Legal

Privacy Policy

Last updated: 7 March 2026

LegalLast updated: 7 March 2026Estimated read: 4 min

PlanrLyst ("we", "us", "our") is committed to protecting your personal information and to handling connected platform data in a transparent and lawful manner. This Privacy Policy explains what we collect, how we use it, when we share it, and the rights available to you.

1. Information We Collect

Account information: Name, email address, and password when you register.

Profile data: Workspace name, profile picture, and preferences you set in the product.

Connected platform credentials and tokens: When you connect third-party platforms, including without limitation Instagram, Facebook, YouTube, TikTok, X, LinkedIn, Pinterest, Threads, Reddit, and Bluesky, we may receive access tokens, refresh tokens, account identifiers, channel or page identifiers, profile metadata, and permissions scopes required to provide the requested integration. Such credentials are stored using technical and organisational safeguards and are used solely to operate the connection you authorise.

AI feature inputs and outputs: When you use AI-assisted features, we process the prompts, instructions, and generated outputs required to provide the requested result. We configure our supported AI providers to use zero-retention or no-training controls where available so that prompts and outputs submitted through PlanrLyst are not retained by those providers after processing, except where temporary retention is strictly required for abuse prevention, reliability, security, or legal compliance under the provider's applicable terms.

Connected account data: We may collect usernames, display names, platform user IDs, page IDs, business account IDs, avatar URLs, publishing preferences, and related configuration data associated with the social accounts you elect to link.

Webhook and event data: Where supported by third-party platforms, we may receive event notifications relating to connected accounts, including publishing status, comments, mentions, engagement events, direct message events, or other platform activity made available through official APIs and webhook subscriptions.

Usage data: Pages visited, features used, actions taken, and performance metrics to improve the product.

Payment information: Billing is handled by Stripe. We store only your plan status and Stripe customer ID — we never see your full card details.

Communications: Emails or messages you send us, and in-app support conversations.

2. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send transactional emails (account, billing, security)
  • Send product updates and marketing (you can opt out at any time)
  • Authenticate and maintain third-party platform connections you authorise
  • Schedule, publish, sync, or manage content and related metadata across connected platforms on your behalf
  • Generate AI-assisted drafts, ideas, suggestions, and other outputs you explicitly request inside the Service
  • Receive and process webhook or API event data required to power publishing, analytics, inbox, moderation, or notification features
  • Detect and prevent fraud, abuse, security incidents, and unauthorised use of connected platform credentials
  • Comply with legal obligations

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers who help us operate the Service, including hosting, infrastructure, authentication, email delivery, payment processing, rate limiting, analytics, notification, and storage providers such as Supabase, Vercel, Stripe, Resend, Upstash, and other contracted subprocessors operating under appropriate confidentiality and data processing obligations
  • AI infrastructure providers engaged solely to process prompts and return requested outputs for AI features. We configure supported providers to use zero-retention or equivalent data-handling controls where available so inputs and outputs are not retained for model training, except where a provider's policy requires limited temporary retention for security, abuse prevention, service reliability, or compliance
  • Social platforms you choose to connect, where disclosure is necessary to authenticate your connection, publish content, retrieve account data, receive platform events, or otherwise provide the integration you requested
  • Legal authorities when required by law or to protect rights and safety

4. Data Retention

We retain your data for as long as your account is active, or as needed to provide services and comply with legal obligations. Connected platform credentials and tokens are retained only for as long as the relevant integration remains active or as otherwise necessary to provide the Service, enforce our agreements, resolve disputes, and comply with applicable law. AI prompts and generated outputs submitted through PlanrLyst are not stored by our supported AI providers on a retained basis where zero-retention controls are available and enabled through our configuration. When you delete your account, your personal data is deleted within 30 days, except where we are required by law to retain it.

5. AI Processing and Zero-Retention Controls

We aim to ensure that customer content sent to AI models through PlanrLyst is processed without retained provider-side logging. Where a provider offers a zero data retention, no retention, or equivalent API control, we enable that setting for our production configuration. For example, certain providers may allow an organisation-wide setting that prevents logging of input and output data and may disable features that depend on data storage. If a provider updates its retention policy or temporarily requires short-term retention for reliability, abuse prevention, or compliance, we may update our disclosures and controls accordingly.

6. Platform Integrations and Your Responsibilities

Where you choose to connect a third-party platform, you instruct us to access and process the information made available through that platform's authorised APIs, subject to the permissions you grant and the settings you maintain with the relevant provider. Your use of connected platform features remains subject to the terms, policies, and technical limitations imposed by the applicable third party. You are responsible for ensuring that you have all rights, licences, consents, and permissions required to connect, publish, retrieve, or process such content and account data through the Service.

7. Your Rights

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, email privacy@planrlyst.com.

8. Cookies

We use cookies and similar technologies to operate the Service. See our Cookie Policy for full details.

9. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, audit and monitoring controls, and credential handling practices designed to protect connected platform secrets and tokens. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, contact us immediately.

11. International Transfers

Your data may be processed in countries outside your own, including the United States and the European Economic Area. We ensure appropriate safeguards are in place for all international transfers.

12. Changes

We may update this policy from time to time. We will notify you of material changes by email or in-app notice before changes take effect.

13. Contact

For privacy inquiries, contact our Data Controller at privacy@planrlyst.com.