1. Introduction

SweetWater Holding UG (haftungsbeschränkt) ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered content transformation service PointFlair.

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data Controller

3. Information We Collect

3.1 Personal Information

• Account Information: Name, email address, password
• Billing Information: Payment details, billing address (processed by third-party payment processors)
• Profile Information: Any additional information you provide in your profile

3.2 Content Data

• Source Content: Text, URLs, and files you upload for transformation
• Generated Content: AI-generated social media posts and variations
• Usage Data: How you interact with generated content (approvals, edits, publishing)

3.3 Technical Information

• Device Information: IP address, browser type, operating system
• Usage Analytics: Pages visited, features used, time spent on platform
• Cookies: Session cookies, preference cookies, analytics cookies

3.4 Social Media Integration

• Connected Accounts: Social media account tokens and basic profile information
• Publishing Data: Posts published through our platform and their performance metrics

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our services as agreed in our Terms of Service
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Consent: For marketing communications and non-essential cookies (where required)
• Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

• Service Provision: To operate and maintain the PointFlair platform
• Content Processing: To transform your content using AI technology
• Account Management: To manage your account and subscription
• Communication: To send service updates, support responses, and marketing (with consent)
• Improvement: To analyze usage patterns and improve our services
• Security: To detect and prevent fraud, abuse, and security threats
• Legal Compliance: To comply with legal obligations and enforce our terms

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

6.1 Service Providers

• AI/ML Providers: OpenAI and other AI services for content generation
• Payment Processors: Stripe for payment processing
• Cloud Providers: AWS, Google Cloud, or similar for hosting and storage
• Analytics: Google Analytics or similar for usage analytics

6.2 Social Media Platforms

When you connect social media accounts, we share content you choose to publish according to your instructions.

6.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and safety.

7. International Data Transfers

Your data may be processed in countries outside the EU/EEA. We ensure adequate protection through:

• EU Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Certification schemes and codes of conduct

8. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion
• Content Data: Retained while your account is active and for 90 days after deletion
• Billing Data: Retained for 7 years for tax and accounting purposes
• Analytics Data: Anonymized and retained for up to 2 years

9. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, contact us at privacy@pointflair.com

10. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for basic functionality
• Analytics Cookies: To understand how you use our service
• Preference Cookies: To remember your settings and preferences

You can manage cookie preferences through your browser settings.

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security assessments
• Employee training on data protection
• Incident response procedures

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through our service. The updated policy will be effective when posted.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us:

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data properly.