PRIVACY POLICY

Last updated May 06, 2026



This Privacy Notice for REPOSTIFY LTD ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
  • Download and use our mobile application (Repostify), or any other application of ours that links to this Privacy Notice
  • Use Repostify. An app that allows you to connect your social media accounts in one place and set up automations to detect uploads on one platform and repost it automatically on your other platforms
  • Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at repostify.io@gmail.com.


SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We do not process sensitive personal information.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by visiting https://repostify.io/contact/, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.


TABLE OF CONTENTS



1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
  • email addresses
  • passwords
  • contact preferences
  • names
  • usernames
  • contact or authentication data
Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Stripe, Google Play and Apple. You may find their privacy notice link(s) here: https://stripe.com/gb/privacy, https://pay.google.com/intl/en_in/about/policy/ and https://www.apple.com/legal/privacy/en-ww/.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
  • Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.
  • Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice: https://repostify.io/cookie-policy/.

The information we collect includes:
  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
  • Cross-subdomain cookie preferences. We operate multiple subdomains under the Repostify brand, including but not limited to `repostify.io` and `app.repostify.io`. To ensure a seamless user experience and comply with applicable data privacy regulations, we use a technical method to share your consent preferences between these services. This allows us to remember your cookie and tracking preferences across our subdomains without requiring you to give consent repeatedly. This mechanism does not share any personally identifiable information but ensures that your choices regarding data collection (such as the use of analytics and advertising cookies) are respected across all areas of our platform.

Google API

Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.


2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We process the personal information for the following purposes listed below. We may also process your information for other purposes only with your prior explicit consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

  • To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
  • To integrate and interact with third-party social media platforms, based on user consent. __________

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations
  • We may disclose de-identified information for approved research or statistics projects, subject to ethics oversight and confidentiality commitments

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.

The categories of third parties we may share personal information with are as follows:
  • Ad Networks
  • Affiliate Marketing Programs
  • Cloud Computing Services
  • Communication & Collaboration Tools
  • Data Analytics Services
  • Retargeting Platforms
  • Sales & Marketing Tools
  • Website Hosting Service Providers
  • Payment Processors
  • User Account Registration & Authentication Services
  • Social Networks
  • Testing Tools

We also may need to share your personal information in the following situations:
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

To the extent these online tracking technologies are deemed to be a "sale"/"sharing" (which includes targeted advertising, as defined under the applicable laws) under applicable US state laws, you can opt out of these online tracking technologies by submitting a request as described below under section "DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?"

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice: https://repostify.io/cookie-policy/.

Google Analytics

 We may share your information with Google Analytics to track and analyze the use of the Services. The Google Analytics Advertising Features that we may use include: Google Display Network Impressions Reporting, Google Analytics Demographics and Interests Reporting and Remarketing with Google Analytics. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through Ads Settings and Ad Settings for mobile apps. Other opt out means include http://optout.networkadvertising.org/ and http://www.networkadvertising.org/mobile-choice. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or X logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this Privacy Notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction.

We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or the equivalent age as specified by law in your jurisdiction or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age or the equivalent age as specified by law in your jurisdiction has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18 or the equivalent age as specified by law in your jurisdiction, please contact us at repostify.io@gmail.com.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. If a decision that produces legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a simple way to request human review. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.

We will consider and act upon any request in accordance with applicable data protection laws.
 
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below or updating your preferences.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:
  • Contact us using the contact information provided.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our Cookie Notice: https://repostify.io/cookie-policy/.

If you have questions or comments about your privacy rights, you may email us at repostify.io@gmail.com.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

Global Privacy Control: We recognize and honor Global Privacy Control (GPC) signals. If you use a browser or extension that supports GPC, we will treat this as a valid request to opt out of the sale or sharing of your personal information for targeted advertising purposes under applicable state privacy laws, including the California Consumer Privacy Act (CCPA). When we detect a GPC signal from your browser, we will automatically apply your opt-out preference without requiring you to take any additional action. For more information about GPC and how to enable it, visit globalprivacycontrol.org.

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.

Categories of Personal Information We Collect

The table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the section "WHAT INFORMATION DO WE COLLECT?"

CategoryExamplesCollected
A. Identifiers
Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name

YES

B. Personal information as defined in the California Customer Records statute
Name, contact information, education, employment, employment history, and financial information

YES

C. Protected classification characteristics under state or federal law
Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data

NO

D. Commercial information
Transaction information, purchase history, financial details, and payment information

YES

E. Biometric information
Fingerprints and voiceprints

NO

F. Internet or other similar network activity
Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements

YES

G. Geolocation data
Device location

NO

H. Audio, electronic, sensory, or similar information
Images and audio, video or call recordings created in connection with our business activities

NO

I. Professional or employment-related information
Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us

NO

J. Education Information
Student records and directory information

NO

K. Inferences drawn from collected personal information
Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

NO

L. Sensitive personal Information

NO


We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
  • Receiving help through our customer support channels;
  • Participation in customer surveys or contests; and
  • Facilitation in the delivery of our Services and to respond to your inquiries.
We will use and retain the collected personal information as needed to provide the Services or for:
  • Category A - As long as the user has an account with us
  • Category B - As long as the user has an account with us
  • Category D - As long as the user has an account with us
  • Category F - As long as the user has an account with us

Sources of Personal Information

Learn more about the sources of personal information we collect in "WHAT INFORMATION DO WE COLLECT?"

How We Use and Share Personal Information

Learn more about how we use your personal information in the section, "HOW DO WE PROCESS YOUR INFORMATION?"

We collect and share your personal information through:
  • Targeting cookies/Marketing cookies
  • Social media cookies
  • Beacons/Pixels/Tags
Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

  • Category F. Internet or other electronic network activity information

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?"

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:
  • Right to know whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request the deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to non-discrimination for exercising your rights
  • Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")
Depending upon the state where you live, you may also have the following rights:
  • Right to access the categories of personal data being processed (as permitted by applicable law, including the privacy law in Minnesota)
  • Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland)
  • Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in Minnesota and Oregon)
  • Right to obtain a list of third parties to which we have sold personal data (as permitted by applicable law, including the privacy law in Connecticut)
  • Right to review, understand, question, and depending on where you live, correct how personal data has been profiled (as permitted by applicable law, including the privacy law in Connecticut and Minnesota)
  • Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)
  • Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)

How to Exercise Your Rights

To exercise these rights, you can contact us by visiting https://repostify.io/contact/, by emailing us at repostify.io@gmail.com, by visiting https://repostify.io/contact/, or by referring to the contact details at the bottom of this document.

We will honor your opt-out preferences if you enact the Global Privacy Control (GPC) opt-out signal on your browser.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at repostify.io@gmail.com. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

California "Shine The Light" Law

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?"

13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand
We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (Privacy Act).

This Privacy Notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.

If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:
  • offer you the products or services that you want
  • respond to or help with your requests
  • manage your account with us
  • confirm your identity and protect your account
At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?"

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner.

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?"

If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, the details of which are:

General enquiries: enquiries@inforegulator.org.za

14. SOCIAL MEDIA INTEGRATIONS

 Our Services enable you to authenticate, link, and connect your third-party social media, content, and messaging accounts (including, without limitation, TikTok, Instagram, Facebook, YouTube, X, and similar platforms) to Repostify. By linking, authenticating, or otherwise connecting any such account, you expressly authorize and instruct us to access, receive, store, refresh, transmit, process, and otherwise use the data, content, metadata, identifiers, permission scopes, and authentication or refresh tokens made available to us by that platform, strictly to the extent reasonably necessary to provide the functionality you have enabled. This may include, without limitation, displaying content within the Services, detecting uploads, mirroring or reposting media to other platforms on your behalf, retrieving channel, page, account, or profile metadata, and performing related actions consistent with the permissions you have granted. We process this data only for the purposes described in this Privacy Notice and in accordance with applicable data protection laws, the terms of the relevant third-party platform, and any developer or platform policies that apply to that data. We do not sell connected platform data, and we do not use it for purposes prohibited by the applicable platform. You may revoke our access and disconnect any connected account at any time from within the Services or, where supported, from within the relevant third-party platform's account or security settings. Disconnecting an account may limit or disable certain features of the Services. Disconnection from Repostify does not delete data stored by the third-party platform itself; to manage or delete content held by that platform, you must do so directly through that platform.

15. DATA SECURITY, SECURITY INCIDENTS, FRAUD PREVENTION, MONITORING, AND MISUSE DETECTION

 We prioritize the security of your personal data. Repostify implements technical, organizational, and administrative measures designed to protect personal information and the Services, including industry-standard safeguards such as encryption in transit and at rest where appropriate, secure data storage, access controls, credential protection measures, environment separation, logging, monitoring, rate limiting, authentication controls, token handling and rotation procedures, internal permissions management, vendor oversight, and other security safeguards we consider appropriate in light of the nature of the data and the processing activities involved. While we strive to maintain robust security, no method of transmission, storage, authentication, or processing over the internet or any electronic system can be guaranteed to be 100% secure, uninterrupted, or immune from attack, interception, or unauthorized access. Accordingly, we cannot and do not warrant absolute security, and we expressly disclaim any such warranty to the maximum extent permitted by applicable law. We are nonetheless committed to implementing and maintaining reasonable practices designed to minimize risk. We may monitor the Services, systems, networks, accounts, connected integrations, traffic patterns, API activity, and usage activity to detect, prevent, investigate, and mitigate fraud, spam, abuse, security threats, policy violations, service misuse, suspicious behaviour, service degradation, and other harmful or unlawful conduct. This may include automated or manual review of logs, metadata, authentication events, usage patterns, device or browser information, IP addresses, error reports, and other security-relevant information. We may create, retain, and use security logs, incident records, abuse reports, fraud indicators, internal case notes, blocklists, allowlists, and related records where reasonably necessary to secure the Services and protect users, third-party platforms, vendors, and our business. We may share relevant information with service providers, advisers, insurers, law enforcement, regulators, affected counterparties, or third-party platforms where reasonably necessary to investigate incidents, comply with legal obligations, contest abuse, or protect rights, property, or systems. You are responsible for keeping your credentials secure, enabling and using multi-factor or strong authentication where available, protecting your devices, maintaining current security software, and notifying us promptly of any actual or suspected unauthorized access, account compromise, or misuse. You acknowledge that any failure on your part to maintain reasonable account and device security may increase the risk of unauthorized access and that we are not responsible for harm arising from your failure to do so, except to the extent required by applicable law. In the event of an actual, suspected, or threatened security incident, we may take any action we reasonably consider necessary or appropriate to contain, investigate, remediate, document, disclose, or mitigate the issue, including without limitation restricting or suspending accounts, revoking tokens or credentials, suspending integrations, notifying affected users, engaging forensic, security, insurance, or legal advisers, preserving evidence, cooperating with law enforcement or regulators, and reporting the incident to affected parties or competent authorities where required or appropriate under applicable law. Where notification of affected individuals is legally required, we will provide such notification in accordance with the applicable law and within any timeframe it prescribes.

16. USER RIGHTS

 Subject to applicable data protection laws and any limitations or exemptions they permit, you have the right, at any time and free of charge (except where the law allows a reasonable fee for manifestly unfounded or excessive requests), to: (i) request access to and obtain a copy of the personal information we hold about you; (ii) request correction or rectification of inaccurate or incomplete personal information; (iii) request deletion or erasure of your personal information; (iv) request restriction of, or object to, certain types of processing, including processing based on legitimate interests, direct marketing, or profiling; (v) where applicable, request portability of personal information you have provided to us in a structured, commonly used, machine-readable format; (vi) withdraw any consent you have given to us at any time, without affecting the lawfulness of processing carried out before withdrawal; and (vii) where applicable, request that you not be subject to a decision based solely on automated processing that produces legal or similarly significant effects. To exercise any of these rights, please contact us at repostify.io@gmail.com or via https://repostify.io/contact/. We will respond to verified requests within the timeframes required by applicable law (and in any event without undue delay). We may need to verify your identity before acting on a request and may decline or limit a request to the extent permitted by law, including where the request is manifestly unfounded, excessive, would adversely affect the rights or freedoms of others, or where retention is required for legal, regulatory, accounting, fraud prevention, or dispute resolution purposes. If you believe we have not adequately addressed your request, you have the right to lodge a complaint with your local supervisory authority or data protection regulator (in the United Kingdom, the Information Commissioner's Office at ico.org.uk; in the European Economic Area, your Member State data protection authority; in Switzerland, the Federal Data Protection and Information Commissioner). We encourage you to contact us first so that we can attempt to resolve your concern directly.

17. USE OF YOUTUBE API SERVICES

 Repostify uses YouTube API Services to allow users to connect their YouTube account and perform actions such as retrieving channel information and uploading or reposting content on the user’s behalf. By using these features, you agree to be bound by the YouTube Terms of Service (https://www.youtube.com/t/terms ). Repostify also references and links to the Google Privacy Policy (https://policies.google.com/privacy ). What YouTube data we access and store. When you connect YouTube, Repostify may access and store certain YouTube Authorized Data, such as OAuth access tokens, OAuth refresh tokens, your YouTube channel identifier, and limited channel/video metadata required to provide the feature you enabled (for example, upload status and basic identifiers). We use this data only to provide the YouTube-related functionality you request in Repostify. How to revoke Repostify’s access. You can revoke Repostify’s access to your YouTube account at any time by either: Disconnecting YouTube inside Repostify (Connections → YouTube → Disconnect/Turn off), or Revoking access via Google’s settings pages: https://myaccount.google.com/connections?filters=3&hl=en https://security.google.com/settings/security/permissions What happens after revocation (token revocation + deletion). When you revoke access using either method above, Repostify will programmatically revoke the associated authorization token(s) as soon as possible to communicate the change in permissions to Google, and we will delete the related YouTube Authorized Data we have stored (including stored OAuth tokens, channel identifiers, and any cached YouTube metadata linked to that connection) as soon as possible and no later than seven (7) calendar days after revocation. Important note. Disconnecting Repostify or deleting data stored by Repostify does not delete any data stored by YouTube. To manage or delete content on YouTube, you must do so directly through YouTube (for example, YouTube Studio or the YouTube website/app). Contact. If you have questions or complaints about our privacy practices relating to YouTube data, contact us at repostify.io@gmail.com .

18. THIRD-PARTY SOURCES, CONNECTED ACCOUNT DATA, AND PLATFORM-SUPPLIED INFORMATION

 In addition to personal information you provide directly to us, we may receive personal information, technical information, account information, permissions data, and content-related metadata from third-party platforms, services, and providers that you choose to connect to the Services or use in connection with the Services. These may include, without limitation, social media and creator platforms (such as TikTok, Instagram, Facebook, YouTube, and X), app stores (Apple App Store and Google Play), authentication providers (such as Sign in with Apple and Google Sign-In), analytics providers, payment processors, subscription management providers (including RevenueCat as further described below), cloud and hosting providers, customer support and communications platforms, fraud-prevention providers, and other vendors or partners that support the operation of the Services. Categories of information received. Depending on the third-party platform or service you connect, the information we receive may include your name, email address, username, profile image, account ID, channel ID, page ID, social handle, profile metadata, OAuth access and refresh tokens, permission scopes, media identifiers, upload status data, account status information, content metadata, usage metrics, analytics information, transaction or subscription event data, billing and platform identifiers, and other information that the third party makes available to us in accordance with your settings, permissions, and authorizations. Purposes and lawful bases. We use this information only for the purposes described in this Privacy Notice and as reasonably necessary to provide, operate, maintain, improve, secure, troubleshoot, support, and lawfully administer the Services. This may include authenticating you, linking and managing connected accounts, enabling automations, detecting uploads, syncing or reposting content, facilitating publishing actions on your behalf where authorized, providing reporting and account management features, monitoring service health, preventing fraud and abuse, investigating complaints or technical issues, enforcing our legal terms, and complying with legal obligations. Where the UK GDPR or EU GDPR applies, the lawful bases for this processing are: (i) performance of a contract with you (the Repostify Terms of Service); (ii) our legitimate interests in operating, securing, and improving the Services; (iii) compliance with legal obligations; and (iv) where required, your consent, which you may withdraw at any time. Authorization. By linking or authenticating a third-party account with the Services, you instruct and authorize us to access, receive, store, process, refresh, transmit, and otherwise use the information made available by that third-party provider to the extent reasonably necessary to provide the functionality you have chosen to enable. You acknowledge and agree that your relationship with each third-party provider is governed by that provider's own terms, policies, and privacy practices, and that we do not control and are not responsible for the privacy, security, accuracy, retention, or other data-handling practices of those third parties. Disconnection and revocation. If you disconnect a connected account, revoke a permission, remove an integration, or withdraw consent where consent is the lawful basis for processing, some features of the Services may stop working or become limited. We may still retain certain information obtained from third parties to the extent necessary for security, fraud prevention, dispute resolution, backup integrity, enforcement of our Terms, legal compliance, tax and accounting purposes, or the establishment, exercise, or defence of legal claims, in each case in accordance with applicable law and the retention principles described in this Privacy Notice. For the avoidance of doubt, where we receive personal information from third-party platforms or providers that you choose to connect, such information is treated as personal information under this Privacy Notice and is processed in accordance with applicable law and the terms of this Notice.

19. INTERNATIONAL TRANSFERS, CROSS-BORDER PROCESSING, AND SAFEGUARDS

 We may process, store, access, disclose, transfer, or permit access to your personal information in countries other than the country in which you are located, including without limitation the United Kingdom, the European Economic Area, the United States, Canada, and any other jurisdiction in which our affiliates, vendors, service providers, hosting providers, support providers, analytics tools, communication platforms, or infrastructure providers operate. These countries may have data protection laws that are different from, and in some cases less protective than, those in your country or jurisdiction. Where applicable law requires it, and where personal information is transferred internationally in circumstances amounting to a restricted transfer under the UK GDPR, the EU GDPR, the Swiss Federal Act on Data Protection, or any other applicable data protection law, we will take steps designed to ensure that such transfers are made lawfully and that appropriate safeguards are in place. Transfer mechanisms. Depending on the circumstances, the safeguards on which we rely may include, without limitation: — adequacy regulations or decisions issued by the UK Government or the European Commission in respect of the recipient jurisdiction; — the EU Standard Contractual Clauses adopted by the European Commission; — the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the European Commission's Standard Contractual Clauses, issued by the Information Commissioner's Office; — the Swiss-specific addendum to the Standard Contractual Clauses where personal information transferred is subject to Swiss data protection law; — participation by the recipient in an applicable data privacy framework (including, where applicable, the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework); — binding corporate rules where applicable; — transfer risk assessments and supplementary technical, contractual, and organisational measures; and — other lawful transfer mechanisms recognized under applicable data protection law. Where you have provided explicit consent to a specific transfer after having been informed of the possible risks, or where the transfer is necessary for the performance of a contract with you or in your interest, we may rely on the corresponding derogation under Article 49 of the UK GDPR or EU GDPR to the extent permitted. Acknowledgement and information. By using the Services, you acknowledge that your personal information may be transferred to, stored in, accessed from, or processed in jurisdictions outside your own. Where required by law, we will provide further information regarding the relevant transfer mechanism or safeguards upon written request, subject to legal, security, and confidentiality restrictions. Limits. Nothing in this section permits us to transfer personal information in a manner prohibited by applicable law. We will not knowingly make a restricted transfer where we are required by law to implement safeguards and have not done so. Where third-party providers process personal information on our behalf in other jurisdictions, we seek to impose contractual obligations and reasonable security requirements designed to protect that information, although we cannot guarantee that any transfer, transmission, or international storage arrangement will be entirely free from risk.

20. RETENTION SCHEDULES, ACCOUNT DELETION, BACKUPS, AND DATA LIFECYCLE

 We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Notice, unless a longer retention period is required or permitted by applicable law. Retention periods vary depending on the type of information, the purpose for which it was collected, the sensitivity of the information, the risk of harm from unauthorized use or disclosure, applicable legal or regulatory requirements, contractual obligations, technical limitations, dispute-resolution needs, fraud-prevention needs, and whether the information is required to establish, exercise, or defend legal claims. Indicative retention principles. By way of example and without limitation, and subject in each case to longer retention where required or permitted by law: — Account registration and profile information is retained for the duration of the user's account and for a reasonable period thereafter to permit account reactivation, dispute resolution, fraud prevention, and enforcement of our Terms of Service. — Subscription, billing, and tax records are retained for the periods required by applicable accounting, tax, and corporate law (which, in the United Kingdom, generally requires retention of business and tax records for at least six (6) years from the end of the relevant accounting period, and in some cases longer). — Customer support correspondence is retained for a reasonable period after closure of the relevant support matter to permit follow-up, quality assurance, and dispute resolution. — Audit logs, security logs, incident records, and abuse-related records are retained for the period reasonably necessary to investigate, prevent, and respond to security incidents, fraud, and policy violations, and to comply with legal obligations. — Connected-account metadata and OAuth tokens are retained for the duration of the relevant connection and are deleted in accordance with the platform-specific deletion commitments described elsewhere in this Privacy Notice (including the seven (7) day commitment for YouTube Authorized Data). — Records of consent and of rights requests are retained for the period reasonably necessary to demonstrate compliance with applicable data protection law and to respond to regulatory enquiries. — Marketing and email-list data is retained until you unsubscribe or otherwise withdraw consent, and for a reasonable period thereafter to maintain suppression lists and demonstrate compliance. Deletion of accounts and personal information. If you request deletion of your account or personal information, we will take reasonable steps to delete or anonymize relevant personal information from active systems within a reasonable period of receipt of a verified request, subject to legal, technical, contractual, and operational limitations. Certain information may continue to exist for a limited time in encrypted backups, logs, archives, disaster-recovery systems, fraud-prevention systems, legal holds, or other protected records where deletion is not immediately feasible or where retention is permitted or required by law. Where immediate deletion is not feasible, we will isolate the relevant information from further routine use and delete it in accordance with our normal backup rotation, archival deletion, or system maintenance schedules, unless continued retention is legally justified. Account disconnection, integration revocation, subscription cancellation, or app deletion does not necessarily result in immediate deletion of all related personal information. Different categories of data may follow different retention schedules. For example, security logs, billing records, support history, tax records, and records of consent or rights requests may be retained after account closure where necessary to comply with legal obligations, maintain auditability, or protect our rights. De-identification and anonymization. We may de-identify, anonymize, aggregate, or otherwise irreversibly transform personal information so that it no longer identifies an individual. Where information has been genuinely anonymized so that it is no longer personal information under applicable law, we may retain and use that information indefinitely for lawful business purposes including analytics, product improvement, security analysis, service benchmarking, operational reporting, and statistical research. We commit not to attempt to re-identify anonymized data and to require, by contract or other appropriate means, that recipients of such data do not attempt to re-identify it.

21. LEGAL DISCLOSURES, CORPORATE TRANSACTIONS, ENFORCEMENT, AND RIGHTS PROTECTION

 In addition to the disclosures described elsewhere in this Privacy Notice, we may disclose, preserve, or otherwise process personal information where we believe in good faith that such disclosure or processing is reasonably necessary or appropriate to: (i) comply with applicable law, regulation, legal process, court order, subpoena, warrant, governmental request, or binding request from a competent authority in any jurisdiction in which we operate; (ii) respond to lawful requests from regulators, tax authorities, law-enforcement agencies, courts, tribunals, or supervisory authorities; (iii) investigate, prevent, or address suspected or actual fraud, abuse, platform misuse, illegal activity, security incidents, or violations of our Terms of Service or other policies; (iv) protect the rights, property, safety, systems, users, personnel, vendors, business partners, or the public; (v) establish, exercise, or defend legal claims; (vi) collect debts; or (vii) enforce our contractual rights. Lawful basis. Where the UK GDPR or EU GDPR applies, the lawful basis for these disclosures is, as relevant, compliance with our legal obligations, our legitimate interests (including the legitimate interests of third parties such as users, platforms, and the public), the establishment, exercise, or defence of legal claims, or, in limited cases, the protection of vital interests. Professional advisers and corporate counterparties. We may also disclose personal information to professional advisers, insurers, auditors, accountants, legal counsel, consultants, and similar recipients where reasonably necessary for corporate governance, risk management, financing, restructuring, due diligence, compliance, dispute management, or business-continuity purposes, in each case subject to appropriate confidentiality obligations. Corporate transactions. If all or part of our business or assets is involved in or contemplating a merger, acquisition, reorganization, investment, asset sale, financing transaction, insolvency or bankruptcy process, dissolution, or similar corporate event, personal information may be disclosed to actual or prospective counterparties, funders, professional advisers, and transition service providers as part of that process, subject where appropriate to confidentiality protections and applicable legal requirements. In such circumstances, we will take reasonable steps to ensure that any successor entity continues to handle personal information in a manner consistent with this Privacy Notice or that affected individuals are notified of any material changes in accordance with applicable law. Investigations and enforcement. We may also preserve and disclose personal information where necessary to investigate complaints, contest chargebacks, detect coordinated misuse, respond to platform-related enforcement issues, validate rights requests, preserve evidence, maintain records relevant to anticipated or actual disputes, or prevent imminent harm to any person or to the security or integrity of the Services. Notification limits. Nothing in this section shall be construed as requiring us to notify you of every legal disclosure where such notification is prohibited by law, would compromise an investigation, would create a security or operational risk, or is otherwise not required.

22. SECURITY INCIDENTS, FRAUD PREVENTION, MONITORING, AND MISUSE DETECTION

 We use technical, organizational, and administrative measures designed to protect personal information and the Services against unauthorized access, alteration, disclosure, loss, destruction, or misuse, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons. These measures may include, without limitation, encryption in transit and at rest where appropriate, access controls, principle-of-least-privilege permissioning, credential protection, environment separation, logging, monitoring, rate limiting, authentication controls, secure token handling and rotation, internal permissions management, vendor oversight and security review, incident-response planning, and other safeguards we consider appropriate. Monitoring. We may monitor the Services, systems, networks, connected accounts, integrations, traffic patterns, API activity, and usage activity to detect, prevent, investigate, and mitigate fraud, spam, abuse, security threats, policy violations, service misuse, suspicious behaviour, service degradation, account takeover, credential stuffing, scraping, automated abuse, and other harmful or unlawful conduct. This monitoring may include automated or manual review of logs, metadata, authentication events, usage patterns, device or browser information, IP addresses, error reports, telemetry, and other security-relevant information. The lawful bases for this processing under the UK GDPR and EU GDPR are our legitimate interests in maintaining the security and integrity of the Services and protecting users, and, where applicable, compliance with our legal obligations. Records and information sharing. We may create and retain security logs, incident records, abuse reports, fraud indicators, internal case notes, blocklists, allowlists, threat-intelligence records, and related records where reasonably necessary to secure the Services and protect users, third-party platforms, vendors, and our business. We may share relevant information with service providers, security advisers, insurers, law-enforcement agencies, regulators, affected counterparties, or third-party platforms where reasonably necessary to investigate incidents, comply with legal obligations, contest abuse, or protect rights, property, or systems. No warranty of absolute security. Although we take reasonable steps to protect personal information, no method of transmission, storage, authentication, or processing can be guaranteed to be fully secure, uninterrupted, or immune from attack. Accordingly, we cannot and do not warrant absolute security, and we expressly disclaim any such warranty to the maximum extent permitted by applicable law. You are responsible for keeping your credentials secure, enabling and using strong authentication where available, protecting your devices, maintaining current security software, and notifying us promptly of any actual or suspected unauthorized access or misuse. Incident response. In the event of an actual, suspected, or threatened security incident, we may take any action we reasonably consider necessary or appropriate to contain, investigate, remediate, document, disclose, or mitigate the issue, including without limitation restricting or suspending accounts, revoking tokens or credentials, suspending integrations, notifying affected users, engaging forensic, security, insurance, or legal advisers, preserving evidence, cooperating with law-enforcement agencies or regulators, and reporting the incident to affected parties or authorities where required or appropriate under applicable law. Breach notification. Where a personal data breach (as defined under the UK GDPR or EU GDPR) is likely to result in a risk to the rights and freedoms of natural persons, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, in accordance with Article 33 of the UK GDPR and EU GDPR. Where the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the breach to affected data subjects without undue delay in accordance with Article 34. Where notification is required under other applicable laws (including US state breach-notification laws, the Privacy Act 1988 (Cth) of Australia, the Privacy Act 2020 (NZ), or the Protection of Personal Information Act of South Africa), we will provide notification in accordance with the applicable timeframes and content requirements of those laws.

23. CONSENT MANAGEMENT, ADVERTISING PARTNERS, SUBSCRIPTION PROCESSING, AUTOMATED PROCESSING, SERVICE ANALYTICS, DE-IDENTIFIED DATA, AND PRODUCT IMPROVEMENT

 Consent for analytics and tracking. We do not collect analytics information that can be reasonably traced back to you as an identified or identifiable individual until you have provided consent through our in-app or website consent management interface, except where the underlying processing is permitted on another lawful basis (such as strictly necessary processing required to provide the Services or to comply with a legal obligation). Where you do not grant analytics consent, we will not activate analytics tracking technologies that identify you as an individual, including without limitation Firebase Analytics user-level events and Google Analytics with personal identifiers. You may withdraw or modify your analytics consent at any time through the consent settings available within the application or on our website. Where required by applicable law, including the EU General Data Protection Regulation, the UK General Data Protection Regulation, the UK Privacy and Electronic Communications Regulations, and equivalent or successor laws, consent will be requested separately, on a granular and freely given basis, using equally prominent and equally accessible accept and reject options, and will be capable of being withdrawn as easily as it is given. The withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal. Ad personalisation consent and Meta Platforms integration. Where you grant ad personalisation consent through our consent management interface, we activate the Meta App Events SDK and Meta-related cookies, pixels, and tracking technologies provided by Meta Platforms, Inc. ("Meta"). When activated, these technologies transmit event and conversion data to Meta to enable advertising measurement, attribution, audience building, retargeting, lookalike modelling, and personalised advertising on Meta-operated platforms (including Facebook and Instagram) and across Meta's advertising network. Categories of data that may be shared with Meta when ad personalisation consent is granted include device identifiers, advertising identifiers (such as IDFA or GAID where available and permitted), IP address, app and web event data, conversion events, subscription events, hashed identifiers, and other identifiers Meta may use for advertising purposes. Roles of the parties. To the extent that we and Meta jointly determine the means and purposes of certain processing in connection with the Meta business tools (including the Meta Pixel, the Conversions API, and the Meta App Events SDK), we and Meta act as joint controllers in respect of the collection and transmission of event data, in accordance with the Meta Controller Addendum and the Joint Controller Addendum (as applicable and as amended from time to time by Meta). For the subsequent processing of that event data by Meta for its own business purposes (including the provision and improvement of Meta's products and services), Meta acts as an independent controller. The essence of these arrangements is summarised in Meta's controller and joint-controller terms, which are incorporated by reference and which we encourage you to review. Lawful basis. Where the UK GDPR or EU GDPR applies, the lawful basis for activating Meta business tools and sharing event data with Meta following your ad personalisation consent is your consent under Article 6(1)(a) of the UK GDPR and EU GDPR, and, where applicable, Regulation 6 of the UK Privacy and Electronic Communications Regulations. Withdrawal. You may withdraw your ad personalisation consent at any time through the consent settings within the application or on our website, in which case we will deactivate the Meta App Events SDK, Meta cookies, and Meta pixels for your subsequent activity. Withdrawal does not affect the lawfulness of processing carried out before withdrawal and does not, by itself, oblige Meta to delete data it has already received; you may exercise rights against Meta directly in respect of data processed by Meta as an independent controller. For information on Meta's processing of personal information, see https://www.facebook.com/privacy/policy/. Subscription processing through RevenueCat. We use RevenueCat, Inc. ("RevenueCat") as our subscription management and processing provider for users on iOS, Android, and web platforms. When you subscribe to a paid plan, start a free trial, manage a subscription, restore a purchase, or interact with subscription-related features, subscription information is transmitted to and processed by RevenueCat on our behalf. This information may include, without limitation, your app user identifier, anonymous user identifier, subscription status, subscription product identifier, purchase token, transaction identifier, original purchase date, renewal date, expiration date, cancellation events, refund events, trial status, billing platform (Apple, Google, Stripe, or other), country of purchase, currency, price, entitlement information, and related event metadata. RevenueCat processes this information on our behalf as a data processor (or, where applicable, service provider) under written data-processing terms, in order to enable cross-platform subscription management, entitlement verification, receipt validation, fraud prevention, customer support, billing analytics, and related subscription services. Lawful basis for subscription processing. Where the UK GDPR or EU GDPR applies, the lawful basis for processing subscription information through RevenueCat is performance of a contract with you under Article 6(1)(b) (namely, the Repostify Terms of Service and the relevant subscription terms), and, in respect of fraud prevention, our legitimate interests under Article 6(1)(f) and compliance with our legal obligations under Article 6(1)(c). For information on RevenueCat's processing of personal information, see https://www.revenuecat.com/privacy/. RevenueCat-to-Meta integration (cannot be disabled). RevenueCat includes a built-in integration with Meta's advertising platform that operates by default at the platform level and that we are not able to fully disable. As a result, certain subscription event data may be shared between RevenueCat and Meta regardless of whether you have granted ad personalisation consent within Repostify. Based on our review of RevenueCat's documentation as of the date of this Notice, the data shared through this default integration is limited to standard subscription event signals such as anonymous purchase, renewal, trial conversion, and cancellation events, together with limited contextual metadata, and does not, in its default configuration, include directly identifying personal information such as your name, email address, or postal address. While individual data points shared through this default integration are unlikely, on their own, to be reasonably linkable to you as an identified individual, we cannot guarantee that the data could not, when combined with other information available to Meta, be associated with you. Lawful basis and right to object. Where the UK GDPR or EU GDPR applies, we rely on our legitimate interests under Article 6(1)(f) as the lawful basis for the limited transmission of subscription event data through this integration in circumstances where ad personalisation consent has not been granted. Our legitimate interests are in maintaining a functional cross-platform subscription infrastructure, in measuring the effectiveness of our advertising and marketing, and in operating the Services in a commercially viable manner. We have considered the rights and freedoms of data subjects in light of the limited and non-directly-identifying nature of the data shared and the absence of enrichment with personally identifying information from our own systems where consent has not been granted. You have the right to object to this processing on grounds relating to your particular situation under Article 21 of the UK GDPR and EU GDPR by contacting us at repostify.io@gmail.com; if you object, we will assess whether we have compelling legitimate grounds that override your interests, rights, and freedoms, and we will inform you of the outcome. Where you have not granted ad personalisation consent within Repostify, we do not enrich, supplement, or combine this default RevenueCat-to-Meta data flow with any additional identifiers, advertising identifiers, or event data from our own Meta App Events SDK, Meta cookies, or Meta pixels. We disclose this data flow in the interests of transparency and so that you may make an informed decision before subscribing. If you do not wish for any subscription event data to be transmitted to Meta through this integration, you should not subscribe to a paid plan or initiate a free trial through Repostify. For information on Meta's data practices, see https://www.facebook.com/privacy/policy/, and for information on RevenueCat's integrations and data practices, see https://www.revenuecat.com/privacy/. US state privacy law treatment. To the extent that any of the data flows described in this clause constitute "selling" or "sharing" of personal information, or processing for "targeted advertising" or "cross-context behavioural advertising," as those terms are defined under applicable US state privacy laws (including the California Consumer Privacy Act as amended by the California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, and equivalent or successor laws), you have the right to opt out of such processing. You may exercise this right through the consent management interface, by enabling a recognized opt-out preference signal such as the Global Privacy Control, or by contacting us using the methods described elsewhere in this Privacy Notice. Service analytics, automated processing, and product improvement. We may use personal information, service data, device data, technical information, content-related metadata, account activity data, and usage information to analyse, maintain, optimize, troubleshoot, secure, and improve the Services. This may include measuring feature usage, diagnosing errors, understanding system performance, detecting abuse, training internal operational models for fraud detection, abuse prevention, and reliability purposes, evaluating product changes, supporting customer-experience improvements, and planning capacity, infrastructure, and roadmap decisions. We do not use connected platform data (including YouTube Authorized Data, TikTok user data, Instagram or Facebook platform data, or equivalent data from other connected platforms) to train generalized or third-party machine-learning or artificial-intelligence models, and we do not use such data in any manner prohibited by the applicable platform's developer or platform policies. To the extent permitted by applicable law, we may create aggregated, statistical, de-identified, pseudonymized, or otherwise non-directly-identifying datasets derived from personal information or service interactions for lawful business purposes, including analytics, reporting, trend analysis, benchmarking, quality assurance, debugging, abuse detection, investor or internal reporting, and product development, provided that such information is not used in a way that unlawfully re-identifies you. Where we de-identify or anonymize personal information, we maintain reasonable measures designed to prevent re-identification and we contractually prohibit recipients from attempting re-identification. Automated decision-making. We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significant effects, except where such processing is (i) necessary for entering into or performing a contract with you, (ii) authorized by applicable law subject to appropriate safeguards, or (iii) based on your explicit consent. Where applicable law grants you rights in relation to automated decision-making or profiling, including the right to obtain human review, to express your point of view, and to contest a decision, you may exercise those rights using the contact details in this Privacy Notice. Platform-specific restrictions. Where platform-specific restrictions apply to data we receive from third parties — including without limitation restrictions imposed by Google (in respect of Google API data, including YouTube Authorized Data and Google user data subject to the Google API Services User Data Policy and the Limited Use requirements), Meta, Apple, TikTok, or other connected platforms — we will process such data subject to those restrictions and applicable law. Google requires transparent notice, secure handling, and honoring of deletion expectations when developer services access Google user data, and we comply with those requirements as set out in this Notice and in the YouTube-specific clause above.

24. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

25. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at repostify.io@gmail.com or contact us by post at:

REPOSTIFY LTD
195 Wood St, Suite RA01
London, England E17 3NU
United Kingdom

26. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please visit: https://repostify.io/contact/.