Legal

    Privacy Policy

    Last updated: February 16, 2026

    PrivacyTermsRefundsData deletionSecurity

    Overview

    This Privacy Policy explains what information Privly collects, why we collect it, how we use it, and the choices you have.

    Privly is operated by MASTERPIECE Technologies Inc.

    Information we collect

    • Account data: email address, name (if provided), workspace and settings.
    • Platform connection data: connected account identifiers (e.g., profile/page IDs) and OAuth tokens.
    • Content you provide: post drafts, scheduled posts, captions/text, links, and media you upload.
    • Usage & diagnostics: basic analytics (e.g., pages viewed, feature usage) and logs for reliability and security.
    • Billing data: plan, billing period, payment status, and transaction/subscription IDs from our payment providers. We do not store full card numbers.

    Analytics & cookies

    We use an analytics provider (currently PostHog) to understand how Privly is used (for example: which pages are visited and which features are used) and to improve performance and reliability.

    Analytics typically collects device and usage information such as pages viewed, events you trigger in the app, approximate location (derived from IP), and technical data like browser type. We configure analytics to avoid collecting sensitive content where possible.

    Our analytics provider may use cookies and/or local storage to recognize your browser or device across sessions. You can limit tracking through browser settings and cookie controls. If cookies/local storage are blocked, some parts of the app may not function as intended.

    AI features and model providers

    If you use AI features (for example idea generation, rewriting, hashtag suggestions, best-time suggestions, or in-app Help), your prompts and related context are sent to our AI model provider (currently OpenAI) to generate responses.

    We configure AI requests to avoid provider-side long-term storage where supported by the provider settings. However, providers may process request metadata for abuse prevention, reliability, and legal compliance.

    Payment processing

    Paid subscriptions are processed by third-party payment providers (currently Paddle and/or Helcim, depending on deployment). Those providers process payment information under their own privacy terms and may collect billing address, tax, and transaction details required to complete payment.

    Data we access from connected platforms

    When you connect a social platform, we may access:

    • Account/profile information needed to identify the connected account.
    • Pages/organizations you can post to (where applicable).
    • Permissions and scopes required to publish content.
    • In future versions (optional): comments/messages and performance metrics for analytics.

    Why we use this data

    • To let you connect accounts and authenticate with OAuth.
    • To schedule, publish, and retry posts you create in Privly.
    • To show your posting history and delivery status.
    • To prevent abuse, detect fraud, and secure the service.
    • To improve product reliability and user experience.

    Where your data is stored

    Privly is deployed on cloud infrastructure. As of this version, we commonly use: Vercel (or a similar CDN hosting provider) for the web application, and Render for the backend API, database (SQLite on a persistent disk), and media storage. Your exact storage region depends on the project configuration.

    Retention & deletion

    We keep data as long as needed to provide the service, meet legal obligations, resolve disputes, and enforce agreements. You can request deletion at any time (see Data Deletion).

    Who we share data with

    • Connected platforms: when you publish or connect accounts (e.g., Meta, TikTok, X, LinkedIn).
    • Cloud vendors: hosting, database, storage, and monitoring providers used to operate Privly.
    • Analytics vendors: to understand product usage and improve reliability (currently PostHog).
    • AI vendors: to generate AI outputs from prompts you submit (currently OpenAI).
    • Payment providers: to process subscriptions, renewals, invoices, taxes, and refunds (currently Paddle and/or Helcim, depending on deployment).
    • Email providers: to send account and transactional emails (currently Resend).
    • Legal & safety: if required to comply with law or protect users and the service.

    Security

    We use industry-standard safeguards such as encrypted transport (TLS) and secure secret handling. See Security Overview.

    Contact

    Questions or requests? Email [email protected].

    This page is provided for platform review and user transparency. If any section needs updating for your deployment, edit this file and redeploy.