Privacy Policy

AI ContentOS LLC, a Texas limited liability company doing business as “ContentOS” (“ContentOS”, “we”, “our”, “us”), operates the ai-contentos.com website and the ContentOS social media management application (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to this policy.

1. Information we collect

1.1 Information you provide

• Account information. Name, email, password (hashed), and workspace details when you sign up.
• Brand information. Brand name, industry, voice profile, target audience, example posts, and other content you provide to generate posts.
• Payment information. Billing details are processed by Stripe; we do not store full card numbers.

1.2 Information from connected social accounts

When you connect a Facebook Page, Instagram Business / Creator account, LinkedIn page, X (Twitter) account, or other supported social platform, we receive and store:

• Your social account ID, username, profile picture, and account type.
• Encrypted OAuth access tokens and refresh tokens needed to publish on your behalf.
• Posts, comments, direct messages, reactions, and analytics data, but only for accounts you have explicitly connected and only with the scopes you have approved.
• Page and audience metadata (e.g., follower counts, post insights).

We request only the permissions strictly needed to deliver the features you use (publishing, analytics, comment / DM auto-reply). You can revoke access at any time from your Facebook / Instagram / LinkedIn / X account settings, and the connection will be terminated in ContentOS.

1.3 Information collected automatically

• Log data: IP address, browser type, pages viewed, and timestamps.
• Usage data: actions taken in the app (post created, scheduled, published).
• Cookies and similar technologies (see Section 6).

2. How we use your information

• To provide, operate, and maintain the Service.
• To generate, schedule, and publish content on your behalf to the social accounts you have connected.
• To analyze post performance and surface insights.
• To process payments and manage subscriptions.
• To communicate with you about your account, security, and product updates.
• To detect, prevent, and address fraud, abuse, and security issues.
• To comply with legal obligations.

We do not sell your personal information. We do not use the content of your posts, your social account data, or your brand voice profile to train third-party AI models. Data sent to our AI provider (Anthropic) is processed under their commercial API terms and is not used to train their models.

3. Facebook, Instagram, and Meta data

We comply with the Meta Platform Terms and Developer Policies. Specifically:

• We use Facebook Page and Instagram Business / Creator data only to deliver the features you have enabled.
• We retain access tokens only for as long as your account is connected; revocation deletes them within 24 hours.
• We do not transfer Meta data to data brokers, ad networks, or other third parties not listed in Section 4.
• You can request deletion of your Meta data via the in-app settings or by following the steps at our data deletion page.

4. Third parties we share data with

We share limited data with the following processors, only as needed to operate the Service:

• Supabase — authentication, database, file storage.
• Anthropic — AI content generation (Claude API).
• Replicate — AI image generation.
• Cloudinary — media hosting and delivery.
• Stripe — payment processing.
• Resend — transactional email.
• Vercel — application hosting.
• Sentry — error monitoring.
• PostHog — product analytics.
• Upstash — rate limiting and queue infrastructure.

We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of ContentOS, our users, or others.

5. Data retention

• Account data is retained while your account is active.
• Posts, analytics, and connected-account tokens are retained while you keep the corresponding integration enabled.
• Audit logs are retained for 12 months.
• On account deletion, we remove personal data within 30 days, except where retention is required by law (for example, billing records for 7 years).

6. Cookies

We use strictly necessary cookies for authentication and session management, and analytics cookies (PostHog) to understand product usage. You can disable non-essential cookies in your browser; the Service will still function.

7. Your rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (right to erasure).
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent at any time.

To exercise any of these rights, email privacy@ai-contentos.com. We respond within 30 days. EU / UK / California residents have additional rights under GDPR / CCPA.

8. Security

OAuth tokens are encrypted at rest. All connections to the Service use TLS. We follow industry-standard practices but no method of transmission over the internet is 100% secure.

9. Children

ContentOS is not directed to anyone under 16. We do not knowingly collect personal information from children. If we learn we have, we will delete it.

10. International transfers

We host data in the United States. By using the Service from outside the US you consent to the transfer of your information to the US.

11. Changes to this policy

We may update this Policy from time to time. We will notify you of material changes by email or in-app. The “Last updated” date at the top reflects the current version.

12. Contact

Questions, complaints, or requests under this Policy can be sent to:

We respond to verifiable requests within 30 days.