Privacy Policy

Tempoweb Studio, registered in the Netherlands, is the data controller for the personal data processed through TempoFlow. For questions about data processing, contact us at support@tempowebstudio.nl.

Account Information

• Full name and email address (provided during registration)
• Profile information from Google OAuth (name, email, profile picture) if you sign in with Google
• Workspace and brand configuration data

Social Media Account Data

• OAuth access tokens and refresh tokens (stored encrypted using AES-256-GCM)
• Social media account names, IDs, and profile information
• Content you create, schedule, and publish through the platform

Usage Data

• Pages visited, features used, and actions taken within the platform
• IP address and browser information
• AI conversation history and generated content

Analytics Data

• Post performance metrics retrieved from connected social media platforms
• Engagement statistics (impressions, reach, likes, comments, shares)

We process your personal data for the following purposes:

• Service delivery — to provide, maintain, and improve TempoFlow
• Authentication — to verify your identity and manage your account
• Content publishing — to publish content to your connected social media accounts on your behalf
• AI content generation — to generate content using AI providers based on your prompts and brand configuration
• Analytics — to retrieve and display performance data for your published content
• Communication — to send service-related notifications and updates
• Security — to detect and prevent fraud, abuse, and security incidents

We process your data based on:

• Contract performance — processing necessary to provide the service you signed up for
• Legitimate interest — service improvement, security, and fraud prevention
• Consent — where you have given explicit consent (e.g., connecting social accounts)

We share data with the following categories of third-party services:

• Supabase (database and authentication) — stores your account data and content
• Google (OAuth authentication) — processes authentication when you sign in with Google
• Social media platforms (Meta/Facebook, Instagram, LinkedIn, TikTok, Threads, YouTube, Pinterest) — receives content you publish and provides analytics data
• AI providers (OpenAI, Anthropic, Google AI) — processes your prompts and brand context to generate content. Content sent to AI providers is not used for model training.
• Vercel (hosting) — hosts and serves the application

We implement appropriate technical and organizational measures to protect your data:

• Social media access tokens are encrypted using AES-256-GCM before storage
• All data is transmitted over HTTPS/TLS
• Row-level security (RLS) policies ensure workspace-level data isolation
• Service role keys and encryption keys are stored as environment variables, not in source code

When you connect a social media account (Facebook, Instagram, LinkedIn, TikTok, Threads, YouTube, or Pinterest) to TempoFlow, we collect and store the following data per platform:

• Profile image, display name, username, and account/page ID
• OAuth access tokens and refresh tokens (encrypted using AES-256-GCM)
• Content you create and publish through TempoFlow
• Post engagement data (impressions, reach, likes, comments, shares)

Revoking Access

You can revoke TempoFlow's access to your social media accounts at any time by:

• Disconnecting the account within TempoFlow's brand settings
• Removing TempoFlow from your social media platform's app settings (e.g., Facebook Settings > Apps and Websites)
• Contacting us at support@tempowebstudio.nl

Data Deletion

When you revoke access or request data deletion, we will delete all associated data (access tokens, account information, and scheduled posts) within 30 days. For Meta (Facebook/Instagram), we support automatic data deletion callbacks — when you remove TempoFlow from your Facebook settings, your data is deleted automatically and you will receive a confirmation code to check the deletion status.

YouTube API Services

TempoFlow uses YouTube API Services. By connecting your YouTube account, you agree to be bound by the YouTube Terms of Service and Google Privacy Policy. You can revoke TempoFlow's access to your YouTube data via the Google security settings page.

We retain your personal data for as long as your account is active or as needed to provide the service. When you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Audit logs may be retained for up to 12 months for security purposes.

Under the GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Restriction — request restriction of processing
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdraw consent — withdraw consent at any time without affecting prior processing

To exercise these rights, contact us at support@tempowebstudio.nl. We will respond within 30 days.

Your data may be processed in countries outside the European Economic Area (EEA), including the United States (where our hosting and AI providers operate). We ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data in compliance with GDPR.

We use essential cookies to maintain your authentication session. For more information, see our Cookie Policy.

TempoFlow is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the service. The "Effective date" at the top of this page indicates when the policy was last updated.

For questions or complaints about data processing, contact us at support@tempowebstudio.nl. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.