Privacy Policy
This policy explains how Search&Social ("we") processes personal data under the EU General Data Protection Regulation (GDPR/DSGVO).
1. Controller
[OPERATOR], [ADDRESS], Austria — [EMAIL].
2. What we process
- Account data — email address, name, company name, and settings you provide at signup or in your profile.
- Brand-voice source material — content of websites you ask us to analyze, crawled to derive your brand voice.
- LinkedIn connection data — when you connect LinkedIn, our publishing provider (Post for Me) stores the OAuth tokens; we store only account identifiers and connection status, never the tokens themselves.
- Generated content — campaign plans, posts, and articles the service drafts for you, plus your edits and scheduling choices.
- Billing data — subscription status via Stripe; we never see full card details.
3. Purposes and legal bases
We process this data to provide the service (Art. 6(1)(b) GDPR — contract), to bill you (Art. 6(1)(b)), and to secure and operate our infrastructure (Art. 6(1)(f) — legitimate interest). We do not sell personal data and we do not use it to train AI models.
4. Processors and recipients
We use the following processors:
- Supabase (database, authentication)
- OpenAI (content generation)
- Post for Me (LinkedIn publishing and OAuth)
- NeuronWriter (content scoring)
- RankScale (AI search visibility)
- Stripe (payments)
- Resend (transactional email)
- Cloudflare (hosting, DNS, CDN)
- Hetzner (server hosting, Germany)
Some providers process data outside the EU/EEA; where they do, transfers rely on EU Standard Contractual Clauses or an adequacy decision.
5. Cookies and tracking
We use only the cookies required to keep you signed in (session authentication). No analytics or advertising trackers are set.
6. Retention
Account data and generated content are kept while your account exists and deleted on account deletion, except where law requires longer retention (e.g. invoicing records).
7. Your rights
You have the right to access, rectify, erase, restrict, and port your data, to object to processing, and to lodge a complaint with a supervisory authority — in Austria, the Datenschutzbehörde (dsb.gv.at). Contact [EMAIL] to exercise these rights.
Last updated: 2026-07-12 (draft).