Privacy Policy

Last updated: 1 January 2026

Draft — pending legal review. This is placeholder text and does not constitute legal advice. Bracketed values and TODOs must be completed, reviewed by a qualified lawyer, and translated for each supported language before public launch.

This Privacy Policy explains how [COMPANY LEGAL NAME] collects, uses, and protects your personal data when you use Social Manager. [TODO: confirm GDPR/CCPA/LGPD applicability and controller details with legal.]

1. Data We Collect

Account data (name, email, hashed password), billing data (handled by Stripe; we do not store card numbers), connected-platform tokens and the social content you manage, and usage/diagnostic data.

We store third-party access tokens and integration secrets encrypted at rest.

2. How We Use Data

To provide and operate the Service, generate AI reply drafts, process payments, send transactional and (with consent) marketing email, and improve reliability and security.

3. Legal Bases

We process data to perform our contract with you, for our legitimate interests in operating the Service, to comply with legal obligations, and with your consent where required. [TODO: finalize lawful bases with legal.]

4. Sharing & Sub-processors

We share data with sub-processors that help operate the Service (e.g. hosting, payment processing, email delivery, error monitoring). [TODO: publish the current sub-processor list.]

5. Data Retention & Your Rights

You can export your data and delete your account at any time from your profile settings. Depending on your jurisdiction you may have rights to access, correct, port, or erase your data, and to object to or restrict processing.

To exercise these rights contact [CONTACT_EMAIL].

6. Security & International Transfers

We use industry-standard measures including encryption in transit and encryption at rest for stored secrets. [TODO: document data-transfer mechanisms with legal.]

7. Contact

Questions about this Privacy Policy can be sent to [CONTACT_EMAIL].