1. Introduction

Rafał Sokołowski - Izenflow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use TweaxR, our SaaS application for X users.

This policy complies with the General Data Protection Regulation (GDPR) and Polish data protection laws.

2. Data Controller

3. Information We Collect

3.1 Personal Information You Provide

• Account Information: Name, email address, username, and profile information
• X/Twitter Data: Posts, interactions, and analytics data from your X account (with your explicit consent)
• Usage Data: How you interact with our platform, features used, and performance metrics
• Payment Information: Billing information (processed securely through Polar.sh - we do not store this data)

3.2 Information Collected Automatically

• Technical Data: IP address, browser information, device type, and usage patterns
• Analytics: We use Plausible Analytics for privacy-friendly website analytics and PostHog for product analytics to improve our service performance and user experience
• Cookies: Essential cookies for authentication and platform functionality
• AI Processing Data: Content you provide for smart reply generation may be processed by AI services to generate relevant responses

4. Legal Basis for Processing

We process your personal data based on:

• Contract Performance: To provide our SaaS platform services
• Legitimate Interest: To improve our platform, analyze usage patterns, and operate our business
• Consent: For accessing your X/Twitter data and marketing communications
• Legal Obligation: To comply with tax, accounting, and legal requirements

5. How We Use Your Information

We use your information to:

• Provide SaaS platform services for X users including analytics, scheduling, and engagement tools
• Process subscription payments and manage billing
• Analyze your X/Twitter data to provide insights and recommendations
• Communicate about platform updates, features, and service notifications
• Comply with legal and tax reporting requirements
• Protect against fraud and maintain platform security

6. Payment Processing

We use Polar.sh as our payment processor. When you make a payment:

• Your payment information is transmitted directly to Polar.sh
• We do not store your complete payment card details
• Polar.sh's processing is governed by their Privacy Policy
• We retain transaction records for accounting and legal purposes

For more information about Polar.sh's data practices, visit: https://polar.sh/privacy

7. Data Sharing and Disclosure

We may share your information with:

7.1 Service Providers

• Supabase: For user authentication, data storage, and database services. Data is processed according to Supabase's privacy policy.
• Polar.sh: For payment processing only - we do not store payment information
• Plausible Analytics: For privacy-friendly website analytics. No personal data is collected, only aggregated usage statistics.
• PostHog: For product analytics and user behavior tracking to improve our platform features.
• AI Services: For smart reply generation. Content you provide may be processed by third-party AI providers to generate relevant responses.

7.2 Legal Requirements

We may disclose information when required by law, regulation, or legal process.

7.3 Business Transfers

In case of merger, acquisition, or sale of assets, minimal business records may be transferred.

8. Third-Party Services and Privacy Policies

Our platform integrates with several third-party services. Each service has its own privacy policy that governs how they handle your data:

We recommend reviewing these privacy policies to understand how each service processes your data. We are not responsible for the privacy practices of these third-party services.

9. International Data Transfers

We serve clients worldwide. When we communicate with clients outside the European Economic Area (EEA), we ensure appropriate safeguards through:

• Standard Contractual Clauses: EU-approved contract terms for data transfers
• Adequacy Decisions: Transfers to countries with adequate protection levels
• Minimal Data: We only process essential project information required for service delivery

10. Data Retention

We follow a minimal data retention policy:

• Account Data: Retained while your account is active and for 30 days after account deletion
• X/Twitter Data: Cached temporarily for analysis, deleted within 24 hours unless you explicitly request longer retention
• Payment Records: Transaction records retained for 6 years as required by Polish tax law (processed by Polar.sh)
• Analytics Data: Aggregated usage statistics retained for service improvement (personal identifiers removed)

11. Your Rights Under GDPR

You have the right to:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal obligations)
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: For consent-based processing

To exercise these rights, contact us at rafal.michal.sokolowski@gmail.com.

12. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data encryption in transit and at rest
• Access Controls: Limited access on a need-to-know basis
• Regular Updates: Security patches and system updates
• Staff Training: Regular privacy and security training
• Incident Response: Procedures for data breach response

13. AI Processing and Smart Reply Generation

Our platform uses artificial intelligence to provide smart reply generation features. When you use these features:

• Content Processing: Your input content may be sent to third-party AI providers for processing
• Data Retention: AI providers may retain your content temporarily for processing purposes
• No Training: We do not use your content to train AI models without your explicit consent
• Opt-out: You can disable AI features in your account settings at any time

By using AI-powered features, you consent to the processing of your content by our AI service providers according to their respective privacy policies.

14. Cookies and Tracking

Our platform uses essential cookies for authentication and functionality. We also use Plausible Analytics and PostHog for privacy-friendly analytics to improve user experience. You can control cookie preferences through your browser settings.

15. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the updated policy on our website
• Sending email notifications for material changes
• Including the "Last updated" date at the top of this policy

17. Contact Information

For privacy-related questions or concerns:

18. Supervisory Authority

You have the right to lodge a complaint with the Polish supervisory authority:

19. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data
• Controller: The entity that determines the purposes and means of processing
• Processor: An entity that processes personal data on behalf of the controller