Privacy Policy

1. Information We Collect

Account information

When you sign up, we collect your name, email address, and authentication credentials. Passwords are hashed and stored by our authentication provider (Supabase). If you sign in with Google, we receive your name, email, and profile photo from Google’s OAuth response.

Brand and content inputs

To generate on-brand posts, you may upload brand assets such as PDF or text brand guidelines, logos, and reference images. You also configure content sources such as RSS feeds and YouTube channels that we ingest on your behalf.

Generated content and activity

We store the AI-generated drafts produced for your account, your approval and rejection decisions, scheduling metadata, and the publishing history of posts sent to your connected social platforms.

Usage and technical data

We collect basic operational metadata such as request logs, IP address, browser user agent, ingested item counts, generation counts, and error traces. This data is used to operate, secure, and debug the service.

Billing information

Subscription billing is handled by Stripe. We store your Stripe customer ID, subscription status, and plan tier. We never see or store your full payment card details — those are handled exclusively by Stripe.

2. How We Use Your Information

• To provide, maintain, and improve the WYN service.
• To generate AI content from the sources and brand inputs you supply.
• To publish approved posts to the social platforms you have connected.
• To process subscription payments and send billing receipts.
• To send transactional email such as account verification, password resets, and weekly reports.
• To respond to support requests.
• To detect, investigate, and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

We do not sell your personal information, and we do not use your private content to train third-party AI models beyond what is required to fulfill your generation requests.

3. Sub-Processors

We rely on the following sub-processors to operate the service. Each is bound by contractual privacy and security obligations.

• Supabase Inc. (USA) — database, authentication, and file storage.
• Google LLC (USA) — Gemini and Vertex AI Imagen for text and image generation.
• Google Cloud Run (USA) — backend application hosting.
• Vercel Inc. (USA) — frontend application hosting and edge delivery.
• Stripe, Inc. (USA) — subscription billing and payment processing.
• Resend (USA) — transactional email delivery.
• Postiz (self-hosted by WYN) — social media publishing relay used to deliver approved posts to your connected platforms.

4. Data Retention

We retain account, content, and usage data for as long as your account is active. When you delete your account from Settings → Danger Zone, we permanently remove your personal data and content within approximately 30 days, except where retention is required to comply with legal, accounting, or tax obligations, or to resolve disputes and enforce our agreements. Encrypted backups may persist for a limited additional period before being overwritten.

5. Your Rights

Rights for users in the European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in one of these regions, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (the “right to be forgotten”).
• Restrict or object to certain processing activities.
• Port your data to another service in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data protection authority.

The legal basis for processing is normally the performance of our contract with you, our legitimate interests in operating and securing the service, or your consent where required.

Rights for California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what categories of personal information we collect and how we use them.
• Delete the personal information we have collected from you.
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information — we do not sell or share personal information as those terms are defined under California law.
• Non-discrimination for exercising any of these rights.

To exercise any of these rights, email us at legal@wynengine.com. You can also delete your account and all associated data directly from Settings → Danger Zone.

6. International Data Transfers

WYN is operated from the United States, and our sub-processors are primarily located in the United States. If you access the service from outside the U.S., your information will be transferred to, stored in, and processed in the U.S. Where required, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and equivalent safeguards to lawfully transfer personal data across borders.

7. Security

We protect your data with industry-standard safeguards:

• All traffic to and from WYN is encrypted in transit using TLS.
• Data at rest is encrypted by our database, storage, and backup providers.
• Authentication uses signed JWT tokens verified server-side on every request.
• Tenant data is isolated through row-level security (RLS) policies in our database.
• Access to production systems is limited to authorized personnel and audited.

No security system is perfect. If you believe your account has been compromised, contact us immediately at legal@wynengine.com.

8. Children

WYN is not intended for, and we do not knowingly collect personal information from, anyone under the age of 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify active users by email and/or by posting a prominent notice in the application before the changes take effect. The “Effective date” at the top of this page will always reflect the latest revision.

10. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at legal@wynengine.com.