Privacy Policy

Effective Date: 24/09/2025

This Privacy Policy explains how Disfame (“Company”, “we”, “us”, or “our”) collects, uses, and shares personal data when you use the Disfame platform, including our website, dashboard, APIs, and related services (collectively, the “Service”).

If you do not agree with this policy, do not use the Service. Capitalized terms not defined here have the meanings given in our Terms of Service.

1. Controller and Contact

Controller: Disfame

Address: 200 rue de la Croix Nivert 75015, Paris, France

Contact email: disfame.com@gmail.com

If you reside in the EEA/UK, you may have the right to contact your local supervisory authority. If we appoint an EU/UK representative or Data Protection Officer, we will provide details here or on our website.

2. Scope

This Policy applies to personal data we process about:

  • Visitors to our marketing site(s) and app
  • Registered users (including team/workspace members)
  • Individuals whose data is submitted or processed via the Service (e.g., connected account handles, audiences you publish to)

This policy does not cover third‑party services that you connect (e.g., X/Twitter, Bluesky) or visit via links; those services have their own privacy notices.

3. Data We Collect

Account and Profile Data

  • Email address, name/handle (if provided), password hash or federated identity (via Supabase Auth/OAuth)
  • Workspace/team association, role, and settings

Connected Accounts and Credentials (at your direction)

  • Identifiers (e.g., account IDs, handles) and OAuth/refresh tokens for connected platforms (e.g., X/Twitter, Bluesky)
  • We do not control the data practices of these platforms; their privacy policies apply

Content and Operational Data

  • Content you create or upload, drafts, schedules, media metadata, publishing logs and statuses
  • Feature usage, configuration, and in‑product activity

Link Tracking and Click Analytics

  • Approximate country (derived from headers), device type (user‑agent), referrer host, and an IP hash
  • We do not store raw IP addresses in click logs; a salted hash may be stored for deduplication and fraud‑prevention

Billing and Payments

  • Payments are processed by Stripe; we do not store full card numbers
  • Stripe may provide limited billing details (e.g., last4, brand), transaction metadata, and status

Usage, Device, and Log Data

  • Server logs, diagnostic information, performance metrics
  • Cookies or similar technologies for authentication/session and (where enabled) analytics
  • Local storage for client‑side preferences

AI‑Related Inputs and Outputs (where enabled)

  • Prompts, instructions, uploaded snippets, and resulting outputs
  • May be processed by third‑party AI providers (e.g., OpenAI, Google (Gemini), Anthropic)

4. Sources of Data

  • You, when you create an account, connect third‑party accounts, submit content, or otherwise interact with the Service
  • Your organization/team owner (if applicable) who invites or manages you as a member
  • Connected third‑party platforms and service providers, per your configurations
  • Public sources or vendors that support security, fraud‑prevention, analytics, or marketing (where permitted)

5. How We Use Personal Data

  • Provide, maintain, secure, and improve the Service (including posting to connected accounts at your direction)
  • Authenticate users, manage sessions, and operate workspaces
  • Provide analytics and insights (e.g., link click counts, device/country/referrer summaries)
  • Personalize features, fix bugs, and enhance usability
  • Process payments, subscriptions, taxes, and receipts
  • Communicate about updates, security, support, and notices
  • Comply with legal obligations and enforce our Terms
  • Protect against fraud, abuse, or security threats

6. Legal Bases (EEA/UK)

  • Contract (to provide the Service you requested)
  • Legitimate Interests (to secure/improve Service, measure performance, prevent fraud, understand usage, balanced against your rights)
  • Consent (where required for optional analytics, marketing, or certain cookies)
  • Legal Obligation (to comply with laws and regulations)

7. Sharing and Disclosures

Service Providers / Sub‑processors

  • Supabase (authentication, database, storage, realtime)
  • Stripe (payments and subscriptions)
  • Hosting/Deployment (e.g., Vercel or similar)
  • Analytics/Telemetry (e.g., PostHog, where enabled)
  • AI providers (e.g., OpenAI, Google (Gemini), Anthropic, where enabled)
  • Security, logging, support, email, and related vendors

Connected Platforms (at your direction)

X/Twitter, Bluesky, and any other platforms you connect to publish content or retrieve data.

Other Disclosures

  • Professional advisors (e.g., legal, accounting)
  • Regulators or authorities as required by law
  • Business transfers in connection with a merger, acquisition, financing, or sale

We do not sell personal information.

8. International Transfers

We may transfer, store, and process data in countries other than your own, including the United States and the EEA/UK, depending on provider locations. Where required, we use appropriate safeguards for cross‑border transfers (e.g., Standard Contractual Clauses, additional measures).

9. Retention

We retain personal data for as long as necessary to provide the Service and for legitimate business or legal purposes. Typical retention periods include:

  • Account/Workspace data: for the life of the account and a reasonable period thereafter
  • Billing records: as required for tax and accounting
  • Server logs: generally short‑term, unless needed for security
  • Click analytics: retained for operational analytics and fraud‑prevention for a reasonable period

We may anonymize or aggregate data for research and performance analysis.

10. Security

We employ administrative, technical, and organizational measures designed to protect personal data, including encryption in transit, role‑based access controls, and least‑privilege practices with our providers. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict processing in certain cases
  • Port your data
  • Withdraw consent (where processing is based on consent; withdrawal does not affect prior processing)
  • Lodge a complaint with a supervisory authority (EEA/UK)

You can exercise many rights within the product (e.g., profile updates, export/delete content). Otherwise, contact us at disfame.com@gmail.com. If we process data as a processor on behalf of a customer, we will direct requests to the relevant customer where required.

12. Cookies and Similar Technologies

  • Strictly necessary: authentication/session cookies and security‑related cookies (including cookies used by Supabase SSR/auth flows)
  • Preferences: local storage for UI settings
  • Analytics (where enabled): tools like PostHog may set cookies or use similar technologies to understand aggregate usage and performance

Controls

  • Browser settings to block or delete cookies (may impair functionality)
  • In‑product settings (where available) to disable optional analytics
  • Regional consent banners (where required) with opt‑in/opt‑out options

Do Not Track: Our Service does not currently respond to DNT signals.

13. AI Features and Sensitive Data

AI outputs may be inaccurate or contain unintended content. Avoid submitting sensitive personal data in prompts or uploads unless strictly necessary and permitted by law. Third‑party AI providers may process your inputs/outputs to provide the feature.

14. Children’s Privacy

The Service is not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at disfame.com@gmail.com and we will take appropriate steps.

15. Third‑Party Links

The Service may contain links to third‑party sites or services. We are not responsible for the privacy practices of those third parties. Review their policies before providing personal data.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the “Effective Date” above and/or notifying you through the Service. Your continued use after the effective date constitutes acceptance of the updated policy.

17. Contact

If you have questions about this Privacy Policy, contact us at disfame.com@gmail.com.

Annex A — Sub‑processors and Integrations (illustrative)

  • Supabase (Authentication, Database, Storage, Realtime): processes account/auth data, content metadata, and operational data for hosting your data
  • Stripe (Payments): processes billing details and transactions; we do not store full card numbers
  • Hosting/Deployment Provider (e.g., Vercel or similar): processes logs and app traffic to serve the Service
  • Analytics (e.g., PostHog, where enabled): processes usage data for product analytics and diagnostics
  • AI Providers (e.g., OpenAI, Google (Gemini), Anthropic, where enabled): process prompts/inputs and return outputs to power AI features
  • Social Platforms (e.g., X/Twitter, Bluesky): receive content you direct us to publish and may provide tokens/metadata for your connected accounts

Annex B — Click Analytics Technical Note

  • Country: derived from request headers (e.g., x‑vercel‑ip‑country or similar)
  • Device type: inferred from user‑agent (e.g., mobile vs. desktop)
  • Referrer host: normalized hostname (excluding www subdomain)
  • IP hash: salted hash of the requester’s IP address. We do not store the raw IP address in click logs; only a salted hash is stored to support deduplication and anti‑abuse