Privacy Policy

Effective date: April 8, 2026

LoudScribe Ltd. (“we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under applicable law including the General Data Protection Regulation (GDPR) and similar frameworks.

1. Information We Collect

We collect data you provide directly (account details, voice samples, content preferences) and data generated automatically when you use the Service (usage logs, interaction events, platform connection tokens). Specifically, the data collection includes:

• Account data: email address, name, organization name, plan type
• Voice profile data: writing samples, tone preferences, banned words
• Platform credentials: encrypted OAuth tokens or session cookies for connected social accounts
• Usage data: pages visited, features used, draft approval/rejection patterns, posting times
• Billing data: subscription status, plan history (payment card data is processed exclusively by Paddle and never stored by us)

2. How We Use Your Data

We use your data to:

• Provide, operate, and improve the Service
• Generate AI content drafts using your voice profile
• Post approved content to connected platforms on your behalf
• Send transactional emails (draft notifications, billing receipts)
• Analyze aggregate usage to improve features and reliability
• Comply with legal obligations

3. Cookies and Tracking

We use cookies and similar technologies for authentication, session management, and analytics. Specifically:

• Strictly necessary cookies: required for login and session security — cannot be disabled
• Analytics cookies: used to understand feature usage (e.g., PostHog) — you can opt out via our cookie consent banner
• Platform session cookies: encrypted credentials for social platform posting (only when you enable the interim posting method)

You can manage cookie preferences via our consent banner or your browser settings.

4. Third-Party Services

We share data with third-party service providers only as necessary to provide the Service:

• Supabase: database, authentication, and file storage (EU region)
• Anthropic / OpenAI: AI content generation (prompts may include excerpts from signal articles and your voice profile)
• Paddle: payment processing and Merchant of Record services
• Vercel: application hosting and edge delivery
• Resend: transactional email delivery
• Sentry: error monitoring (error context may include sanitized request data)

We do not sell your personal data to advertisers or data brokers.

5. Data Retention and Deletion

We retain your data for as long as your account is active. Upon account deletion, we begin a 30-day retention window to allow data export, after which all personal data is permanently deleted from our systems. Aggregate anonymized analytics data may be retained indefinitely. Backup snapshots are purged on a rolling 90-day cycle.

6. Your Rights under GDPR

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the following rights under GDPR:

• Right to access: request a copy of all personal data we hold about you
• Right to rectification: correct inaccurate or incomplete data
• Right to erasure (right to be forgotten): request deletion of your personal data, subject to legal retention requirements
• Right to data portability: export your data in a machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to restrict processing: request we limit how we use your data

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You may also request GDPR data export or full account deletion from Settings → Account → Data & Privacy.

7. Data Security

We protect your data using industry-standard security practices: TLS in transit, AES-256-GCM encryption for platform credentials at rest, Row-Level Security on all database tables, and regular security reviews. Access to production data is restricted to authorized personnel.

8. International Data Transfers

Our primary infrastructure is hosted in the EU. When data is transferred outside the EEA (e.g., to AI providers in the US), we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms under GDPR Chapter V.

9. Children’s Privacy

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided data to us, contact us immediately at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email or in-app notification when we make material changes. The updated policy will be effective on the date indicated at the top.

11. Contact Us

For privacy inquiries, data access requests, or to report a concern:

• Email: [email protected]
• Subject line: “Privacy Request — [your request type]”

For questions about how we handle your account or content, see our Terms of Service.