Legal

Privacy Policy

What we collect, why we collect it, and how we handle your data.

Last updated: April 21, 2026

Short version: we collect the minimum we need to run the product, we don't sell your data, your content isn't used to train shared models, and you can export or delete it at any time.

What we collect

Three buckets:

  • Account data — name, email, workspace info, billing details. Needed to give you an account and bill you.
  • Product data — briefs, drafts, posts, analytics, brand kit assets. This is your content. You control it.
  • Technical data — IP, device, browser, logs, crash reports. Needed for security, performance, and debugging.

Channel integrations

When you connect Instagram, TikTok, YouTube, or any other platform, Publick receives a scoped OAuth token from that platform. We store tokens encrypted at rest, refresh them on your behalf, and use them only for the actions you've enabled (posting, reading analytics, etc.). You can revoke access from Settings → Channels.

Models & training

Your content is not used to train shared or foundation models. When we fine-tune, it's on a per-workspace basis so the patterns learned from your brand only improve your brand's drafts. Sub-processors (e.g., LLM providers) receive prompts under zero-retention agreements where available.

How we use data

  • Operate and improve the product.
  • Send essential service notifications (never optional marketing without opt-in).
  • Detect abuse, fraud, and security threats.
  • Comply with legal obligations when required.

Who we share with

Only sub-processors that help us run the service — hosting, monitoring, billing, support. We maintain a current list at publick.ai/subprocessors. We don't sell personal data, ever.

Your rights

Depending on where you live, you may have the right to access, correct, export, delete, or restrict processing of your data. Most of these are self-serve in the app; the rest you can exercise by emailing privacy@publick.ai. We respond within 30 days.

Retention

We keep account and product data while you're a customer, plus 30 days after you cancel so you can change your mind. Technical logs are kept for 90 days. Backups are encrypted and cycled within 35 days.

International transfers

Publick is headquartered in the US and uses globally distributed infrastructure. When we move personal data out of the EEA or UK, we rely on Standard Contractual Clauses and equivalent mechanisms.

Kids

Publick isn't for anyone under 16. If you think a minor is using the product, email privacy@publick.ai and we'll handle it.

Changes

We'll update this page as the product and regulations evolve. Material changes are announced in-app and by email at least 30 days before they take effect.

Contact

Privacy inquiries go to privacy@publick.ai. Our DPO can be reached at the same address.