Privacy Policy

MannaSync Solutions Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the AutoTweet AI service ("Service"), including our website at autotweet.mannasyncsolutions.com and all related applications, features, and content.

This Privacy Policy applies to all users of the Service, regardless of location. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union and the California Consumer Privacy Act (CCPA) for users in California.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY.

We collect several types of information from and about users of our Service:

2.1 Personal Information You Provide

• Account Information: When you create an account using Google OAuth authentication, we collect your name, email address, and profile picture from your Google account.
• Twitter/X Account Information: When you connect your Twitter/X account, we collect your Twitter username, display name, profile information, and OAuth access tokens required to post on your behalf.
• Payment Information: When you subscribe to a paid plan, our payment processor Stripe collects your billing information including credit card details, billing address, and payment history. We do NOT store your complete credit card numbers on our servers.
• Communications: If you contact us via email or support channels, we collect the contents of your messages, attachments, and contact information.

2.2 Content You Create

• Tweet templates, rules, and content preferences you configure
• Custom topics, keywords, and writing style preferences
• AI-generated tweets created through the Service
• Content sources, documents, or reference materials you upload
• Scheduling settings and automation configurations
• Feedback, ratings, and performance data you provide

2.3 Automatically Collected Information

• Usage Data: Information about how you use the Service, including features accessed, tweets generated, posting frequency, and engagement metrics.
• Device Information: IP address, browser type and version, device type, operating system, unique device identifiers, and mobile network information.
• Log Data: Server logs, access times, pages viewed, time spent on pages, referring URLs, and crash reports.
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar tracking technologies (see Section 11 for details).

2.4 Information from Third-Party Services

• Twitter/X API: Tweet performance metrics, follower counts, engagement statistics, and account analytics accessed through Twitter's API.
• Google OAuth: Profile information from your Google account as permitted by your Google privacy settings.
• Stripe: Payment transaction data, subscription status, and billing history.

2.5 Sensitive Personal Information

We do NOT intentionally collect sensitive personal information such as:

• Social Security numbers, driver's license numbers, or government identification
• Financial account numbers (except through Stripe's secure payment processing)
• Health or medical information
• Biometric data
• Genetic data
• Information about race, ethnicity, political opinions, religious beliefs, or sexual orientation

If you include such information in your user-generated content (templates, tweets, etc.), you do so at your own risk and responsibility.

We use the information we collect for the following purposes:

3.1 Service Provision

• Creating and managing your account
• Authenticating your identity and authorizing access
• Generating AI-powered tweet content based on your preferences
• Posting tweets to your connected Twitter/X accounts
• Scheduling and automating content posting
• Providing analytics and performance tracking
• Managing multi-account features (for Business plan users)

3.2 Payment Processing

• Processing subscription payments and managing billing
• Issuing invoices and receipts
• Handling refunds and payment disputes
• Preventing fraudulent transactions

3.3 Service Improvement

• Analyzing usage patterns to improve AI content generation
• Developing new features and functionality
• Conducting research and analytics
• Testing and optimizing Service performance
• Training and improving AI models (using aggregated, anonymized data)

3.4 Communication

• Sending transactional emails (account verification, password resets, payment confirmations)
• Providing customer support and responding to inquiries
• Sending service announcements and updates
• Notifying you of important changes to the Service or policies
• Sending marketing communications (with your consent, where required by law)

3.5 Security and Compliance

• Detecting, preventing, and investigating fraud, abuse, and security incidents
• Enforcing our Terms of Service and policies
• Complying with legal obligations and responding to lawful requests
• Protecting the rights, property, and safety of our users and the public
• Maintaining audit logs and security records

3.6 Legal Basis for Processing (GDPR)

For users in the European Union, our legal bases for processing personal data include:

• Contract Performance: Processing necessary to provide the Service you've requested
• Consent: Where you have given explicit consent for specific processing activities
• Legitimate Interests: Processing necessary for our legitimate business interests (service improvement, security, analytics)
• Legal Obligation: Processing required by law

We do NOT sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Service:

• Firebase/Google Cloud Platform: Cloud hosting, database storage, authentication services, and infrastructure
• Stripe: Payment processing and subscription management
• AI Service Providers: Third-party AI models and APIs for content generation (e.g., OpenAI, Anthropic, or similar providers)
• Analytics Providers: Service analytics and performance monitoring
• Email Service Providers: Transactional and marketing email delivery

These service providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

4.2 Twitter/X Platform

When you authorize us to post to your Twitter/X account, we transmit tweet content and posting instructions to Twitter's API. This data is subject to Twitter's Privacy Policy and Terms of Service.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of the transaction. We will notify you via email or prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoenas, court orders, search warrants)
• Government or regulatory requests
• Law enforcement investigations
• National security requirements

4.5 Safety and Rights Protection

We may disclose information when we believe it is necessary to:

• Protect the safety of any person from death or serious bodily injury
• Prevent fraud, abuse, or attacks on the Service
• Enforce our Terms of Service or investigate violations
• Protect our rights, property, or safety

4.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, analytics, marketing, or other purposes. This includes aggregate usage statistics, industry benchmarks, and trend analysis.

4.7 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

Third-Party Integrations

AutoTweet AI integrates with the following third-party services:

Third-Party Responsibility

We are not responsible for the privacy practices or content of these third-party services. We encourage you to review their privacy policies before using the Service. When you interact with these third parties, their terms and policies govern your relationship with them.

Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. This Privacy Policy applies only to information collected by AutoTweet AI.

Security Measures

We implement industry-standard security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols (HTTPS).
• Encryption at Rest: Sensitive data stored in our databases is encrypted using industry-standard encryption algorithms (AES-256). This includes OAuth tokens, user content, and personal information.
• Access Controls: We implement role-based access controls (RBAC) to limit access to personal data to only authorized personnel who need it to perform their job functions.
• Authentication: We use secure authentication mechanisms including OAuth 2.0, session management, and secure token storage.
• Network Security: Firewalls, intrusion detection systems, and network segmentation protect our infrastructure.
• Security Monitoring: We continuously monitor our systems for security threats, vulnerabilities, and suspicious activity.
• Regular Updates: We regularly update our software, libraries, and infrastructure to patch security vulnerabilities.
• Secure Development: We follow secure coding practices and conduct security reviews of our code.
• Vendor Security: We require our third-party service providers to maintain appropriate security standards and comply with data protection requirements.

Data Breach Response

In the event of a data breach affecting your personal information, we will:

• Promptly investigate the incident and take steps to mitigate harm
• Notify affected users via email within 72 hours of discovering the breach (as required by GDPR)
• Notify relevant regulatory authorities as required by applicable law
• Provide information about the nature of the breach and steps you can take to protect yourself
• Implement additional security measures to prevent future incidents

Your Security Responsibilities

While we implement robust security measures, you also play a critical role in protecting your information:

• Maintain the confidentiality of your Google account credentials
• Do not share your account access with others
• Log out of your account when using shared devices
• Report any unauthorized access or suspicious activity immediately
• Keep your devices and software up to date with security patches
• Be cautious of phishing attempts or fraudulent communications

Security Limitations

NO METHOD OF TRANSMISSION OR STORAGE IS 100% SECURE. While we strive to protect your personal information, we cannot guarantee absolute security. You use the Service at your own risk.

Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

Legal and Business Reasons for Extended Retention

We may retain certain information beyond the standard retention periods when necessary for:

• Compliance with legal obligations (tax, accounting, regulatory reporting)
• Resolving disputes or enforcing agreements
• Fraud prevention and security investigations
• Protecting against legal claims
• Business continuity and disaster recovery

Anonymization

When personal information is no longer needed, we either delete it or anonymize it so that it can no longer be linked to you. Anonymized data may be retained indefinitely for analytics, research, and service improvement.

Backup and Archival Data

Deleted data may persist in backup systems for up to 90 days before being permanently removed. Backup data is not accessible for normal business operations and is maintained solely for disaster recovery.

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable laws.

Universal Rights (All Users)

• Right to Access: You can request a copy of the personal information we hold about you.
• Right to Correction: You can request that we correct inaccurate or incomplete personal information.
• Right to Deletion: You can request deletion of your personal information, subject to certain exceptions.
• Right to Data Portability: You can request a copy of your data in a machine-readable format (JSON, CSV).
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time.

How to Exercise Your Rights

You can exercise these rights by:

• Account Settings: Many rights can be exercised directly through your account settings (update profile, delete account, export data).
• Email Request: Send a detailed request to tweetapp@mannasyncsolutions.com with the subject line "Privacy Rights Request."

Verification Process

To protect your privacy, we will verify your identity before processing requests. We may ask you to:

• Confirm ownership of the email address associated with your account
• Provide additional identifying information
• Log in to your account to confirm your identity

Response Timeframe

We will respond to privacy rights requests:

• Within 30 days for most requests
• Within 45 days for complex requests (we will notify you of any extension)
• Within the timeframes required by applicable law (GDPR, CCPA, etc.)

Limitations and Exceptions

We may decline requests that are:

• Excessive, repetitive, or manifestly unfounded
• Technically infeasible or would require disproportionate effort
• Likely to adversely affect the rights and freedoms of others
• Required to be retained by law or for legal claims
• Necessary for security, fraud prevention, or public interest

If we decline your request, we will explain the reason and inform you of your right to appeal or file a complaint with a supervisory authority.

No Discrimination

We will not discriminate against you for exercising your privacy rights. You will not be denied service, charged different prices, or provided a different level of service solely for exercising your rights.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Your GDPR Rights

• Right to Access (Article 15): Obtain confirmation of whether we process your data and access to that data.
• Right to Rectification (Article 16): Correct inaccurate or incomplete personal data.
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Article 18): Request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used format and transmit it to another controller.
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contract (Article 6(1)(b)): Processing necessary to perform our contract with you (providing the Service).
• Consent (Article 6(1)(a)): Marketing communications, optional features, non-essential cookies.
• Legitimate Interests (Article 6(1)(f)): Service improvement, analytics, fraud prevention, security.
• Legal Obligation (Article 6(1)(c)): Compliance with tax, accounting, and regulatory requirements.

Data Controller

MannaSync Solutions Inc. is the data controller responsible for your personal information under GDPR.

Data Protection Officer

For GDPR-related inquiries, you can contact our data protection team at:
tweetapp@mannasyncsolutions.com
Subject Line: "GDPR / Data Protection Inquiry"

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your supervisory authority at: EDPB Member List

International Data Transfers

Your data may be transferred to and processed in the United States or other countries outside the EEA. We implement appropriate safeguards for such transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Reliance on adequacy decisions where applicable
• Contractual obligations with service providers to protect your data

Automated Decision-Making

We do NOT use automated decision-making or profiling that produces legal effects or similarly significantly affects you. AI content generation is a tool you control; final posting decisions remain with you.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your CCPA Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Data Portability: Request a copy of your personal information in a portable format.
• Right to Opt-Out of Sale/Sharing: We do NOT sell or share your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information:We do not use sensitive personal information for purposes beyond those permitted by law.
• Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, account ID, IP address, device identifiers
• Commercial Information: Subscription tier, payment history, purchase records
• Internet Activity: Browsing history, search history, interaction with the Service
• Geolocation Data: Approximate location based on IP address
• Professional Information: Twitter/X account information, content preferences
• Inferences: Content preferences, usage patterns, engagement trends

Categories of Sources

We collect personal information from:

• Directly from you (account registration, content creation, settings)
• Automatically through your use of the Service (usage data, logs)
• Third parties (Google OAuth, Twitter/X API, Stripe)

Business Purposes for Collection

We collect and use personal information for:

• Providing and maintaining the Service
• Processing transactions and payments
• Customer support and communication
• Service improvement and analytics
• Security, fraud prevention, and legal compliance
• Marketing (with consent)

Categories of Third Parties

We share personal information with:

• Service providers (Firebase, Stripe, AI providers)
• Social media platforms (Twitter/X)
• Analytics providers
• Payment processors

Sale of Personal Information

WE DO NOT SELL YOUR PERSONAL INFORMATION.

We have not sold personal information in the past 12 months and do not sell the personal information of minors under 16 years of age.

How to Exercise CCPA Rights

To exercise your CCPA rights, you can:

• Email us at: tweetapp@mannasyncsolutions.com (Subject: "CCPA Privacy Request")
• Use the data export and account deletion features in your account settings

We will verify your identity before processing your request and respond within 45 days (extendable to 90 days for complex requests).

Authorized Agent

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization and you must verify your identity directly with us.

Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. We use cookies and similar tracking technologies (web beacons, pixels, local storage) to provide, secure, and improve our Service.

Types of Cookies We Use

Third-Party Cookies

Third-party service providers may set their own cookies when you use the Service:

• Google (Firebase, OAuth): Authentication and service functionality
• Stripe: Payment processing
• Twitter/X: OAuth authentication

Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or delete cookies. Consult your browser's help documentation.
• Cookie Preferences: Adjust cookie settings through our cookie consent banner (if applicable).
• Third-Party Opt-Outs: Use tools like the Network Advertising Initiative opt-out page or Google Analytics opt-out.

Note: Disabling essential cookies may prevent you from using certain features of the Service.

Do Not Track (DNT)

Some browsers support a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals because there is no industry-wide standard for how to interpret them. We will update this policy if standards are adopted.

Local Storage

In addition to cookies, we use browser local storage and session storage to store preferences and temporary data. You can clear this data through your browser settings.

Age Restriction

AutoTweet AI is NOT intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

COPPA Compliance

In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect or maintain information from persons under 13 years of age. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible.

Parental Notice

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at tweetapp@mannasyncsolutions.com so we can delete the information.

Verification

By using the Service, you represent and warrant that you are at least 18 years of age. We reserve the right to request proof of age and to terminate accounts of users who do not meet the age requirement.

Data Processing Locations

AutoTweet AI is operated from the United States, and your information may be stored and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.

Safeguards for International Transfers

When we transfer personal information from the EEA, UK, or Switzerland to countries that have not received an adequacy decision from the European Commission, we implement appropriate safeguards:

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our service providers to protect data transferred outside the EEA.
• Data Processing Agreements: Contracts with third-party processors include data protection obligations.
• Security Measures: Encryption, access controls, and security protocols protect data in transit and at rest.
• Vendor Assessments: We evaluate the data protection practices of service providers before transferring data.

Service Provider Locations

Our primary service providers operate in the following regions:

• Firebase/Google Cloud: Data centers worldwide, with regional data residency options
• Stripe: United States and global processing centers
• AI Providers: Varies by provider (typically United States)

Your Consent

By using the Service, you consent to the transfer of your information to the United States and other countries for processing. If you do not consent to such transfers, please do not use the Service.

Access to Transfer Safeguards

You may request a copy of the safeguards we have in place for international data transfers by contacting us at tweetapp@mannasyncsolutions.com.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in:

• Our data practices or Service features
• Legal or regulatory requirements
• Industry standards or best practices
• Technology or security enhancements

Notice of Material Changes

When we make material changes that affect your rights or how we process your personal information, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Send you an email notification (to the email address associated with your account)
• Display a prominent notice on the Service or dashboard
• For significant changes, request your consent where required by law

Review and Acceptance

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after we post or send notice of changes constitutes your acceptance of the updated Privacy Policy.

Objection to Changes

If you do not agree to the updated Privacy Policy, you must stop using the Service and may delete your account. For material changes that require consent, we will provide an opt-in mechanism before applying the changes to your account.

Historical Versions

We maintain archived versions of previous Privacy Policies. You may request access to historical versions by contacting us at tweetapp@mannasyncsolutions.com.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: