Privacy Policy

1. Introduction

PostFactory ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered social media automation platform and services (the "Service").

As a company based in Italy, we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This policy applies to all users of our Service, regardless of location.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you provide directly to us, including:

• Name and contact information (email address, phone number)
• Account credentials and authentication information
• Payment and billing information
• Business information and context for content generation
• Communication preferences and settings

2.2 Social Media Account Information

When you connect your social media accounts to our Service, we collect:

• Account usernames and profile information
• Access tokens and authentication credentials
• Content performance metrics and analytics data
• Posting schedules and automation preferences

2.3 Content and Usage Data

We collect information about your use of our Service, including:

• Content you create, upload, or generate using our AI tools
• Usage patterns, features accessed, and time spent on the platform
• Error logs and performance data
• Device information and browser type

2.4 Automatically Collected Information

We automatically collect certain technical information, including IP addresses, browser information, device identifiers, and usage analytics through cookies and similar technologies.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our AI-powered content generation and social media automation services
• Account Management: To create and manage your account, authenticate users, and provide customer support
• Content Generation: To generate personalized content based on your business context and preferences
• Analytics and Insights: To provide performance analytics and insights about your social media content
• Communication: To send you service-related notifications, updates, and marketing communications (with your consent)
• Security: To detect, prevent, and address technical issues and security threats
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Business Operations: To conduct business analysis, improve our services, and develop new features

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: When you have given clear consent for specific processing activities
• Contract Performance: To fulfill our contractual obligations in providing our services
• Legitimate Interests: For our legitimate business interests, such as improving our services and security
• Legal Obligation: To comply with legal requirements and regulations
• Vital Interests: To protect the vital interests of individuals in emergency situations

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, including:

• Cloud hosting and infrastructure providers
• Payment processing services
• AI and machine learning service providers
• Analytics and monitoring tools
• Customer support platforms

5.2 Social Media Platforms

We share content and data with connected social media platforms as necessary to provide our automation and posting services, in accordance with their respective APIs and terms of service.

5.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of the transaction, subject to appropriate safeguards.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and monitoring
• Access controls and authentication mechanisms
• Employee training on data protection practices
• Incident response and breach notification procedures
• Regular backup and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Our retention periods include:

• Account Information: Retained while your account is active and for a reasonable period after account closure
• Content Data: Retained as long as needed to provide services and for backup purposes
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for business insights
• Legal Requirements: Some data may be retained longer to comply with legal obligations

8. Your Rights Under GDPR

If you are located in the European Union, you have the following rights regarding your personal data:

• Right of Access: Request access to your personal data and information about how we process it
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of processing of your personal data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing of your personal data for certain purposes
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, please contact us at team@postfactory.co. We will respond to your request within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us:

• Remember your preferences and settings
• Authenticate users and maintain sessions
• Analyze usage patterns and improve our services
• Provide personalized content and recommendations
• Measure the effectiveness of our marketing campaigns

Types of cookies we use:

• Essential Cookies: Required for basic platform functionality
• Performance Cookies: Help us understand how users interact with our platform
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

You can control cookie preferences through your browser settings or our cookie preference center.

10. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Certification schemes and codes of conduct
• Binding corporate rules for intra-group transfers

11. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice through email or our platform.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact the Italian Data Protection Authority (Garante per la protezione dei dati personali) at garante@gpdp.it.

14. Data Processing Activities Summary

In compliance with GDPR Article 30, we maintain records of our processing activities:

• Controller: PostFactory (Italy)
• Purpose: AI-powered social media content automation and analytics
• Categories of Data: Contact information, account data, content data, usage analytics
• Categories of Recipients: Service providers, connected social media platforms
• International Transfers: With appropriate safeguards as described above
• Retention Periods: As described in Section 7
• Security Measures: Technical and organizational measures as described in Section 6