Privacy Policy

Fealty Technologies Pvt. Ltd. (“Fealty Technologies,” “we,” “our,” or “us”) is committed to protecting the privacy and security of personal data entrusted to us by our customers, users, and visitors. This Privacy Policy describes how we collect, use, disclose, store, and protect personal information when you access or use our website at www.fealtytechnologies.com (the “Site”), Social Media Agent (our AI-powered social media automation platform), APIs, mobile applications, and any related products or services (collectively, the “Services”).

This Policy applies to all individuals and organizations that interact with our Services, including end users, organization administrators, trial users, and visitors to our public website. It does not apply to third-party websites or services linked from our platform.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, you must discontinue use of the Services immediately.

We collect information in the following categories:

2.1 Information You Provide Directly

• Account Registration: Name, email address, password (hashed), organization name, job title, and billing information.
• Payment Data: Credit card details and billing address, processed through our PCI-DSS compliant payment processor (Stripe). We do not store raw card numbers.
• Profile Information: Profile photo, time zone, language preferences, and communication preferences.
• Content Inputs: Prompts, instructions, and content you submit to the AI agent to generate social media posts, images, and videos.
• Communications: Messages sent to our support team, feedback submitted through the platform, and responses to surveys.
• API Credentials: Third-party platform API keys and tokens (e.g., YouTube, X, Meta, LinkedIn) that you configure to enable publishing. These are encrypted at rest using AES-256 and never exposed in plaintext outside your authenticated session.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, content generated, publishing actions, session duration, click paths, and in-app events.
• Device and Technical Data: IP address, browser type and version, operating system, screen resolution, device identifiers, and referral URLs.
• Log Data: Server logs capturing requests to our APIs, error events, authentication events, and publishing activity.
• Cookies and Tracking Technologies: We use first-party cookies, local storage, and similar technologies for session management, authentication, and analytics. See Section 9 for details.

2.3 Information from Third Parties

• Single Sign-On (SSO): If you authenticate via Google, Microsoft, or other identity providers, we receive your name, email, and profile photo from that provider.
• Social Platform Data: When you connect social accounts, we may receive account identifiers, follower counts, and engagement metrics necessary to display analytics and confirm publishing success.
• Payment Processors: Billing confirmation, fraud signals, and transaction identifiers from Stripe.

We use the personal information we collect for the following purposes:

• Service Delivery: To create and manage your account, process transactions, and provide the AI content generation and publishing features you have subscribed to.
• AI Model Operations: To process your prompts and generate content using our AI systems. We do not use your proprietary content inputs to train shared models without your explicit consent. Enterprise customers may opt into custom model fine-tuning using their own data.
• Platform Integration: To authenticate with third-party social media platforms and publish content on your behalf using the credentials you provide.
• Analytics and Improvement: To understand how our Services are used, identify bugs, improve features, and develop new functionality. We use aggregated and anonymized data for product analytics.
• Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, abuse, and fraudulent activity. Our security systems process IP addresses, login patterns, and behavioral signals for this purpose.
• Communications: To send you product updates, security notices, billing receipts, and (with your consent) marketing communications. You may opt out of marketing emails at any time.
• Legal Compliance: To comply with applicable laws and regulations, respond to lawful requests from authorities, enforce our Terms of Service, and protect the rights of Fealty Technologies and its users.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.

For users located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases as required by the General Data Protection Regulation (GDPR) and applicable national laws:

• Contractual Necessity (Art. 6(1)(b)): Processing required to fulfill our service agreement with you, including account management, content generation, and publishing.
• Legitimate Interests (Art. 6(1)(f)): Security monitoring, fraud prevention, product analytics, and improving our Services — where our interests do not override your fundamental rights.
• Consent (Art. 6(1)(a)): Marketing communications, certain cookies, and optional AI training on your data. You may withdraw consent at any time without affecting prior processing.
• Legal Obligation (Art. 6(1)(c)): Compliance with laws, regulatory requirements, and lawful authority requests.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share information in the following limited circumstances:

• Service Providers: We engage trusted third-party vendors who process data on our behalf under data processing agreements. These include cloud infrastructure (AWS, Google Cloud), payment processing (Stripe), customer support tools (Intercom), and analytics (Mixpanel, PostHog). All vendors are contractually bound to process data only on our instructions and to maintain appropriate security measures.
• Social Media Platforms: When you publish content, your content and credentials are transmitted directly to the relevant platform APIs (YouTube, X, Meta, Instagram, LinkedIn). Please review the privacy policies of each platform, as they govern how published content is handled.
• AI Model Providers: Content generation may rely on third-party AI model APIs (e.g., OpenAI). Prompts and generated content may be processed by these providers under their data processing agreements with us. We select providers with enterprise-grade data protection commitments.
• Business Transfers: In the event of a merger, acquisition, financing, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent in-app notice prior to any such transfer.
• Legal Requirements: We may disclose information when required by law, court order, subpoena, or government authority, or when we believe in good faith that disclosure is necessary to protect our rights, safety, or the rights and safety of others.
• With Your Consent: We may share information with third parties when you have given explicit consent for a specific sharing purpose.

We retain personal data for as long as necessary to provide our Services, fulfill the purposes described in this Policy, and comply with our legal obligations. Specific retention periods include:

• Account Data: Retained for the duration of your subscription plus 30 days following account closure, after which it is permanently deleted or anonymized, except where longer retention is required by law.
• Content and Prompts: AI-generated content and your input prompts are retained for 12 months by default for your access and audit purposes. You may delete specific content at any time through the platform.
• API Credentials: Third-party credentials are deleted immediately upon disconnection of a platform or account deletion.
• Financial Records: Billing records are retained for 7 years to comply with tax and accounting obligations.
• Security Logs: Server and authentication logs are retained for 90 days for security investigation purposes.
• Backup Systems: Data deleted from production systems may persist in encrypted backups for up to 30 days before being purged from backup cycles.

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration. Our security program includes:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys and platform credentials are stored using envelope encryption with AWS KMS.
• Access Controls: Role-based access control (RBAC) limits internal access to personal data. We enforce the principle of least privilege and require multi-factor authentication (MFA) for all engineering access to production systems.
• Infrastructure: Our Services run on SOC2 Type II certified cloud infrastructure with dedicated VPCs, private networking, and Web Application Firewall (WAF) protection.
• Vulnerability Management: We conduct regular penetration testing, automated dependency scanning, and code security reviews. Critical vulnerabilities are patched within 24 hours.
• Incident Response: We maintain a documented incident response plan. In the event of a data breach affecting your personal data, we will notify you and applicable regulators within 72 hours as required by law.
• Employee Training: All employees handling personal data receive privacy and security training upon hiring and annually thereafter.

No system is completely impenetrable. If you discover a potential security vulnerability, please report it responsibly to support@fealtytechnologies.com.

Fealty Technologies Pvt. Ltd. may process personal data globally. If you are located outside the country where we operate, your personal data may be transferred to, stored, and processed in those locations and in other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, and where applicable, the UK International Data Transfer Agreement (IDTA). Copies of these safeguards are available upon request to akshats@fealtytechnologies.com.

We use the following types of cookies and tracking technologies:

• Strictly Necessary Cookies: Required for authentication, session management, and basic platform functionality. Cannot be disabled.
• Functional Cookies: Store your preferences such as language, time zone, and display settings to personalize your experience.
• Analytics Cookies: Help us understand how users interact with our platform (e.g., PostHog, Mixpanel). These may be disabled via our cookie preference center.
• Marketing Cookies: Used only on our public website to measure the effectiveness of advertising campaigns (e.g., Google Ads conversion tracking). Require your consent and can be revoked at any time.

You can manage your cookie preferences at any time through the Cookie Settings link in the website footer, or by adjusting your browser settings. Note that disabling certain cookies may affect platform functionality.

Depending on your jurisdiction, you may have the following rights with respect to your personal data. To exercise any of these rights, please submit a request to akshats@fealtytechnologies.com. We will respond within 30 days.

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations. See our Account Deletion Policy for details.
• Right to Restrict Processing: Request that we limit processing of your data under certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format (JSON or CSV) for transfer to another service.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent for consent-based processing at any time without affecting prior lawful processing.
• California Residents (CCPA/CPRA): You have the right to know, delete, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under CCPA. Submit requests via our designated webform or by emailing akshats@fealtytechnologies.com.

We will not discriminate against you for exercising any of these rights. Identity verification may be required before we process certain requests.

Our Services are intended solely for use by organizations and individuals aged 18 years or older. We do not knowingly collect personal information from children under the age of 13 (or 16 where required by applicable law). If we become aware that we have inadvertently collected personal information from a child without appropriate parental consent, we will take steps to delete that information as promptly as possible. If you believe we have collected information from a child in error, please contact us at akshats@fealtytechnologies.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last Updated” date at the top of this Policy.
• Send an email notification to the primary account holder at least 14 days before significant changes take effect.
• Display a prominent in-app banner for active users during the notice period.

Your continued use of the Services after the effective date of an updated Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

Fealty Technologies Pvt. Ltd. is the data controller for personal data collected through our Services. If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:

• Email: support@fealtytechnologies.com
• Data Protection Officer: akshats@fealtytechnologies.com
• General Inquiries: akshats@fealtytechnologies.com

If you are located in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.