Privacy Policy

{
  "slug": "privacy",
  "title": "Privacy Policy",
  "subtitle": "We are committed to protecting your privacy. This policy explains how TargoNIX collects, uses, and protects your data.",
  "version": "1.0",
  "effectiveDate": "January 1, 2026",
  "lastUpdated": "January 1, 2026",
  "sections": [
    {
      "id": "intro-privacy",
      "heading": "1. Introduction",
      "body": "TargoNIX for Social Media (\"TargoNIX,\" \"we,\" \"our,\" or \"us\") is a professional social media management platform. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Service at targonix.com and related applications.\n\nThis policy applies to all users of the Service, including workspace owners, team members, and visitors to our public website. By using the Service, you acknowledge that you have read and understood this Privacy Policy.\n\n[LEGAL REVIEW: Identify the data controller entity, registered address, and applicable legal basis for processing under GDPR or applicable law. If a Data Protection Officer (DPO) is required, their contact details must be added here.]"
    },
    {
      "id": "data-collected",
      "heading": "2. Information We Collect",
      "body": "We collect the following categories of personal information:\n\n**Account and Profile Data**\nWhen you register for an account, we collect your name, email address, and password (stored in hashed form). You may optionally provide a profile photo and other profile details. If you are invited to join a workspace, we receive your email address from the inviting party.\n\n**Workspace and Collaboration Data**\nWe collect information about the workspaces you create or belong to, including workspace name, timezone settings, team member lists, roles, and activity logs.\n\n**Social Media Integration Data**\nWhen you connect social media accounts to TargoNIX, we store OAuth tokens, account identifiers, account names, and profile metadata from connected platforms (such as Instagram, LinkedIn, Twitter/X, Facebook, TikTok, and others as available). We access these platforms' APIs on your behalf to perform scheduling, publishing, and analytics functions you request.\n\n**Content and Media Data**\nWe store content you create, draft, or schedule through the Service, including text, images, videos, links, and associated metadata. We also store media files you upload to the media library.\n\n**Analytics and Performance Data**\nWe retrieve and store social media performance metrics from connected platforms (such as reach, impressions, engagement, and follower data) to power the analytics and reporting features.\n\n**Billing and Payment Data**\nWhen you subscribe to a paid plan, payment processing is handled by our third-party payment processor. [LEGAL REVIEW: Name the specific payment processor and confirm what billing data TargoNIX directly stores vs. what is handled exclusively by the processor.] We store billing plan information, subscription status, and invoice history, but do not directly store full payment card numbers.\n\n**Usage and Technical Data**\nWe automatically collect certain technical information when you use the Service, including IP address, browser type and version, operating system, device identifiers, pages visited, features used, and timestamps. This data is used to operate, improve, and secure the Service.\n\n**Cookie and Tracking Data**\nWe use cookies and similar technologies as described in our Cookie Policy. This includes session cookies necessary for authentication, preference cookies for settings like language and theme, and analytics cookies where you have consented.\n\n**Email and Notification Data**\nWe store your email communication preferences and may maintain records of transactional emails we send you (such as account confirmations, password resets, publication notifications, and subscription receipts).\n\n**AI Interaction Data**\nWhen you use AI-powered content generation features, we process your prompts and the generated outputs. [LEGAL REVIEW: Clarify whether AI prompts are sent to third-party AI providers, and if so, what data sharing agreements and processing terms apply. This is a material disclosure requirement under GDPR and similar regulations.]"
    },
    {
      "id": "data-use",
      "heading": "3. How We Use Your Information",
      "body": "We use the information we collect for the following purposes:\n\n- **Service delivery:** To operate the platform, execute scheduled posts, retrieve analytics, manage workspace members, and provide all core features you have requested\n- **Account management:** To authenticate your identity, manage your account, send essential account notifications, and process billing\n- **Product improvement:** To analyze usage patterns, diagnose technical issues, and improve the performance and features of the Service\n- **Security:** To detect and prevent fraud, abuse, unauthorized access, and other security incidents\n- **Communications:** To send you transactional emails (required for service delivery) and, where you have consented, product updates and marketing communications\n- **Legal compliance:** To comply with applicable laws, regulations, and lawful requests from public authorities\n\n[LEGAL REVIEW: Under GDPR, each processing purpose requires a documented legal basis (contract performance, legitimate interest, consent, legal obligation). A processing register documenting each legal basis for each data type is required. This section should be expanded with legal bases before EU launch.]"
    },
    {
      "id": "data-sharing",
      "heading": "4. How We Share Your Information",
      "body": "We do not sell your personal information. We may share your information in the following circumstances:\n\n**Service Providers (Processors)**\nWe engage third-party service providers to assist with operating the Service. These include infrastructure hosting providers, payment processors, email delivery services, error monitoring services, and analytics providers. These providers are contractually bound to use your data only to perform services on our behalf.\n\n[LEGAL REVIEW: Provide a complete sub-processor list. Under GDPR Article 28, sub-processor agreements are mandatory. Users should be able to access or request the current sub-processor list.]\n\n**Third-Party Platform APIs**\nWhen you connect social media accounts, we interact with those platforms' APIs on your behalf. Data shared with connected platforms is governed by their respective privacy policies.\n\n**AI Providers**\nAI content generation features may involve sending your prompts to third-party AI providers. [LEGAL REVIEW: Confirm which AI providers are used, disclose them explicitly, and confirm whether data is used for AI training by those providers. This is a significant disclosure requirement.]\n\n**Legal Requirements**\nWe may disclose your information if required by law, court order, regulatory authority, or to protect the rights, property, or safety of TargoNIX, our users, or others.\n\n**Business Transfers**\nIf TargoNIX is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy."
    },
    {
      "id": "retention",
      "heading": "5. Data Retention",
      "body": "We retain your personal information for as long as your account is active and as necessary to provide the Service. When you close your account, we will delete or anonymize your personal data within a reasonable timeframe, subject to the following:\n\n- We may retain certain data for a period necessary to fulfill legal obligations, resolve disputes, or enforce our agreements\n- Billing and transaction records may be retained for accounting and tax compliance purposes\n- Aggregate, anonymized analytics data may be retained indefinitely\n\n[LEGAL REVIEW: Define specific retention periods for each data category. GDPR and other regulations require documented, justified retention periods. Retention schedules should be part of a formal Records of Processing Activities (RoPA) document.]"
    },
    {
      "id": "user-rights",
      "heading": "6. Your Rights and Choices",
      "body": "Depending on your location, you may have the following rights regarding your personal information:\n\n- **Access:** Request a copy of the personal information we hold about you\n- **Correction:** Request correction of inaccurate or incomplete information\n- **Deletion:** Request deletion of your personal information (subject to legal retention obligations)\n- **Portability:** Request your data in a structured, machine-readable format\n- **Objection:** Object to certain processing activities, including direct marketing\n- **Restriction:** Request restriction of processing in certain circumstances\n- **Withdrawal of Consent:** Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing\n\nTo exercise any of these rights, please contact us at privacy@targonix.com. We will respond within the timeframe required by applicable law.\n\n[LEGAL REVIEW: Confirm applicable rights by jurisdiction. EU users under GDPR have specific statutory timeframes (30 days for access requests). CCPA requires separate disclosures for California residents. Other jurisdiction-specific rights may apply.]\n\nYou may also manage certain preferences directly in your account settings, including email notification preferences and cookie consent settings."
    },
    {
      "id": "security",
      "heading": "7. Security",
      "body": "We implement industry-standard technical and organizational measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include encryption in transit (TLS), password hashing, access controls, and regular security reviews.\n\nWhile we take reasonable steps to protect your information, no security system is impenetrable. We cannot guarantee absolute security. In the event of a data breach that is likely to result in significant risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.\n\n[LEGAL REVIEW: Define specific breach notification timeframes and procedures. GDPR requires notification to supervisory authorities within 72 hours.]"
    },
    {
      "id": "international-transfers",
      "heading": "8. International Data Transfers",
      "body": "[LEGAL REVIEW: This section requires significant legal counsel input before EU launch. The following is a structural placeholder only.]\n\nTargoNIX and its service providers may process your personal data in countries other than your country of residence. Where personal data is transferred from the European Economic Area (EEA) to a country not deemed adequate by the European Commission, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other valid transfer mechanisms.\n\n[LEGAL REVIEW: Identify all countries where data is processed, document transfer mechanisms for each, and include any required Article 49 derogations if applicable.]"
    },
    {
      "id": "children",
      "heading": "9. Children's Privacy",
      "body": "The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information promptly.\n\nIf you believe a child under 18 has provided personal information to us, please contact us at privacy@targonix.com."
    },
    {
      "id": "cookies-ref",
      "heading": "10. Cookies and Tracking Technologies",
      "body": "We use cookies and similar technologies to operate the Service and, where you have consented, to analyze usage and deliver a personalized experience. For full details on the cookies we use and how to manage your preferences, please review our Cookie Policy at /legal/cookies."
    },
    {
      "id": "changes-privacy",
      "heading": "11. Changes to This Privacy Policy",
      "body": "We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by displaying a notice within the Service before changes take effect. The \"Last Updated\" date at the top of this document indicates when the most recent revision was made.\n\nYour continued use of the Service after the revised Privacy Policy takes effect constitutes your acknowledgment of the changes."
    },
    {
      "id": "contact-privacy",
      "heading": "12. Contact and Supervisory Authority",
      "body": "For privacy-related inquiries, to exercise your rights, or to report a concern, please contact us:\n\nTargoNIX for Social Media\nPrivacy Inquiries: privacy@targonix.com\nWebsite: www.targonix.com\n\n[LEGAL REVIEW: Add registered business address, company name and registration number, and Data Protection Officer (DPO) contact if required under applicable law.]\n\nIf you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. [LEGAL REVIEW: Name the relevant supervisory authority based on business establishment location.]"
    }
  ]
}