors, IP): kept for a reasonable period for operational and security purposes, then deleted or anonymized.
• Payment and invoice references: retained for the statutory periods required by applicable tax and commercial law.

There are two ways to delete your data and remove your Instagram connection:

• From within the app: When you disconnect a connected account from the dashboard, the related access tokens are revoked and any scheduled posts tied to that account are canceled. When you delete your account entirely, your data is removed along with its associated records.
• Through Instagram (Meta callback): When you remove the app from your Instagram/Facebook settings, Meta sends us a deauthorize notification; upon receiving it, we automatically revoke the access tokens we store and deactivate your connected account. If you start a data deletion request through Meta, your request is processed and you are given a tracking code along with a data deletion status page where you can follow its status.

In both cases, your card details are not stored by us (they are processed by Stripe), and your message content is not stored permanently in any case.

Under the GDPR and applicable data protection law, you have the following rights regarding your personal data:

• Access: to learn which of your data is being processed and to access it.
• Rectification: to request the correction of incomplete or inaccurate data.
• Erasure: to request the deletion or destruction of your data.
• Portability: to receive your data in a structured, commonly used format or to request its transfer.
• Objection and restriction: to object to certain processing and to request the restriction of processing.
• Withdrawal of consent: to withdraw, at any time, the consent you gave for consent-based processing.

To exercise these rights, you can reach us through the contact channels below.

We use cookies that are strictly necessary for the service to function (for example, session management). These cookies are required to keep your session active and to maintain security. Where optional or analytics cookies are used, the necessary notice and consent processes are applied for them.

For any questions or requests regarding this Privacy Policy or your personal data, you can contact us:

Email: [email protected]
Address: [Company Address — to be completed with legal counsel approval]