Privacy Policy - eBook Marketing Automation

Privacy Policy

Last Updated: January 05, 2025

1. Introduction

Ebook Marketing Automation ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you consent to the data practices described in this policy. If you do not agree with the practices described, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name (first and last)
  • Email address
  • Password (encrypted and hashed)
  • Account creation date and last login date

2.2 Content and Files

We store and process:

  • Ebooks and documents you upload
  • Generated marketing content
  • Images and media files
  • Author profiles and pen names
  • Social media connection information

2.3 API Keys and Credentials

We securely encrypt and store:

  • AI service API keys (OpenAI, Anthropic Claude)
  • OAuth tokens for social media platforms
  • Application passwords for self-hosted services

Security: All sensitive credentials are encrypted using industry-standard encryption before storage. We never store passwords in plain text.

2.4 Usage Data

We automatically collect:

  • Usage statistics (content generated, posts published, etc.)
  • Feature usage and interaction data
  • Error logs and diagnostic information
  • IP addresses and browser information
  • Device and operating system information

2.5 Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze service usage and improve functionality

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your requests and transactions
  • Send you service-related communications
  • Authenticate your identity and secure your account
  • Generate content using AI services on your behalf
  • Publish content to social media platforms as directed
  • Monitor usage and enforce subscription tier limits
  • Detect and prevent fraud, abuse, or security issues
  • Comply with legal obligations

4. Data Sharing and Third-Party Services

4.1 AI Service Providers

When you generate content, we transmit your ebook content and prompts to:

  • OpenAI: For GPT-based content generation
  • Anthropic: For Claude-based content generation

These services process your content according to their privacy policies. We recommend reviewing:

4.2 Social Media Platforms

When you publish content, we transmit your content and account information to:

  • TikTok, Instagram, Pinterest, LinkedIn, WordPress, Facebook, Threads, Substack

Each platform processes your data according to their terms of service and privacy policies. We only transmit data you explicitly authorize us to publish.

4.2.1 Outstand Integration

For Facebook, Instagram, and Threads connections, we use Outstand (outstand.so) as a third-party service provider to manage OAuth authentication and content publishing. Outstand acts as an intermediary between our platform and Meta's APIs.

When you connect these platforms:

  • Your OAuth authorization is processed through Outstand's secure infrastructure
  • Access tokens are stored by Outstand on our behalf
  • Content publishing requests are routed through Outstand's API

Outstand processes your data according to their privacy policy. We recommend reviewing Outstand's Privacy Policy for details on how they handle your data.

Note: You do not need to create an Outstand account. We manage the Outstand integration on your behalf as part of our service.

4.3 Storage and Infrastructure

We use third-party services for:

  • Wasabi S3: Secure file storage for your uploaded content
  • Database Hosting: Secure database storage for your account data
  • Email Services (Brevo): Transactional email delivery

These services are bound by strict data processing agreements and security standards.

4.4 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. GDPR Compliance

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

5.1 Your Rights

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (see Section 6)
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for data processing

5.2 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@yourdomain.com. We will respond within 30 days.

5.3 Legal Basis for Processing

We process your data based on:

  • Contract: To provide the Service you requested
  • Consent: When you explicitly consent to data processing
  • Legitimate Interest: To improve our Service and prevent fraud
  • Legal Obligation: To comply with applicable laws

6. Data Retention Policy

6.1 Active Accounts

We retain your data while your account is active and for:

  • Account Data: Until account deletion
  • Content: Until you delete it or your account is deleted
  • Usage Statistics: 24 months for analytics purposes
  • Security Logs: 90 days for security monitoring

6.2 Deleted Accounts

Upon account deletion:

  • Personal information is deleted within 30 days
  • Uploaded files are permanently deleted from storage
  • Generated content is permanently deleted
  • Some anonymized usage data may be retained for analytics

6.3 Right to Deletion

You may request deletion of your account and all associated data at any time by:

  • Using the account deletion feature in your profile settings
  • Contacting us at privacy@yourdomain.com

We will process deletion requests within 30 days, subject to legal retention requirements.

7. Data Security

We implement industry-standard security measures:

  • Encryption: All sensitive data encrypted at rest and in transit (TLS/SSL)
  • API Keys: Encrypted using Microsoft Data Protection API
  • Passwords: Hashed using bcrypt with salt
  • Access Controls: Role-based access and authentication
  • Monitoring: Security audit logging and anomaly detection
  • Regular Updates: Security patches and vulnerability assessments

Important: While we implement strong security measures, no method of transmission over the Internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for data transfers
  • Compliance with GDPR requirements
  • Data processing agreements with service providers

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Email notification to registered users
  • Notice on the Service
  • Updated "Last Updated" date on this page

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

Email: privacy@yourdomain.com
Data Protection Officer: dpo@yourdomain.com
Address: [Your Company Address]