Privacy Policy
Effective Date: March 12, 2026 · Version 1.0
1. Controller Identity
Scribario LLC ("we," "us," or "our"), located at 1603 Capitol Ave, Suite 310 #1540, Cheyenne, WY 82001, is the data controller responsible for your personal data. For privacy-related inquiries, contact our Data Protection Officer at privacy@scribario.com.
2. Data We Collect
| Category | Data |
|---|---|
| Account | Name, email address, password hash |
| Billing | Processed via Stripe (see Stripe's privacy policy) |
| Social connections | OAuth tokens (encrypted at rest), account IDs, page IDs |
| Platform data | Profile information and account details received via API |
| User uploads | Brand guidelines, reference images, text prompts |
| AI interactions | Prompts sent to AI providers, generated outputs (text, images, videos, audio), approval/rejection signals |
| Usage & technical | IP address, device type, feature usage, Telegram user ID |
3. How We Use Your Data
We process your data on the following legal bases (GDPR):
- Contract performance: Content generation, posting, OAuth management — necessary to provide the Service
- Legitimate interests: Analytics, fraud prevention, service improvement
- Legal obligation: Tax records, lawful government requests
- Consent: Marketing emails (opt-in only)
We do not sell your personal data. We do not use your content to train AI models. Anthropic's API terms confirm that API inputs are not used for model training by default.
4. Data Sharing & Subprocessors
We share data with the following service providers to operate the Service:
| Subprocessor | Data Received | Purpose |
|---|---|---|
| Anthropic (Claude) | Text prompts, brand data | Caption and script generation |
| Kie.ai | Image prompts | Image generation |
| ElevenLabs | Text scripts | Voice synthesis for video |
| Supabase | All stored data | Database hosting |
| Vercel | Static assets | Website hosting |
| Stripe | Billing data | Payment processing |
| Meta, TikTok, LinkedIn, Bluesky, YouTube, Pinterest, X | Post content | Publishing via API |
5. Data Retention
- Account data: duration of your account plus 90 days
- Billing records: 7 years (tax compliance)
- LinkedIn profile data: maximum 24 hours
- LinkedIn social activity data: maximum 48 hours
- AI-generated content: retained while your account is active
6. Data Deletion
You may request deletion of your data at any time by emailing privacy@scribario.com or using the in-app deletion feature.
We comply with Meta's Data Deletion Callback requirement — when you remove Scribario from your Meta account, we automatically receive and process the deletion request.
Deletion timeline: 30 days (GDPR), 45 days (CCPA). Some data may be retained in anonymized form for aggregate analytics, and billing records are retained for 7 years per tax law.
7. Your Rights
GDPR Rights (EU/EEA/UK residents)
You have the right to: access, rectify, erase, restrict processing, data portability, and object to processing of your personal data.
CCPA Rights (California residents)
You have the right to: know what data we collect, request deletion, opt out of sale (we do not sell data), request correction, and non-discrimination for exercising your rights.
To exercise any of these rights, contact privacy@scribario.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
8. Security
We protect your data using encryption in transit (TLS) and at rest (particularly OAuth tokens). We implement access controls and follow security best practices. In the event of a data breach, we will notify the relevant supervisory authority within 72 hours as required by GDPR.
No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Our servers are located in the United States. If you are located outside the US, your data will be transferred to the US for processing. We rely on the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses to ensure adequate protection for international transfers.
10. Cookies
We use essential cookies for session management and authentication. We may use analytics cookies to understand how the Service is used. EU users will be presented with a cookie consent mechanism for non-essential cookies.
11. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected data from a minor, we will delete it immediately.
12. AI-Specific Disclosures
Scribario uses Anthropic's Claude for text and script generation, Kie.ai for image generation, and ElevenLabs for voice synthesis in video content. Your prompts sent via these APIs are not used to train AI models (per each provider's API terms). AI-generated content may not be copyrightable under current law. We comply with the EU AI Act Article 50 transparency requirements.
13. Bluesky / AT Protocol Disclosures
Content posted to Bluesky is public and may be replicated across servers within the AT Protocol network. Deletion of content on the decentralized network is not guaranteed, as other servers may retain copies.
14. Changes to This Policy
We will provide 30 days notice for material changes to this Privacy Policy via email. We retain historical versions of this policy as required by Meta.
15. Contact
For privacy-related questions or to exercise your rights:
Scribario LLC
1603 Capitol Ave, Suite 310 #1540, Cheyenne, WY 82001
Email: privacy@scribario.com
EU residents have the right to lodge a complaint with their local supervisory authority.