1. Introduction
This Privacy Policy ("Policy") describes how we ("we," "us," or "our") collect, use, disclose, store, and protect personal data when you access or use our software-as-a-service mobile application built with React Native Expo (the "Application") and related web services (collectively, the "Service").
The Application is designed for business users and enables account creation, connection of Instagram and Facebook social media accounts, AI-assisted content creation, scheduling of posts, and automated publishing to connected social media accounts at your direction.
We are committed to protecting your privacy and processing personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR where applicable, and other relevant privacy legislation. Where you connect Meta platforms, we also operate in compliance with Meta Platform Terms and applicable Developer Policies.
By creating an account, connecting social media accounts, or otherwise using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, you must not use the Service.
Controller. For the purposes of applicable data protection law, we act as the data controller in respect of personal data processed through the Service, unless otherwise stated in a separate data processing agreement with your organization.
2. Information We Collect
We collect personal data only where necessary to provide, secure, and improve the Service. Categories of information we may collect include:
2.1 Account and Authentication Data
- Name, email address, and account credentials
- Authentication tokens and session identifiers managed through Supabase
- Account preferences, settings, and subscription or billing status where applicable
2.2 Profile and Usage Data
- Information you voluntarily provide in your user profile
- Activity logs relating to use of features such as content creation, scheduling, and publishing
- Device type, operating system, app version, and general diagnostic information
2.3 Content and Media Data
- Text, images, captions, hashtags, and other content you create, upload, or generate within the Application
- Scheduling metadata, draft posts, and publishing history
2.4 Social Media Integration Data
- Identifiers, usernames, and profile information from connected Instagram and Facebook accounts, as permitted by you and the relevant platform
- OAuth access tokens and refresh tokens required to perform authorized actions on your behalf
- Page, profile, or business account metadata necessary to publish and manage content
2.5 Communications
- Support requests, feedback, and correspondence with our team
We do not intentionally collect special categories of personal data (such as health data or biometric data) unless you voluntarily include such information in content you create, in which case you are solely responsible for ensuring you have a lawful basis to process and share it.
3. Business Information Collection
Because the Service is intended for business and professional use, we may collect information relating to your business or organization, including:
- Business or trading name, industry, and role or job title
- Business contact details and billing information where a paid plan applies
- Connected social media business accounts, pages, and associated metadata
- Team or workspace configuration where multi-user access is enabled
Where you act on behalf of a company or other legal entity, you represent that you have authority to bind that entity to this Policy and to connect social media accounts on its behalf. Business information is processed to deliver core Service functionality, customer support, invoicing, and compliance obligations.
If you provide personal data of employees, contractors, or clients, you are responsible for ensuring appropriate notices and lawful bases exist for such processing.
5. How We Use User Data
We process personal data for the following purposes and on the following legal bases under GDPR, as applicable:
5.1 Performance of Contract
- Creating and managing your account
- Authenticating users and maintaining secure sessions
- Enabling social media account connections and authorized publishing
- Generating, storing, scheduling, and publishing content at your instruction
- Providing customer support and Service-related communications
5.2 Legitimate Interests
- Securing the Service, detecting fraud, and preventing abuse
- Improving functionality, performance, and user experience
- Enforcing our terms of use and protecting legal rights
- Conducting internal analytics in aggregated or pseudonymized form where possible
5.3 Legal Obligation
- Complying with applicable laws, regulations, court orders, and regulatory requests
- Maintaining records required for tax, accounting, or compliance purposes
5.4 Consent
- Where required, sending marketing communications or using non-essential cookies or analytics
- Processing optional data you choose to provide beyond what is necessary for the Service
We will not use your personal data for purposes incompatible with those described above without providing notice and, where required, obtaining your consent.
6. AI Generated Content Usage
The Application may use artificial intelligence and machine learning technologies to assist you in generating, editing, or optimizing social media content, including captions, hashtags, and post suggestions.
AI-generated outputs are provided as tools to support your workflow. You retain control over whether to accept, modify, reject, schedule, or publish any AI-assisted content. We do not automatically publish AI-generated content without your explicit action or configured automation rules that you have enabled.
Content you submit for AI processing may be transmitted to third-party AI service providers strictly for the purpose of generating responses on your behalf. Such providers are engaged under contractual terms requiring appropriate confidentiality and data protection measures.
We do not use your private content to train public-facing general AI models unless you have been clearly informed and have provided separate consent where required by law. We may use aggregated, anonymized usage statistics to improve Service reliability and safety.
You are solely responsible for reviewing AI-generated content for accuracy, legality, and compliance with platform policies, advertising standards, and intellectual property rights before publication.
7. Scheduled Posting & Automation
When you schedule content for publication, the Service stores your instructions, including target accounts, date, time, and content payload. At the scheduled time, or according to automation rules you configure, our systems automatically process and publish content to your connected social media accounts.
Automated actions are performed only within the scope of permissions you have granted and settings you have defined. You may edit, reschedule, or cancel scheduled posts prior to publication where technically feasible.
If a connected account is disconnected, permissions are revoked, or a platform API error occurs, scheduled publishing may fail. We will make reasonable efforts to log such events and, where possible, notify you within the Application.
You acknowledge that third-party platforms may impose rate limits, content restrictions, or policy enforcement actions beyond our control. We are not responsible for content removed or accounts restricted by Meta or other platforms due to your content or conduct.
8. Data Storage & Security
We use Supabase and related cloud infrastructure for backend services, including authentication, database storage, and file storage. Data is hosted in secure data centers operated by reputable cloud providers with industry-standard physical and logical security controls.
Security measures we implement include, without limitation:
- Encrypted data transmission using TLS/SSL for data in transit
- Encryption at rest for sensitive data, including access tokens where supported by our infrastructure
- Secure authentication mechanisms, including hashed credentials and token-based session management via Supabase Auth
- Role-based access controls, least-privilege administrative access, and monitoring of critical systems
- Regular review of security practices and prompt remediation of identified vulnerabilities
While we employ commercially reasonable safeguards, no method of transmission or electronic storage is completely secure. We cannot guarantee absolute security but will notify you and relevant supervisory authorities of personal data breaches where required by law.
Personal data is retained only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Upon account deletion, we delete or anonymize personal data within a reasonable period, subject to backup cycles and legal retention requirements.
9. Third-Party Services
We rely on trusted third-party service providers to operate the Service. These providers process personal data only on our instructions and for the purposes described in this Policy. Key categories include:
- Supabase — authentication, database, storage, and backend infrastructure
- Meta Platforms (Facebook & Instagram) — social account connection, publishing, and platform APIs
- Cloud hosting and content delivery providers — application hosting and performance
- AI service providers — content generation features, where enabled
- Analytics and crash reporting tools — Service reliability and diagnostics, where applicable and subject to consent where required
- Payment processors — subscription billing, if applicable
Third-party services are subject to their own privacy policies. We encourage you to review the privacy practices of Meta and any other platforms you connect. We are not responsible for the privacy practices of third parties outside our reasonable control.
We do not sell your personal data. We may share data with professional advisers, regulators, or law enforcement when required by law or necessary to protect our rights.
10. Meta/Facebook & Instagram API Usage
Our integration with Facebook and Instagram is provided through official Meta APIs and is subject to Meta Platform Terms, Developer Policies, and applicable community standards. By connecting your Meta accounts, you also agree to Meta's terms and policies governing those platforms.
We use Meta API data solely to deliver the functionality you request, including:
- Authenticating and maintaining your connection to Facebook and Instagram accounts
- Publishing, scheduling, and managing content on authorized pages or profiles
- Displaying account and page information within the Application interface
We do not use Meta API data for surveillance, unauthorized advertising profiles, or purposes unrelated to the Service. We do not transfer Meta user data to third parties except to service providers that support Application functionality under written confidentiality and data protection obligations, or as required by law.
If Meta requires deletion of user data obtained through its APIs, we will honor such requests in accordance with Meta's data deletion requirements and our internal procedures. You may request deletion of your data as described in Section 11.
For data obtained from Meta, you may also manage permissions via your Facebook Settings and Instagram account settings at any time.
11. User Rights & Account Deletion
If you are located in the European Economic Area, United Kingdom, or another jurisdiction granting similar rights, you may have the following rights regarding your personal data, subject to applicable exceptions:
- Access — request confirmation of whether we process your data and receive a copy
- Rectification — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data where legally applicable
- Restriction — request limitation of processing in certain circumstances
- Data portability — receive your data in a structured, commonly used format where applicable
- Objection — object to processing based on legitimate interests or for direct marketing
- Withdraw consent — where processing is based on consent, without affecting prior lawful processing
You may exercise many of these rights directly within the Application, including updating account information, disconnecting social media accounts, and deleting scheduled content.
To request account deletion or submit a privacy rights request, contact us at info@anandmc.nl. We may verify your identity before fulfilling requests. We will respond within the timeframe required by applicable law, generally within one month for GDPR requests.
Upon confirmed account deletion, we will delete or anonymize personal data associated with your account, revoke stored access tokens, and cease processing except where retention is necessary for legal compliance, dispute resolution, or enforcement of agreements.
You have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first so we may address your concerns promptly.
13. Children's Privacy
The Service is not directed to individuals under the age of 16 (or the minimum age required in your jurisdiction, if higher) and we do not knowingly collect personal data from children.
If you believe we have inadvertently collected personal data from a child without appropriate parental consent, please contact us immediately at info@anandmc.nl. We will take steps to delete such information without undue delay.
14. International Data Transfers
We may process and store personal data in countries outside your country of residence, including within the European Economic Area, the United Kingdom, and the United States, where our service providers maintain facilities.
Where personal data is transferred from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of data protection, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or UK authorities, supplemented by additional measures where required.
You may request further information about international transfer safeguards by contacting us at the address below.
15. Changes to Privacy Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or Service features. When we make material changes, we will provide notice through the Application, by email, or by posting an updated version on our website with a revised "Last updated" date.
Your continued use of the Service after the effective date of an updated Policy constitutes acceptance of the revised terms, except where applicable law requires explicit consent. If you do not agree to the updated Policy, you must stop using the Service and may request account deletion.
We recommend reviewing this Policy periodically to stay informed about how we protect your information.
16. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: info@anandmc.nl
- Subject line: Privacy Request
We will endeavor to respond to all legitimate inquiries within a reasonable timeframe and in accordance with applicable legal requirements.
Last updated: May 19, 2026. This Policy is effective as of the date stated above.
4. Social Media Account Permissions
When you choose to connect Instagram or Facebook accounts, you authorize us to access only the permissions you explicitly grant through the official Meta authentication flow. You remain in full control of which accounts are connected and what permissions are approved.
Depending on the permissions you grant, we may access and process:
Access tokens and refresh tokens are stored securely using industry-standard encryption and access controls. We use these tokens solely to perform actions you have authorized within the Application.
You may disconnect any connected social media account at any time through the Application settings or through your Meta account settings. Upon disconnection, we cease using associated tokens for new actions and delete or invalidate stored tokens in accordance with our retention practices, subject to legal obligations.
We do not sell your social media credentials or grant third parties access to your connected accounts except as described in this Policy or as required to operate the Service under strict contractual safeguards.