Welcome to Postiz_Connect, a social media management application that connects with Meta/Facebook and integrates with Postiz, a comprehensive social media scheduling platform. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our application and services.

Our application serves as a bridge between your Facebook account and Postiz's social media scheduling capabilities, enabling you to efficiently manage and schedule your social media content across multiple platforms. We understand that your privacy is important to you, and we are committed to being transparent about our data practices and protecting your personal information in accordance with applicable privacy laws and regulations.

This Privacy Policy applies to all users of our application, regardless of your location, and covers our data processing activities in compliance with the European Union's General Data Protection Regulation (GDPR) [1], the California Consumer Privacy Act (CCPA) [2], and Meta's Platform Terms and Developer Policies [3]. We have designed our privacy practices to meet the highest standards of data protection while enabling the functionality you expect from a social media management tool.

By using our application, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with our privacy practices, please do not use our application or services.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of any material changes through the application or by email, and the updated policy will be effective as of the date specified in the "Last Updated" field above.

Our commitment to privacy extends beyond mere compliance with legal requirements. We believe that privacy is a fundamental right, and we strive to implement privacy-by-design principles in all aspects of our application development and data processing activities. This means that we consider privacy implications at every stage of our product development process and implement appropriate technical and organizational measures to protect your personal information.

As a Meta/Facebook application that integrates with Postiz, we operate within a complex ecosystem of data sharing and processing. This Privacy Policy provides you with a comprehensive understanding of how your data flows through this ecosystem, what controls you have over your information, and how we ensure that your privacy rights are respected throughout the process.

We collect various types of information to provide and improve our services, ensure security, and comply with legal obligations. The information we collect falls into several categories, each serving specific purposes in delivering our social media management functionality.

Information You Provide Directly

Account Information: When you create an account with our application, we collect basic identifying information including your name, email address, and chosen username. This information is necessary to establish your account, provide customer support, and communicate with you about our services. We also collect any profile information you choose to provide, such as a profile picture or bio, which helps personalize your experience within the application.

Authentication Credentials: To connect your Facebook account and integrate with Postiz, we collect and securely store authentication tokens and credentials. These tokens allow our application to access your authorized Facebook data and interact with Postiz's API on your behalf. We do not store your actual Facebook or Postiz passwords, but rather use secure OAuth tokens that can be revoked at any time [4].

Content and Communications: We collect the content you create, upload, or schedule through our application, including text posts, images, videos, and other media files. This content is necessary for our core functionality of scheduling and managing your social media posts. We also collect any communications you send to us, such as customer support inquiries, feedback, or bug reports.

Payment Information: If you subscribe to premium features or services, we collect payment information including billing address and payment method details. However, we use third-party payment processors and do not directly store sensitive payment information such as credit card numbers on our servers [5].

Information We Collect Automatically

Usage Data: We automatically collect information about how you use our application, including the features you access, the time and duration of your sessions, and your interaction patterns. This data helps us understand user behavior, improve our services, and identify potential issues or areas for enhancement.

Device Information: We collect information about the device you use to access our application, including device type, operating system, browser type and version, screen resolution, and device identifiers. This information helps us optimize our application for different devices and troubleshoot technical issues.

Log Data: Our servers automatically record log data when you use our application, including your IP address, access times, pages viewed, and the actions you take within the application. This information is essential for security monitoring, performance optimization, and debugging purposes.

Location Information: With your explicit consent, we may collect location information from your device to provide location-based features or to enhance the relevance of your social media content. You can control location sharing through your device settings or within our application.

Information from Facebook

Profile Information: When you connect your Facebook account, we access basic profile information including your name, profile picture, and public profile URL. This information is used to verify your identity and personalize your experience within our application.

Page and Account Data: If you manage Facebook Pages or business accounts, we collect information about these pages including page names, IDs, access tokens, and basic page statistics. This information is necessary to provide page management functionality and schedule posts to your Facebook Pages.

Content Permissions: We access permissions to read and publish content on your behalf, including the ability to view your posts, create new posts, and manage your social media content. These permissions are granted through Facebook's official OAuth process and can be revoked at any time through your Facebook settings [6].

Insights and Analytics: We may collect aggregated insights and analytics data from Facebook about your posts and page performance. This data helps you understand the effectiveness of your social media strategy and is presented to you in anonymized, aggregated form.

Information from Postiz Integration

Account Credentials: We collect and store API keys and authentication tokens necessary to connect with your Postiz account. These credentials allow our application to schedule posts, retrieve analytics, and manage your social media campaigns through Postiz's platform.

Scheduling Data: We collect information about your scheduled posts, including content, timing, target platforms, and campaign settings. This data is essential for coordinating between our application, Facebook, and Postiz to ensure your content is published according to your preferences.

Analytics and Performance Data: We collect analytics data from Postiz about your social media performance, including engagement metrics, reach statistics, and campaign effectiveness. This information is used to provide you with comprehensive reporting and insights about your social media activities.

Information from Third Parties

Social Media Platforms: In addition to Facebook, we may collect information from other social media platforms that you connect through Postiz, including Instagram, Twitter, LinkedIn, and others. The specific information collected depends on the permissions you grant and the capabilities of each platform's API.

Service Providers: We may receive information from third-party service providers that help us operate our application, such as analytics providers, customer support platforms, and security services. This information is used solely to improve our services and is subject to strict confidentiality agreements.

Public Sources: We may collect publicly available information about you from social media platforms and other public sources to enhance our services or verify information you provide. This collection is limited to information that is already publicly accessible and is used in accordance with applicable laws and platform terms of service.

The collection of this information is governed by the principle of data minimization, meaning we only collect information that is necessary for the specific purposes outlined in this Privacy Policy. We regularly review our data collection practices to ensure they remain aligned with our service offerings and legal obligations.

We use the information we collect for specific, legitimate purposes that are necessary to provide our services, improve user experience, and comply with legal obligations. Our data processing activities are based on lawful grounds under applicable privacy laws, including the GDPR and CCPA, and we are committed to using your information only for the purposes disclosed in this Privacy Policy.

Core Service Functionality

Social Media Management: The primary purpose of our application is to help you manage and schedule your social media content across multiple platforms. We use your account information, authentication credentials, and content to facilitate the connection between your Facebook account and Postiz, enabling you to schedule posts, manage campaigns, and coordinate your social media strategy from a single interface.

Content Processing and Scheduling: We process the content you create or upload to schedule it for publication on your connected social media accounts. This includes analyzing content format, optimizing posting times based on your preferences, and ensuring compatibility with different platform requirements. We may temporarily store your content on our servers to facilitate scheduling and ensure reliable delivery to your target platforms.

Account Authentication and Security: We use your authentication information to verify your identity, maintain secure connections to your social media accounts, and protect against unauthorized access. This includes monitoring login patterns, detecting suspicious activities, and implementing security measures to safeguard your account and data.

Integration Management: We use technical information such as API tokens and platform credentials to maintain seamless integration between our application, Facebook, and Postiz. This ensures that your scheduled content is published correctly and that analytics data is accurately synchronized across all connected platforms.

Service Improvement and Analytics

Performance Optimization: We analyze usage data and technical information to optimize our application's performance, identify and resolve technical issues, and enhance user experience. This includes monitoring server performance, analyzing user interaction patterns, and implementing improvements based on user feedback and behavior.

Feature Development: We use aggregated and anonymized usage data to understand how users interact with our application, identify popular features, and develop new functionality that meets user needs. This analysis helps us prioritize development efforts and ensure our application continues to provide value to our users.

Analytics and Reporting: We process your social media data and performance metrics to provide you with comprehensive analytics and reporting features. This includes generating insights about your content performance, audience engagement, and campaign effectiveness to help you optimize your social media strategy.

Quality Assurance: We use collected data to test new features, identify bugs, and ensure the reliability and accuracy of our services. This may include analyzing error logs, monitoring system performance, and conducting quality assurance testing using anonymized data sets.

Communication and Support

Customer Support: We use your contact information and communication history to provide customer support, respond to inquiries, and resolve technical issues. This includes maintaining records of support interactions to ensure consistent and effective assistance across multiple touchpoints.

Service Communications: We use your email address and account information to send important service-related communications, including security alerts, system maintenance notifications, and updates about changes to our services or policies. These communications are essential for maintaining the security and functionality of your account.

Marketing Communications: With your explicit consent, we may use your contact information to send promotional emails, newsletters, and information about new features or services. You can opt out of marketing communications at any time through the unsubscribe links provided in our emails or by adjusting your account preferences.

User Engagement: We may use your usage data and preferences to personalize your experience within our application, including customizing the interface, suggesting relevant features, and providing targeted tips and recommendations to help you maximize the value of our services.

Legal and Compliance Purposes

Legal Compliance: We process your information as necessary to comply with applicable laws, regulations, and legal obligations. This includes responding to lawful requests from government authorities, complying with court orders, and meeting regulatory requirements in jurisdictions where we operate.

Fraud Prevention and Security: We use your information to detect, prevent, and investigate fraudulent activities, security breaches, and other harmful or illegal activities. This includes analyzing usage patterns, monitoring for suspicious behavior, and implementing security measures to protect our users and services.

Dispute Resolution: We may use your information to resolve disputes, enforce our terms of service, and protect our rights and the rights of our users. This includes maintaining records of user activities and communications that may be relevant to legal proceedings or dispute resolution processes.

Audit and Compliance Monitoring: We use collected data to conduct internal audits, monitor compliance with our policies and procedures, and ensure adherence to industry standards and best practices for data protection and privacy.

Data Processing Legal Basis

Under the GDPR, we process your personal data based on the following lawful grounds:

Contract Performance: We process your information as necessary to perform our contract with you and provide the services you have requested. This includes account management, content scheduling, and integration with third-party platforms.

Legitimate Interests: We process certain information based on our legitimate interests in operating and improving our business, provided these interests are not overridden by your privacy rights. This includes analytics, security monitoring, and service optimization.

Consent: For certain processing activities, such as marketing communications and location tracking, we rely on your explicit consent. You can withdraw your consent at any time through your account settings or by contacting us directly.

Legal Obligation: We process information as necessary to comply with legal obligations, including responding to lawful requests from authorities and meeting regulatory requirements.

We regularly review our data processing activities to ensure they remain necessary, proportionate, and aligned with the purposes for which the information was collected. We do not use your personal information for automated decision-making or profiling that would significantly affect you without appropriate safeguards and your explicit consent.

We understand that sharing your personal information is a significant privacy concern, and we are committed to being transparent about when, how, and with whom we share your data. We do not sell your personal information to third parties, and we only share your information in the specific circumstances outlined below, always with appropriate safeguards and in accordance with applicable privacy laws.

Service Providers and Business Partners

Postiz Integration: As a core feature of our application, we share necessary information with Postiz to enable social media scheduling and management functionality. This includes your authentication tokens, scheduled content, and campaign settings. The sharing is limited to information required for the integration to function properly, and Postiz is contractually obligated to protect your information and use it only for the purposes of providing their services to you [7].

Meta/Facebook Platform: We share information with Meta/Facebook as required by their Platform Terms and Developer Policies to maintain our application's integration with Facebook's services. This includes technical data about API usage, compliance information, and aggregated usage statistics. We do not share your personal content or private information beyond what is necessary for the technical operation of the Facebook integration [8].

Cloud Service Providers: We use reputable cloud service providers to host our application and store data securely. These providers have access to your information only to the extent necessary to provide hosting and infrastructure services, and they are bound by strict confidentiality agreements and security requirements. Our cloud providers include industry-leading companies that maintain SOC 2 Type II certifications and other relevant security standards.

Payment Processors: For users who subscribe to premium services, we share billing information with third-party payment processors to facilitate transactions. These processors are PCI DSS compliant and handle payment information according to industry security standards. We do not store complete payment card information on our own servers.

Analytics and Monitoring Services: We may share anonymized and aggregated data with analytics providers to help us understand user behavior, improve our services, and monitor application performance. This data is stripped of personally identifiable information and cannot be used to identify individual users.

Legal and Compliance Sharing

Legal Obligations: We may disclose your information when required by law, regulation, or legal process. This includes responding to subpoenas, court orders, and lawful requests from government authorities. We will notify you of such requests unless prohibited by law or when we believe notification would be counterproductive to a law enforcement investigation.

Safety and Security: We may share information when we believe it is necessary to protect the safety, rights, or property of our users, our company, or the public. This includes sharing information to prevent fraud, investigate security incidents, or respond to emergencies that pose immediate threats to personal safety.

Enforcement of Terms: We may disclose information as necessary to enforce our Terms of Service, investigate violations of our policies, or protect our legal rights. This sharing is limited to information directly relevant to the specific violation or legal issue at hand.

Business Transactions

Mergers and Acquisitions: In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred to the acquiring entity. We will provide notice of such transfers and ensure that the acquiring entity agrees to protect your information in accordance with this Privacy Policy or provide you with the opportunity to opt out of the transfer.

Business Partners: We may share aggregated, anonymized data with business partners for research, industry analysis, or collaborative projects. This data cannot be used to identify individual users and is shared only for legitimate business purposes that align with our mission of improving social media management tools.

User-Directed Sharing

Social Media Platforms: When you use our application to schedule or publish content, we share that content with the social media platforms you have selected (Facebook, Instagram, Twitter, etc.). This sharing is entirely under your control and occurs only when you explicitly schedule or publish content to these platforms.

Third-Party Integrations: If you choose to connect additional third-party services or applications to your account, we may share relevant information with those services as necessary to provide the integration functionality you have requested. You can control these integrations through your account settings and revoke access at any time.

Public Content: Any content you choose to publish publicly through our application will be visible to others according to the privacy settings of the target social media platforms. We do not control the privacy practices of external social media platforms and encourage you to review their privacy policies.

Data Sharing Safeguards

Contractual Protections: All third parties with whom we share your information are bound by contractual agreements that require them to protect your data, use it only for specified purposes, and implement appropriate security measures. These agreements include provisions for data breach notification, audit rights, and compliance monitoring.

Data Minimization: We share only the minimum amount of information necessary to accomplish the specific purpose for which the sharing is intended. We regularly review our data sharing practices to ensure they remain necessary and proportionate.

Security Requirements: Third parties that receive your information must maintain security standards that are at least equivalent to our own. This includes requirements for encryption, access controls, and regular security assessments.

Retention Limits: We require third parties to retain your information only for as long as necessary to provide their services and to securely delete or return the information when the business relationship ends.

Cross-Border Data Transfers

International Operations: Our application operates globally, and your information may be transferred to and processed in countries other than your country of residence. When we transfer information internationally, we implement appropriate safeguards to ensure your privacy rights are protected, including Standard Contractual Clauses approved by the European Commission for transfers from the 

EU.

Adequacy Decisions: Where possible, we transfer data to countries that have been deemed to provide adequate protection for personal data by relevant privacy authorities. For transfers to other countries, we implement additional safeguards such as binding corporate rules or certification schemes.

We do not engage in the sale of personal information as defined by the CCPA or similar privacy laws. Any sharing of information is done for legitimate business purposes and with appropriate protections in place. You have the right to know about and control how your information is shared, and we provide tools and settings to help you manage your privacy preferences.

Protecting your personal information is a fundamental responsibility that we take seriously. We have implemented comprehensive technical, administrative, and physical security measures designed to safeguard your data against unauthorized access, disclosure, alteration, and destruction. Our security practices are regularly reviewed and updated to address evolving threats and maintain compliance with industry standards and regulatory requirements.

Technical Security Measures

Encryption: We employ industry-standard encryption protocols to protect your data both in transit and at rest. All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.3 or higher. Data stored on our servers is encrypted using Advanced Encryption Standard (AES) 256-bit encryption, ensuring that even if unauthorized access occurs, your information remains protected.

Access Controls: We implement strict access controls to ensure that only authorized personnel can access your personal information, and only to the extent necessary for their job functions. Our access control system includes multi-factor authentication, role-based permissions, and regular access reviews to prevent unauthorized access and ensure that access privileges are appropriate and current.

Network Security: Our infrastructure is protected by multiple layers of network security, including firewalls, intrusion detection systems, and distributed denial-of-service (DDoS) protection. We continuously monitor our networks for suspicious activity and maintain incident response procedures to quickly address any security threats.

Secure Development Practices: We follow secure coding practices and conduct regular security assessments of our application code. This includes static and dynamic code analysis, penetration testing, and vulnerability assessments performed by both internal security teams and external security experts.

API Security: Given our integration with Facebook and Postiz, we implement robust API security measures including secure token management, rate limiting, and API endpoint protection. We use OAuth 2.0 for authentication and authorization, ensuring that access tokens are securely generated, stored, and transmitted.

Administrative Security Measures

Security Training: All employees receive comprehensive security awareness training and are required to complete regular updates on security best practices, data protection requirements, and incident response procedures. We maintain a culture of security awareness throughout our organization.

Background Checks: Personnel with access to sensitive systems and data undergo appropriate background checks and are bound by confidentiality agreements that extend beyond their employment with our company.

Incident Response: We maintain a detailed incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents. Our incident response team is trained to quickly assess and contain security threats while minimizing impact on our users and services.

Regular Audits: We conduct regular internal security audits and engage third-party security firms to perform independent assessments of our security posture. These audits help identify potential vulnerabilities and ensure that our security measures remain effective and up-to-date.

Vendor Management: We carefully evaluate the security practices of all third-party vendors and service providers before engaging their services. Our vendor agreements include specific security requirements and the right to audit their security practices.

Physical Security Measures

Data Center Security: Our servers are hosted in secure data centers that maintain physical security controls including 24/7 monitoring, biometric access controls, and environmental protections. These facilities are certified to industry standards such as SOC 2 Type II and ISO 27001.

Equipment Security: All hardware containing sensitive data is subject to secure disposal procedures when it reaches end-of-life. We use certified data destruction services to ensure that data cannot be recovered from decommissioned equipment.

Facility Access: Access to facilities where personal data is processed is strictly controlled and monitored. Visitors must be accompanied by authorized personnel, and all access is logged and reviewed regularly.

Data Retention and Deletion

Retention Periods: We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary depending on the type of information and the purpose for which it was collected.

Account Data: Basic account information is retained for the duration of your account relationship with us and for a reasonable period thereafter to comply with legal obligations and resolve any disputes. You can request deletion of your account and associated data at any time through your account settings or by contacting our support team.

Content Data: Content you create or schedule through our application is retained according to your preferences and the requirements of connected social media platforms. You can delete individual pieces of content or request bulk deletion of your content history.

Log Data: Technical logs and usage data are typically retained for 12-24 months for security monitoring and service improvement purposes, after which they are automatically deleted or anonymized.

Legal Hold: In certain circumstances, we may be required to retain information for longer periods due to legal obligations, ongoing investigations, or litigation. In such cases, we will retain only the specific information required and will resume normal deletion practices once the legal obligation is resolved.

Data Backup and Recovery

Backup Procedures: We maintain regular backups of your data to ensure service continuity and protect against data loss. Backups are encrypted and stored in geographically distributed locations to protect against localized disasters or system failures.

Recovery Testing: We regularly test our backup and recovery procedures to ensure that we can quickly restore services and data in the event of a system failure or disaster. These tests are documented and reviewed to identify areas for improvement.

Business Continuity: We maintain comprehensive business continuity plans that outline procedures for maintaining operations during various types of disruptions. These plans include provisions for data protection and user notification in the event of service interruptions.

Monitoring and Detection

Continuous Monitoring: We employ automated monitoring systems that continuously scan for security threats, unusual activity patterns, and potential data breaches. These systems generate alerts that are immediately investigated by our security team.

Anomaly Detection: We use machine learning and behavioral analysis tools to identify unusual patterns of access or usage that may indicate security threats or unauthorized access attempts.

Threat Intelligence: We subscribe to threat intelligence services and participate in industry security forums to stay informed about emerging threats and security best practices relevant to our industry and technology stack.

Security Incident Response

Breach Notification: In the event of a data breach that poses a risk to your privacy or security, we will notify you and relevant authorities within the timeframes required by applicable laws (typically within 72 hours for GDPR compliance). Our notifications will include information about the nature of the breach, the data involved, and the steps we are taking to address the incident.

User Communication: We are committed to transparent communication about security incidents that may affect our users. We will provide clear, timely information about any incidents and the measures we are taking to prevent similar occurrences in the future.

Remediation: Following any security incident, we conduct thorough post-incident reviews to identify root causes and implement additional safeguards to prevent similar incidents. We may also engage external security experts to assist with incident analysis and remediation efforts.

While we implement robust security measures to protect your information, no system is completely secure, and we cannot guarantee absolute security. We encourage you to take steps to protect your own account security, including using strong, unique passwords, enabling two-factor authentication where available, and promptly reporting any suspicious activity to our support team.

We believe that you should have control over your personal information, and we are committed to providing you with meaningful choices about how your data is collected, used, and shared. Depending on your location and applicable privacy laws, you may have various rights regarding your personal information. We have implemented systems and procedures to help you exercise these rights effectively and without undue burden.

Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights under the GDPR:

Right of Access: You have the right to obtain confirmation of whether we process your personal data and, if so, to access that data along with information about how it is processed. You can request a copy of your personal data in a commonly used, machine-readable format. We will provide this information free of charge, though we may charge a reasonable fee for additional copies or if your request is manifestly unfounded or excessive.

Right to Rectification: You have the right to have inaccurate personal data corrected and to have incomplete personal data completed. If you believe any of the information we hold about you is incorrect or incomplete, you can request that we update or correct it. We will respond to your request within one month and will notify any third parties with whom we have shared the incorrect information.

Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the data has been unlawfully processed. We will assess each deletion request individually and will comply unless we have legitimate grounds for retaining the information.

Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations, such as when you contest the accuracy of the data or when you have objected to processing. When processing is restricted, we may store the data but will not process it further without your consent or for specific legal purposes.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. This right applies when processing is based on consent or contract and is carried out by automated means.

Right to Object: You have the right to object to processing of your personal data based on legitimate interests, including profiling. You also have the absolute right to object to processing for direct marketing purposes. We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you. If we engage in such processing, we will implement appropriate safeguards and provide you with the opportunity to contest the decision.

Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the CCPA:

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purposes for collecting the information, and the categories of third parties with whom we share the information.

Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions such as when the information is necessary to complete a transaction, provide a service, or comply with legal obligations.

Right to Opt-Out of Sale: You have the right to opt out of the sale of your personal information. We do not sell personal information as defined by the CCPA, but if our practices change, we will provide clear notice and opt-out mechanisms.

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights. We will not deny goods or services, charge different prices, or provide different levels of service based on your exercise of privacy rights.

Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to purposes necessary to provide our services or as otherwise permitted by law.

How to Exercise Your Rights

Online Account Settings: Many privacy preferences can be managed directly through your account settings within our application. You can update your profile information, adjust communication preferences, manage connected accounts, and control data sharing settings.

Privacy Request Portal: We provide a dedicated privacy request portal where you can submit requests to exercise your privacy rights. This portal allows you to specify the type of request, provide necessary verification information, and track the status of your request.

Email Requests: You can submit privacy requests by emailing our privacy team at privacy@perlogic.ca. Please include sufficient information to verify your identity and specify the nature of your request. We may ask for additional verification information to protect against fraudulent requests.

Customer Support: Our customer support team can assist you with privacy-related questions and help you exercise your rights. You can contact support through the application, by email, or through our website contact form.

Verification Process: To protect your privacy and security, we may need to verify your identity before processing certain requests. This may involve confirming information associated with your account or requesting additional identification documents. We will use the least intrusive verification method appropriate for the type of request.

Response Timeframes

We are committed to responding to your privacy requests promptly and within the timeframes required by applicable laws:

GDPR Requests: We will respond to requests within one month of receipt, though this may be extended by up to two additional months for complex requests. We will inform you of any extension and the reasons for the delay.

CCPA Requests: We will respond to requests within 45 days of receipt, with the possibility of a 45-day extension for complex requests. We will notify you of any extension and the reasons for the delay.

Urgent Requests: For urgent requests related to security concerns or data breaches, we will respond as quickly as possible, typically within 24-48 hours.

Communication Preferences

Marketing Communications: You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or by adjusting your communication preferences in your account settings. Please note that even if you opt out of marketing communications, we may still send you important service-related communications.

Push Notifications: You can control push notifications through your device settings or within our application. You can choose to receive notifications for specific types of events or disable them entirely.

SMS Communications: If you have provided your phone number and consented to SMS communications, you can opt out by replying "STOP" to any SMS message or by contacting our support team.

Third-Party Rights Management

Connected Accounts: You can manage the permissions granted to our application through the settings of connected third-party services such as Facebook and Postiz. Revoking these permissions will limit our ability to provide certain features but will not affect data already collected with your consent.

Data Subject Requests to Third Parties: If you exercise privacy rights with third-party services that are integrated with our application, please note that this may affect the functionality of our services. We will work with you to minimize any disruption while respecting your privacy choices.

Appeals and Complaints

Internal Appeals: If you are not satisfied with our response to a privacy request, you can submit an appeal through our privacy request portal or by contacting our privacy team directly. We will review your appeal and provide a response within a reasonable timeframe.

Regulatory Complaints: You have the right to lodge a complaint with relevant privacy authorities if you believe we have not adequately addressed your privacy concerns. For EU residents, this includes your local data protection authority. For California residents, this includes the California Privacy Protection Agency.

Independent Review: We participate in independent privacy dispute resolution programs where available and may engage neutral third parties to help resolve privacy-related disputes.

We are committed to making the exercise of your privacy rights as straightforward as possible while maintaining appropriate security measures to protect your information. If you have questions about your rights or need assistance with a privacy request, please do not hesitate to contact our privacy team.

Our application's core functionality depends on integrations with third-party services, primarily Meta/Facebook and Postiz. These integrations enable us to provide comprehensive social media management capabilities, but they also involve the sharing and processing of your data by these third-party services. We want to ensure you understand how these integrations work and what control you have over your data in this context.

Meta/Facebook Integration

Platform Relationship: Our application is built on Meta's developer platform and is subject to Meta's Platform Terms and Developer Policies [9]. This relationship allows us to access Facebook's APIs to provide social media management functionality, but it also means that Meta has certain rights and responsibilities regarding the data processed through our application.

Data Sharing with Meta: When you connect your Facebook account to our application, certain information is shared with Meta as part of the technical integration. This includes API usage data, authentication tokens, and aggregated usage statistics. Meta uses this information to monitor platform compliance, ensure security, and improve their developer platform.

Meta's Privacy Practices: Meta has its own privacy policy that governs how they collect, use, and share your information [10]. When you use Facebook through our application, both our privacy policy and Meta's privacy policy apply. We encourage you to review Meta's privacy policy to understand their data practices.

User Control: You can revoke our application's access to your Facebook account at any time through your Facebook settings. This will disable the Facebook integration features of our application but will not affect other functionality.

Postiz Integration

Service Provider Relationship: Postiz serves as our primary social media scheduling platform, providing the underlying infrastructure for managing and scheduling posts across multiple social media platforms. Our integration with Postiz enables advanced scheduling features, analytics, and multi-platform management capabilities.

Data Processing by Postiz: When you use our application, certain data is processed by Postiz to provide scheduling and analytics services. This includes your scheduled content, posting preferences, and performance analytics. Postiz processes this data according to their own privacy policy and our data processing agreement with them [11].

Postiz Privacy Practices: Postiz has its own privacy policy that governs their data practices. We have reviewed their privacy practices and have contractual agreements in place to ensure they protect your data appropriately, but we encourage you to review their privacy policy for complete information about their data handling practices.

Integration Management: You can manage your Postiz integration settings through our application, including controlling which data is shared and how it is used. Disabling the Postiz integration will limit certain advanced features but will not affect basic functionality.

Other Third-Party Services

Analytics Providers: We use third-party analytics services to understand how our application is used and to improve our services. These providers receive anonymized and aggregated data that cannot be used to identify individual users.

Customer Support Tools: We use third-party customer support platforms to manage user inquiries and provide assistance. These platforms may have access to your support communications and basic account information necessary to provide support services.

Payment Processors: For premium features, we use third-party payment processors that handle billing and payment information according to industry security standards. We do not store complete payment information on our own servers.

As a global service that integrates with international platforms, our application may involve the transfer of your personal data across international borders. We are committed to ensuring that these transfers are conducted in compliance with applicable privacy laws and with appropriate safeguards to protect your privacy rights.

Transfer Mechanisms

Adequacy Decisions: Where possible, we transfer personal data to countries that have been recognized by relevant privacy authorities as providing adequate protection for personal data. The European Commission maintains a list of countries with adequacy decisions for transfers from the EU.

Standard Contractual Clauses: For transfers to countries without adequacy decisions, we use Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses provide contractual guarantees that your data will be protected according to European privacy standards regardless of where it is processed.

Binding Corporate Rules: Where applicable, we may rely on binding corporate rules or other approved transfer mechanisms to ensure appropriate protection for international data transfers.

Certification Schemes: We may participate in recognized certification schemes that provide additional assurance about our data protection practices for international transfers.

Geographic Data Processing

Primary Processing Locations: Our primary data processing occurs in Canada, where our main servers and infrastructure are located. We choose these locations based on factors including data protection laws, infrastructure quality, and service performance.

Third-Party Processing: Our third-party service providers may process your data in various locations around the world. We ensure that all such processing is subject to appropriate safeguards and contractual protections.

User Control: Where technically feasible, we may provide options for you to control where your data is processed. However, the global nature of social media platforms and our integrations may limit these options in some cases.

We are committed to protecting the privacy of children and complying with applicable laws regarding the collection and processing of information from minors. Our application is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13 without appropriate parental consent.

Age Restrictions

Minimum Age: Users must be at least 13 years old to create an account and use our services. This age restriction is consistent with the Children's Online Privacy Protection Act (COPPA) in the United States and similar laws in other jurisdictions.

Age Verification: We may implement age verification measures to ensure compliance with age restrictions. If we discover that we have collected information from a child under 13 without appropriate consent, we will take steps to delete that information promptly.

Parental Rights: Parents and guardians have the right to review, modify, or delete their child's personal information and to refuse further collection or use of their child's information. Parents can contact us to exercise these rights on behalf of their children.

Enhanced Protections for Minors

Limited Data Collection: For users between 13 and 18 years old, we may implement additional restrictions on data collection and sharing to provide enhanced privacy protections for minors.

Parental Notification: We may require parental notification or consent for certain features or data processing activities involving users under 18, depending on applicable laws and the nature of the processing.

Educational Resources: We provide educational resources to help young users understand privacy and make informed decisions about their online activities and data sharing.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We are committed to providing you with clear notice of any material changes and ensuring that you have the opportunity to review and understand how these changes may affect you.

Types of Changes

Material Changes: Material changes include modifications to the purposes for which we collect or use personal information, changes in the categories of third parties with whom we share information, or significant changes to your rights or our obligations under this policy.

Non-Material Changes: Non-material changes include clarifications, formatting improvements, or updates to contact information that do not affect the substance of our privacy practices.

Notification Process

Advance Notice: We will provide at least 30 days' advance notice of material changes to this Privacy Policy through email notification to your registered email address and through prominent notices within our application.

Policy Posting: Updated versions of this Privacy Policy will be posted on our website and within our application, with the effective date clearly indicated at the top of the policy.

Continued Use: Your continued use of our application after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may discontinue use of our services and request deletion of your account and data.

Version Control

Historical Versions: We maintain historical versions of our Privacy Policy so that you can review previous versions and understand how our practices have evolved over time.

Change Summaries: For significant updates, we may provide summaries of key changes to help you quickly understand what has been modified.

We are committed to addressing your privacy concerns and questions promptly and effectively. If you have any questions about this Privacy Policy, our data practices, or your privacy rights, please do not hesitate to contact us using the information provided below.

Privacy Team Contact Information

Email: privacy@perlogic.ca

Mailing Address:

PerLogic Ltd.

Attention: Privacy Team

200 Rideau St.

Unit 1301

Ottawa, Ontario K1N 5Y1

Canada

Response Time: We strive to respond to all privacy inquiries within 5 business days. For urgent matters related to security or data breaches, we will respond within 24 hours.

[1] European Union General Data Protection Regulation (GDPR): https://gdpr.eu/

[2] California Consumer Privacy Act (CCPA): https://oag.ca.gov/privacy/ccpa

[3] Meta Platform Terms and Developer Policies: https://developers.facebook.com/terms/

[4] OAuth 2.0 Authorization Framework: https://tools.ietf.org/html/rfc6749

[5] Payment Card Industry Data Security Standard (PCI DSS): https://www.pcisecuritystandards.org/

[6] Facebook Login Documentation: https://developers.facebook.com/docs/facebook-login/

[7] Postiz Privacy Policy: https://postiz.com/privacy-policy

[8] Meta Privacy Policy: https://www.facebook.com/privacy/policy/

[9] Meta Developer Policies: https://developers.facebook.com/devpolicy/

[10] Meta Privacy Policy: https://www.facebook.com/privacy/policy/

[11] Postiz Terms of Service: https://postiz.com/terms-of-service