Privacy Policy

1. Introduction

Welcome to Planostra, run by NOVA IMPACT LTD ("we," "our," or "us"). We care about your privacy. This Privacy Policy tells you what information we collect, how we use it, and how we keep it safe when you use our website or services.

By using Planostra, you agree to us collecting and using your information as described here. If you are not okay with this, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Account information (name, email address, password)
• Profile information (company name, website, social media handles)
• Payment information (processed securely through third-party payment processors)
• Content you create, upload, or schedule through our platform
• Communications with our support team

2.2 Automatically Collected Information

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies
• Log files and analytics data

2.3 Image Files

We do not store any images you upload. Image files are processed solely to perform the requested metadata operations (injection, extraction, removal, or AI analysis) and are permanently deleted immediately after processing is complete. Your images are never retained, archived, or used for any purpose beyond delivering the service to you.

2.4 Social Media Account Information

When you link your social media accounts, we save the information we need to run our service, including:

• Account credentials (stored securely and encrypted)
• Profile information and statistics
• Posts, media, and content you schedule or publish
• Engagement metrics and analytics data

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our services
• To process transactions and manage your account
• To schedule and publish content to your connected social media accounts
• To send you service-related communications and updates
• To respond to your inquiries and provide customer support
• To analyze usage patterns and improve our platform
• To detect, prevent, and address technical issues and security threats
• To comply with legal obligations and enforce our terms
• To send marketing communications (with your consent, which you can opt out of at any time)

3.1 Legal Basis for Processing (GDPR)

Under UK and EU data protection law (GDPR), we have a legal reason to use your data for the following:

• Contract Performance: To deliver the service you signed up for
• Legitimate Interests: To improve our service, stop fraud, and keep things secure
• Consent: For marketing emails and non-essential cookies (you can say no)
• Legal Obligation: To follow the law when we are required to

4. Information Sharing and Disclosure

We never sell your personal information. We may share it only in these situations:

4.1 Service Providers

We use trusted companies to help run our platform. They sign agreements saying they will only use your data to help us - nothing else:

• Payment Processors: Stripe, Inc. (USA) processes all payment information on our behalf. We do not store your full payment card details. Stripe operates under PCI-DSS standards.
• Cloud Hosting: OVH SAS (France) hosts our infrastructure and stores your data in EU data centers.
• Social Media Platforms: When you connect accounts, we interact with Facebook, Instagram, Twitter, LinkedIn, TikTok, YouTube, and other platforms via their official APIs.
• Analytics Services: We use analytics tools to understand platform usage and improve our services.
• Email Services: Third-party email providers for transactional and marketing communications.

All these companies must follow proper security rules and data protection laws.

4.2 Legal Requirements

We may share your information if the law, a court, or the government requires us to. We may also share it if we believe it is needed to protect our company, our users, or anyone else from harm.

4.3 Business Transfers

If our company is bought or merged with another company, your information may be passed on to the new owner.

5. Data Security

We use strong security measures to protect your information, including:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Secure data centers with physical and digital safeguards
• Employee training on data protection and privacy

That said, no method of sending or storing data online is perfectly secure. We do everything we can to protect your information, but we cannot promise it is 100% safe.

6. Your Rights and Choices

Depending on where you live, you may have these rights over your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data to another service
• Opt-out: Opt out of marketing communications
• Objection: Object to processing of your information

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar tools to keep track of how you use our platform and to remember some information. Cookies are small files saved on your device. You can set your browser to block cookies or to let you know when one is being saved.

Types of cookies we use:

• Essential cookies: Required for the platform to function properly
• Analytics cookies: Help us understand how visitors interact with our platform
• Functional cookies: Remember your preferences and settings
• Marketing cookies: Used to deliver relevant advertisements (with your consent)

8. Age Restrictions

Our services are for people aged 18 and over. By using our services, you confirm that you are at least 18 years old. We do not knowingly collect information from anyone under 18. If you are a parent or guardian and think your child has given us their information, please contact us right away at [email protected].

If we find out we have collected information from someone under 18, we will delete it as soon as possible.

9. International Data Transfers and Hosting

Your information may be moved to and used in countries other than where you live. Those countries may have different privacy laws. We make sure your information is protected no matter where it is stored, following this Privacy Policy and UK data protection laws (UK GDPR and Data Protection Act 2018).

9.1 Data Hosting

Our services run on servers provided by OVH SAS, located in France. Your data is stored in EU data centers. OVH operates under European Union data protection standards (EU GDPR) and is subject to applicable privacy legislation including the French Data Protection Act.

9.2 Data Transfers

Your data is stored in the European Union (France). When data is transferred to other service providers (for example, to our payment processor Stripe in the USA), we ensure it is protected through appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the EU and UK, or other accepted legal mechanisms. By using our service, you consent to your data being transferred to and processed in the EU and the USA.

10. Data Retention

We only keep your information for as long as we need to, as described in this policy. If the law requires us to keep it longer, we will do so.

10.1 Retention Periods

• Account Data: Retained while your account is active and for 30 days after account deletion, unless you request earlier deletion.
• Content and Posts: Retained until you delete them or for 30 days after account deletion.
• Payment Records: Retained for 7 years as required by UK tax and accounting laws.
• Support Communications: Retained for 3 years after the last communication.
• Analytics Data: Retained in anonymized form for up to 2 years.

10.2 Deletion Requests

You can ask us to delete your data at any time by emailing [email protected]. We will delete it within 30 days, unless the law or regulations require us to keep it.

11. Data Breach Notification

If there is ever a data breach that could affect you, we will:

• Tell the UK Information Commissioner's Office (ICO) within 72 hours of finding out about the breach.
• Let the people affected know as soon as possible, if they could be at serious risk.
• Give you clear information about what happened, what it could mean, and what we are doing to fix it.
• Act right away to stop and fix the breach.

If you become aware of any security vulnerability or potential breach, please contact us immediately at [email protected].

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page.
• Updating the "Last Updated" date.
• Sending you an email notification (for significant changes).
• Displaying a notice on our platform.

If you keep using our services after changes are made, that means you agree to the updated policy. We suggest checking this page from time to time to stay up to date.

13. Supervisory Authority

If you live in the UK or EU and you feel we have not handled your concerns properly, you can make a complaint to your local data protection authority.

UK Information Commissioner's Office (ICO)

• Website: ico.org.uk
• Phone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

NOVA IMPACT LTD Privacy Team

• Email: [email protected]
• Phone: +44 7477884817
• Company Number: 16126510 (Companies House, UK)
• Registered Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
• Data Protection Officer: [email protected]