1. Who we are (data controller)
The Service is operated under Fundacja Rozwoju Przedsiębiorczości "Twój StartUp" (the "Foundation"), a foundation registered in Poland, which acts as the data controller:
2. What data we collect
- Account data — your email address (used to sign you in) and, if you sign in with Google, the basic profile (name) Google shares.
- Threads data (only with your authorization) — when you connect a Threads account via Meta OAuth, we access and store your posts, the comments and mentions under them, and their public metrics, to power analytics and draft generation, and we publish posts/replies on your behalf at your instruction. Your Threads access token is stored encrypted.
- Content you create — the voice profile, topics, rules, and AI-generated drafts you produce in the Service.
- Usage & technical data — product-analytics events, error reports, and standard server logs (e.g. IP address, timestamps) used to operate and improve the Service.
3. How we use your data
To provide and operate the Service — generate drafts in your voice, show your analytics, publish content you approve, send sign-in codes and service notifications, secure the Service, and improve it. We do not sell your personal data.
4. Legal basis (GDPR)
We process your data to perform our contract with you (providing the Service), on the basis of your consent (e.g. connecting a Threads account, sign-in), and our legitimate interests in securing and improving the Service. You can withdraw consent at any time.
5. Service providers we share data with
We use trusted processors strictly to run the Service: Meta / Threads (the platform you connect), Google (sign-in), an LLM provider via OpenRouter (draft generation), Resend (email), Railway and Vercel (hosting), and PostHog and Sentry (analytics and error monitoring). Each processes data only on our instructions. Some providers operate outside the EEA; transfers rely on appropriate safeguards (e.g. Standard Contractual Clauses).
6. Data retention
We keep your data for as long as your account is active and as needed to provide the Service. Sign-in tokens are short-lived. Disconnecting a Threads account removes its stored credentials. You can request deletion of your account and associated data at any time (see Section 8 and the Data Deletion page).
7. Security
We apply reasonable technical and organizational measures, including encryption of stored Threads access tokens and encrypted transport (HTTPS). No method of transmission or storage is perfectly secure, but we work to protect your data.
8. Your rights & data deletion
Under the GDPR you have the right to access, correct, export, or delete your personal data, to restrict or object to processing, and to withdraw consent. You can disconnect a Threads account in Settings at any time, and you may request full account deletion by emailing support@pennedly.com or via the Data Deletion page. If you remove the app from your Threads/Meta account, Meta notifies us and we delete the associated data. You may also lodge a complaint with your local data-protection authority.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect their data.
10. Changes to this policy
We may update this policy; we will revise the "Last updated" date and, for material changes, notify you in the app or by email.
11. Contact
Questions about this policy or your data? We read every message.