Your feed is yours. We are built to hold as little as possible.
This Privacy Policy explains what FeedPilot processes, why, how long we keep it, and how you can delete or control it. FeedPilot is designed around data minimization and purpose limitation: it works after a feed is rendered and only handles what is needed to score the item you are looking at, for as long as your session requires it.
Who we are
The FeedPilot operating legal entity, registered address, and VAT number will be confirmed before paid launch. For any privacy question or to exercise your rights, contact [email protected].
What we process
- On-device session data. Your goal, settings, action permissions, and the visible content of the single item being reviewed, such as caption, on-screen text, likely author, hashtags, mentions, engagement counts, media kind, duration, platform, and local classification state.
- Free, on-device mode. Classification runs locally. Feed-item content does not leave your device.
- Cloud mode. If you use cloud classification, we send the minimal item features needed for scoring to our API and model provider. If vision is enabled, one downscaled frame may be sent for classification. Raw frames are not stored.
- Account data. Email, authentication identifiers, optional name, plan status, extension connection data, saved goals, synced settings, usage counters, and subscription status.
- Reports and analytics. Session summaries, goal-fit scores, risk scores, confidence scores, decisions, explanations, platforms, timestamps, report summaries, and feed convergence analytics.
- Billing data. Payment processing is handled by our payment provider. We receive and store subscription status, customer identifiers, invoice metadata, and entitlement information. We do not store full card numbers.
- Support and security data. Messages you send us, diagnostic details you provide, request metadata, security logs, and records needed to keep the Service reliable and secure.
- Website data. This marketing site uses only strictly necessary storage. We do not use advertising cookies or third-party tracking cookies. Any future optional analytics will be gated behind consent.
What we never do
- We never ask for or store your social media password.
- We never store social cookies or session tokens.
- We never run your social account from a server.
- We never sell your data or use it to build advertising profiles. The business runs on subscriptions.
- We never store raw feed frames or a raw feed history.
Why we process data
- To provide feed scoring, explanations, reports, account syncing, and plan entitlements.
- To process payments, invoices, subscription status, and billing support.
- To secure the Service, prevent abuse, debug failures, and maintain reliability.
- To answer support requests and comply with legal obligations.
Legal bases under GDPR
- Performance of a contract, to provide the agent and account features you sign up for.
- Legitimate interests, to keep the Service secure, reliable, abuse-resistant, and useful.
- Consent, for optional features or future optional analytics where consent is required.
- Legal obligation, for records we must keep for tax, accounting, payment, or compliance reasons.
Retention
- Local extension data. Goals, settings, local classification results, and local caches stay on your device until you clear them from the extension or uninstall it.
- Cloud session item data. Minimal item features are processed transiently for scoring and are not retained as a raw feed history. Raw frames are not stored.
- Cloud reports and account memory. Reports, feed convergence analytics, synced goals, and settings are kept until you delete them, close your account, or ask us to delete them.
- Account and authentication data. Kept while your account exists and deleted when you close the account, except for limited records we are legally required to retain.
- Billing and legal records. Kept only as long as required for tax, accounting, payment disputes, fraud prevention, security, or legal claims.
- Backups. Deleted data may remain in encrypted backups until those backups expire in the ordinary backup cycle.
Deletion and export
You can export or delete local extension data from the extension. In the account page, you can delete cloud reports, synced goals, settings, and older usage history, and you can close your account. Account closure deletes product data such as cloud reports, saved goals, account settings, feed convergence analytics, and extension connection data. We keep only the limited records we are legally required to keep, such as billing, tax, fraud-prevention, security, or legal-claims records. Raw feed frames, social passwords, cookies, and session tokens cannot be deleted from FeedPilot because FeedPilot does not store them.
Your rights
Subject to applicable law, you have the right to access, rectify, erase, restrict, and port your data, to object to certain processing, and to withdraw consent where processing is based on consent. You can exercise local data controls directly in the extension and account data controls from the account page. You can also contact [email protected]. You may lodge a complaint with your local supervisory authority. If FeedPilot is established in Belgium, the relevant authority is the Belgian Data Protection Authority.
Sub-processors and transfers
We use providers for hosting, authentication, model inference, payments, email, support, security, and infrastructure. Some providers may process data outside the EEA. Where required, we rely on adequacy decisions or appropriate safeguards such as Standard Contractual Clauses. A current sub-processor list is available on request and will be published before paid launch.
Security
We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege handling of secrets, data minimization, security logging, and separation between local and cloud processing. No internet service can be guaranteed perfectly secure, but the product is designed to reduce the amount of data at risk.
Children
FeedPilot is not directed to children under the age required by your jurisdiction. Parental-control use is designed to be configured and operated by an adult with the necessary authority.
Changes
We will update this policy as the product and our providers are finalized, and will note the version and date at the top.
See also our Terms of Service and Data Processing Agreement.