Privacy Policy

getchatsocial.com is a product published by Brandyze (hereinafter "Brandyze" or "we"), acting as data controller within the meaning of Regulation (EU) 2016/679 (GDPR).

For any questions about this policy or the exercise of your rights, you may contact our data protection officer at [email protected].

We collect and process the following categories of data:

• Account data (via our self-hosted GoTrue authentication service on our Contabo servers): email address, hashed password, user identifier, account creation date.
• Brand brief: website URL analysed at onboarding, brand summary, tone of voice, target audience, identified competitors.
• Conversation history: messages exchanged with the agent, tool calls and their results, session metadata.
• Generated and scheduled content: draft posts, published or scheduled posts, attached media, scheduled dates.
• Connected social accounts: public identifiers (LinkedIn, X, TikTok, Instagram, Reddit, YouTube handles), OAuth tokens encrypted at rest.
• Push notification tokens (mobile): Expo / APNs / FCM token, notification preferences.
• Technical data: IP address, device type, operating system, error logs (for debugging and security purposes only).

Your data is processed for the following purposes:

• Providing the getchatsocial.com service — authentication, request execution, generation and publication of social content.
• Personalising AI agent responses by injecting your brand brief and current conversation history.
• Sending relevant push notifications (task completed, post published, trend alert) where you have consented.
• Ensuring service security, preventing fraud and complying with our legal obligations.
• Improving the service in an aggregated and anonymised manner (tool failure rates, latencies, errors).

• Performance of a contract (Article 6.1.b GDPR) for the provision of the service you have subscribed to.
• Consent (Article 6.1.a GDPR) for push notifications and the connection of third-party social accounts.
• Legitimate interests (Article 6.1.f GDPR) for service security and aggregated performance analysis.
• Legal obligation (Article 6.1.c GDPR) for the retention of applicable accounting and tax data.

We retain your data for as long as necessary for the purposes described above, and for a maximum of 36 months after the last activity on your account. You may at any time request early deletion of your data by writing to [email protected] — deletion is effective within 30 days, except where legally required to retain data (billing, fraud prevention).

Under the GDPR, you have the following rights:

• Right of access — obtain a copy of the data held about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure — request deletion of your data.
• Right to data portability — receive your data in a structured, commonly used, machine-readable format.
• Right to restriction of processing.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise these rights: write to [email protected] providing proof of your identity. You also have the right to lodge a complaint with the CNIL.

To provide the service, we use the following processors, who may process your data in accordance with this policy:

• Contabo GmbH (Germany / EU) — infrastructure host: application servers, PostgreSQL database, self-hosted authentication service (GoTrue) and storage.
• Brandyze (France / EU) — social intelligence engine, MCP tool execution.
• Google LLC (United States) — Gemini language models (primary AI provider for agent orchestration, content generation and memory-recall embeddings, via the Google Generative AI / Vertex AI API).
• OpenRouter, Inc. (United States) — gateway to third-party language models (primary provider for the fast conversation path). Your messages are forwarded via OpenRouter to the active model (e.g. Qwen, Mistral).
• Groq, Inc. (United States) — low-latency language model inference (fallback provider for content generation).
• OpenAI, LLC (United States) — GPT models used as third-level fallback provider for structured content generation (autopilot, summaries, quality gate). Not used for the primary conversation path.
• Anthropic, PBC (United States) — Claude models used as last-resort fallback provider for content generation (fourth level). Not used for the primary conversation path.
• Expo (Expo / EAS) (United States) — mobile application distribution and push notification delivery.

Transfers to processors located in the United States are governed by Standard Contractual Clauses (SCCs) issued by the European Commission. We transmit to language model providers only what is strictly necessary to process your request (message content, brand brief, current conversation history). We do not consent to your content being used to train their models; however, effective compliance with this commitment depends on each provider's own policy and we cannot guarantee it in absolute terms.

getchatsocial.com uses only cookies that are strictly necessary for the operation of the service (GoTrue self-hosted authentication session, theme preferences). No tracking, third-party analytics or advertising cookies are set. No prior consent is therefore required within the meaning of Article 82 of the French Data Protection Act.

We implement appropriate technical and organisational measures to protect your data: TLS encryption in transit, OAuth token encryption at rest, workspace isolation, role-based access control (Postgres RLS), logging of access to sensitive tools, regular backups.

For any question, rights request or incident report:

[email protected]

We may update this privacy policy to reflect legal, technical or functional developments. The date of the last update is shown at the top of the page. In the event of a material change, you will be notified by email or via an in-app notification.