Privacy Policy

Introduction

Etruscan ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

Our Privacy Promise: We never share your personal account details, personas, prompts, or generated content with third parties for marketing or advertising purposes. Your creative process stays private.

Information We Collect

Information You Provide

When you use Etruscan, we collect the following information:

• Account Information: Email address, name
• Profile Data: Personas (including name, profession, tone, interests, writing style)
• Content Data: Generated posts, prompts, topics, platform selections
• Preferences: Language settings, platform preferences

Automatically Collected Information

• Usage Data: Number of generations, features used, subscription status
• Technical Data: Device type, operating system version, IP address (for security and authentication only)
• Authentication Data: Session tokens, login timestamps

Payment Information

We use Stripe for payment processing. We do NOT store your payment card details. We only store:

• Subscription tier (Free or Pro)
• Subscription status (active, cancelled, expired)
• Billing dates

All payment information is handled securely by Stripe in accordance with PCI-DSS standards.

How We Use Your Information

We use your information to:

1. Provide App Functionality
   • Generate personalised content using AI
   • Manage your personas and preferences
   • Track usage limits based on your subscription tier
2. Process Payments
   • Manage subscriptions
   • Process upgrades and cancellations
   • Send receipt emails
3. Communicate With You
   • Send verification emails
   • Send subscription confirmations
   • Respond to support enquiries
4. Improve Our Service
   • Analyse usage patterns
   • Fix bugs and technical issues
   • Develop new features
5. Comply With Legal Obligations
   • Maintain financial records (6 years as required by UK law)
   • Respond to legal requests

Legal Basis for Processing (GDPR)

Under UK GDPR, we process your data based on:

• Performance of Contract: To provide the App services you've signed up for
• Legitimate Interests: To improve our services and prevent fraud
• Legal Obligation: To maintain tax and financial records
• Consent: For optional analytics (if implemented in future updates)

Third-Party Services

We share limited data with the following third-party services to provide our App functionality:

Supabase (Database Hosting)

• Data Shared: All account, persona, and content data
• Purpose: Secure data storage and authentication
• Location: EU servers (GDPR-compliant)
• Privacy Policy: https://supabase.com/privacy

OpenAI (Content Generation)

• Data Shared: Prompts, persona context (tone, interests, profession), topics
• Purpose: AI-powered content generation
• Location: United States
• Privacy Policy: https://openai.com/privacy
• Note: OpenAI does not use API data to train models

Stripe (Payment Processing)

• Data Shared: Email address, subscription tier
• Purpose: Payment processing and subscription management
• Location: Global (GDPR-compliant)
• Privacy Policy: https://stripe.com/privacy

What We DO NOT Share

Outside of the third-party services mentioned above (which are essential for app functionality), we explicitly DO NOT share the following with anyone:

• Your personal account details
• Your personas
• Your prompts
• Your generated content
• Your data for advertising or marketing purposes
• Your data with data brokers or third-party marketers

We never sell your data to third parties under any circumstances.

Data Retention

• Active Accounts: We retain your data whilst your account is active
• Deleted Accounts: Permanently deleted within 30 days of account deletion request
• Financial Records: Kept for 6 years as required by UK law for tax purposes
• Backups: Removed from backup systems within 90 days

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

1. Right to Access: Request a copy of your data
2. Right to Rectification: Correct inaccurate data in your account settings
3. Right to Erasure: Delete your account and all associated data
4. Right to Data Portability: Export your data in JSON format (coming in V2)
5. Right to Object: Object to processing of your data
6. Right to Withdraw Consent: Withdraw consent for optional features
7. Right to Lodge a Complaint: Contact the ICO (UK Information Commissioner's Office)

To exercise these rights, contact us at support@etruscan.io

Data Security

We implement industry-standard security measures:

• Encryption in Transit: All data transmitted using HTTPS/TLS
• Encryption at Rest: Database encryption provided by Supabase
• Row Level Security: Database policies ensure users can only access their own data
• Secure Authentication: Industry-standard authentication via Supabase Auth
• Regular Security Audits: Ongoing security assessments

Despite our efforts, no internet transmission is 100% secure. We cannot guarantee absolute security.

International Data Transfers

Your data may be transferred to and processed in:

• European Union: Supabase database servers (GDPR-compliant)
• United States: OpenAI content generation servers

For transfers to the US, we rely on Standard Contractual Clauses (SCCs) and adequacy mechanisms under GDPR Article 46.

Children's Privacy

Etruscan is not intended for children under 13 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at support@etruscan.io

Cookies and Tracking

We use minimal cookies for essential functionality only:

• Authentication Cookies: To keep you logged in
• Preference Cookies: To remember your settings

We do NOT use:

• Advertising cookies
• Tracking cookies for third-party advertising
• Analytics cookies (without explicit consent if implemented in future)

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be communicated via:

• Email notification to your registered email address
• In-app notification on next login
• Updated "Last Updated" date at the top of this document

Continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, please contact us:

Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with: