Privacy Policy
Effective date: May 10, 2026
C(AI)DENCE (“we,” “us,” or “the platform”) is a multi-tenant marketing intelligence suite used by agencies, brands, and creators to plan, generate, schedule, and publish marketing content. This policy explains what data we collect when you connect third-party services such as LinkedIn, Meta (Facebook / Instagram / WhatsApp), X (Twitter), Google (YouTube), TikTok, Pinterest, Snapchat, and others, and what we do with that data.
1. What we collect
- Account data: the email address, full name, and role you provide when you create a C(AI)DENCE account.
- OAuth tokens for connected services: when you authorize a third-party service (e.g. LinkedIn, LinkedIn Pages, Meta, X, YouTube), we store the resulting access token, refresh token, and the public profile fields the service returns (display name, account id, and — for Pages-style integrations — the list of pages you administer). Tokens are encrypted at rest and used only on your behalf to perform actions you initiate within the platform.
- Content you create or schedule: the text, images, videos, captions, and recipient lists for posts you generate, save, schedule, or publish through the platform.
- Usage logs: standard application logs (timestamps, IP, request path, response status) for security and debugging. Logs are retained for up to 90 days.
2. How we use it
- To authenticate to third-party services on your behalf so we can fulfill your publishing, scheduling, and analytics requests.
- To generate marketing content using AI providers when you prompt the platform to do so. Prompts and outputs are stored on your tenant only.
- To run analytics dashboards over the content and metrics produced inside your tenant.
- To enforce role-based access control across your organization, brand, and team boundaries.
We do not use your content, OAuth tokens, or connected-account data to train AI models, sell to third parties, send promotional messaging, or expose data across tenants.
3. LinkedIn-specific notes
When you connect LinkedIn (sign-in, personal posting) or LinkedIn Pages (Company Page posting), we use only the LinkedIn API endpoints required for the action you take:
userinfoto identify the connecting member and store their LinkedIn id + display name.organizationAclsto list the Company Pages you administer (Pages connector only).ugcPoststo publish posts you author within C(AI)DENCE, with the author URN you select (your member profile or a chosen Company Page).
We do not read your LinkedIn feed, message connections, or perform any action on your account that you have not explicitly initiated through C(AI)DENCE.
4. Sharing
We share data only with the third-party services you have explicitly connected, and only to perform actions you initiate. We do not sell, rent, or trade personal information.
5. Retention & deletion
- OAuth tokens are deleted within minutes of you clicking Disconnect on the relevant tile in Settings → Social Accounts.
- Generated content, scheduled posts, and analytics rows are retained for the lifetime of your tenant unless you delete them individually.
- When you delete your C(AI)DENCE account, all PII (name, email, phone, bio) is anonymized and OAuth tokens are revoked. Audit-log references are retained in anonymized form for compliance integrity.
6. Your rights
You can request a copy of your tenant's data, correction of inaccurate fields, or full account deletion at any time by emailing the address below. We respond within 30 days.
7. Security
All traffic to and from the platform is served over HTTPS. OAuth tokens, password hashes, and other sensitive fields are encrypted at rest. Access to production data is restricted to a small set of authorized engineers and is audit-logged.
8. Changes
We may update this policy as the platform evolves. Material changes will be announced on the dashboard and reflected in the “last updated” date above.
9. Sub-processors
C(AI)DENCE relies on the following sub-processors to deliver the service. Each is bound by a data-processing agreement (or equivalent terms) that prohibits them from training models on our customers' content:
- Anthropic (Claude API) — text generation. No-train per Commercial Terms. Data region: US.
- OpenAI (GPT API) — alternative text generation. No-train on API traffic per API Data Usage Policies. Data region: US.
- Google (Gemini API, optional) — text + image generation, only enabled when an admin sets
GOOGLE_AI_API_KEY. No-train per Google AI terms. Data region: US. - Stripe — billing + payment processing. PCI-DSS Level 1. Data region: US/EU based on customer location.
- SendGrid (Twilio) — transactional email delivery (welcome, password reset, digests). Data region: US.
- Hosting infrastructure — application, Postgres database, Redis broker. Data region: configured per deployment; current production deployment in ap-south-1 (Mumbai).
Local-model deployments (Ollama, llama-server) are self-hosted and process no data outside the tenant. BYO LLM-key customers replace the relevant sub-processor above with their own; we do not see traffic that flows through a BYO key.
10. Governing law & venue
This policy and the underlying Terms of Service are governed by the laws of India, without regard to conflict-of-laws rules. Disputes will be resolved in the courts of Mumbai, India, unless the parties agree in writing to arbitration. Nothing in this section limits any non-waivable right you may have under the laws of your residence.
11. Contact
Questions, data requests, or security reports: contact@kclub.me.