Privacy Policy

Account Information

• Name, email address, company name, and job title
• Billing information (processed securely via Stripe—we never store full payment details)
• Account preferences, timezone, and notification settings

Content & Campaign Data

• Social media posts, captions, media files, and campaign content you create
• Brand guidelines, voice profiles, and AI training data you upload
• Connected social media account metadata (usernames, follower counts, engagement metrics)
• Scheduling information and publishing history

Usage Analytics

• Device information, IP address, browser type, and operating system
• Pages visited, features used, and time spent in the platform
• Error logs and performance metrics to improve stability
• AI model interactions and content generation requests

Social Media Connections

When you connect social media accounts (LinkedIn, Facebook, Instagram, TikTok, YouTube, Twitter/X), we collect:

• OAuth access tokens (stored encrypted) to publish on your behalf
• Profile information, page details, and publishing permissions
• Post performance metrics (impressions, engagement, reach) for analytics

Service Delivery (Contractual Necessity)

• Providing access to Asteria Engine platform and features
• AI content generation, scheduling, and publishing automation
• Brand Intelligence Engine training and optimization
• Customer support and technical assistance

Product Improvement (Legitimate Interest)

• Analyzing usage patterns to enhance AI model performance
• Developing new features based on user behavior
• Monitoring system health and preventing abuse
• Conducting research to improve content generation quality

Legal Compliance (Legal Obligation)

• Maintaining audit logs for security and fraud prevention
• Responding to legal requests and regulatory requirements
• Enforcing our Terms of Service and acceptable use policies

Marketing Communications (Consent)

With your explicit consent, we may send:

• Product updates, feature announcements, and best practice guides
• Educational content and webinar invitations
• Promotional offers (you can opt out anytime)

Infrastructure & Location

• Data is hosted on secure cloud infrastructure in the UK and EU (AWS eu-west-2 London region)
• All data transfers are encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256 encryption
• Database backups are performed daily with 30-day retention

Security Measures

• Multi-Factor Authentication (MFA): Required for all workspaces
• Role-Based Access Control: Granular permissions and workspace isolation
• Audit Logging: Immutable logs of all account activities
• Penetration Testing: Regular third-party security assessments
• Incident Response: 24/7 monitoring and automated threat detection

Data Retention

• Active account data is retained for the duration of your subscription
• After account deletion, data is permanently removed within 30 days
• Billing records are retained for 7 years per UK tax law
• Audit logs are retained for 12 months for security purposes